RFID system (Radio-Frequency Identification) is a technology for automated identification of objects and people. Human beings are smart enough to identify an object under a variety of challenge circumstances. RFID systems are emerging as one of the most pervasive computing technologies. But there are still a large number of problems that are to be addressed. One of the fundamental issues still to be addressed is privacy, which concludes association threat, location threat, preference threat, constellation threat, transaction threat, action threat and breadcrumb threat (Kim, J., Yang, C, Jeon, J,2007). Misbehaviours of both readers and tags will lead to attacks to the system. The common attacks on the readers, tags and the air interface between them comprise: Tracking or Tracing, Tamper, Clandestine Scanning, Counterfeit Tags, Cloning Tags, Eavesdropping, Replay, man-in-the-middle attack, Spoofing, Differential power analysis, Timing Attacks, Denial of Service, Physical Attacking and so on (P. Cuenca and L. Orozco-Barbosa, 2006.),(Kim, J., Yang, C, Jeon, J, 2007). Due to scarceness of resources most of the proposed protocols were designed using symmetric key cryptographic algorithms. However, it has been shown that it is inevitable to use public-key cryptographic algorithms to satisfy these requirements.

A number of mechanisms have been devised   to overcome the problems related to security and privacy issue of RFID systems. In this paper we propose three anonymous RFID authentication protocols and prove that they are secure in the traditional cryptographic framework. Our model allows most of the threats that apply to RFIDs systems including, denial of service, impersonation, malicious traceability, information leakage through power analysis and active man-in-the middle attacks. Our protocols are efficient and scalable.

RFID, Authentication, Privacy, Scalability, Counterfeiting, Cloning.

K. Takaragi, M. Usami, R. Imura, R. Itsuki, and T. Satoh. An ultra Small individual recognition security chip. IEEE Micro, 21(6):43–49, 2001.

D. White. NCR: RFID in retail. In S. Garfinkel and B. Rosenberg, editors, RFID: Applications, Security, and Privacy, pages 381–395. Addison-Wesley, 2005.

EPCglobal Web site, 2005. Referenced 2005 at

http://www.EPCglobalinc.org.

S. E. Sarma, S. A. Weis, and D.W. Engels. RFID systems, security and

privacy implications. Technical Report MIT-AUTOID-WH-014, AutoID Center, MIT, 2002.

Merloni unveils RFID appliances. RFID Journal, 4 April 2003. Referenced 2005 at http://www.rfidjournal.com/article/articleview/369/1/1/.

K. P. Fishkin, M. Wang, and G. Borriello. A ubiquitous system for medication monitoring. In Pervasive 2004, 2004. Available as ‘A Flexible, Low-Overhead Ubiquitous System for Medication Monitoring, Intel Research Seattle Technical Memo IRS-TR-03-011,25 October 2003.

K. Fishkin and J. Lundell. RFID in healthcare. In S. Garfinkel and B. Rosenberg, editors, RFID: Applications, Security, and Privacy, pages 211–228. Addison-Wesley, 2005.

M. Baard. RFID invades the capital. Wired News, 7 March 2005. Referenced 2005 at http://www.wired.com/news/privacy/0,1848,66801,00.html.

C. Kocher, J. Jaffe and B. June . Differential Power Analysis,CRYPTO99

M. Feldhofer, S. Dominikus, and J. Wolkerstorfer. Strong Authentication for RFID Systems Using the AES Algorithm. In M. Joye and J.-J. Quisquater, editors, Cryptographic Hardware and Embedded Systems, CHES 2004, volume LNCS 3156, pages 357-370. Springer, 2004.

Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest, and Daniel W. Engels ”Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems”, in The First International Conference on Security in Pervasive

Computing SPC 2003, March 2003.

Gildas Avoine and Philippe Oechslin ”A Scalable and Provably Secure Hash-Based RFID Protocol”, The 2nd IEEE International Workshop on Pervasive Computing and Communication Security Persec 2005, March 2005.

Xingxin Grace Gao, Zhe Xiang, HaoWang, Jun Shen, Jian Huang and Song Song ”An Approach to Security and Privacy of RFID System for Supply Chain”, Proceedings of the IEEE International Conference on E-Commerce

Technology for Dynamic E-Business (CEC-East04), 2004.

Martin Feldhofer Martin Feldhofer, An Authentication Protocol in a Security Layer for RFID Smart Tags, IEEE MELECON 2004, May 2004.

P. Tuyls, B. Skoric, S. Stallinga, A.H.M. Akkermans, and W. Ophey. Information theoretical security analysis of physical unclonable functions. In A.S. Patrick and M. Yung, editors, Proceedings of 9th Financial Cryptography and Data Security Conference, volume 3570 of Lecture Notes in Computer Science, pages 141{155. Springer-Verlag, 2005.

D. Johnson and A. Menezes. The elliptic curve digital signature algorithm (ECDSA). Technical Report CORR 99-34, Department of Combinatorics & Optimization, University of Waterloo, Canada, February 24 2000. http://www.cacr.math.uwaterloo.ca.

M. Joye and S.-M. Yen. The montgomery powering ladder. In B. S. Kaliski Jr., CK. Kove, and C. Paar, editors, Proceedings of 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES), number 2523 in Lecture Notes in Computer Science, pages 291{302. Springer-Verlag, 2002.

A. Juels. Strengthening EPC Tags against Cloning. March 2005. manuscript.

A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.

P. Montgomery. Speeding the pollard and elliptic curve methods of factorization. Mathematics of Computation, Vol. 48:243{264, 1987.