eRIPP-FS: Enforcing privacy and security in RFID

Mauro Conti, Roberto di Pietro, Luigi V. Mancini, Angelo Spognardi

Research output: Contribution to journalArticlepeer-review

5 Scopus citations


In RFID systems addressing security issues, many authentication techniques require the tag to keep some sort of synchronization with the reader. In particular, this is true in those proposals that leverage hash chains. When the reader and the tag get de-synchronized, possibly by an attacker, this paves the way to several denial of service (DoS) attacks, as well as threatening privacy (e.g., via the timing attack). Even if de-synchronization happens for non-malicious causes, this event has a negative effect on performances (for instance, slowing down the authentication process). In this paper, we provide a solution to cope with the de-synchronization between the tag and the reader when hash chains are employed. In particular, our solution relies on mutual reader-tag authentication, achieved via hash traversal and Merkle tree techniques. We show that this techniques applied to an existing security protocol for RFID systems, such as RIPP-FS, make timing attacks hard to succeed. Moreover, the proposed solutions can be transparently and independently adopted by similar security protocols as well to thwart timing attack and/or to provide reader-tag mutual authentication. Finally, extensive simulations show that our proposal introduces a negligible overhead to recover desynchronization. © 2009 John Wiley & Sons, td.
Original languageEnglish (US)
Pages (from-to)58-70
Number of pages13
JournalSecurity and Communication Networks
Issue number1
StatePublished - Jan 1 2010
Externally publishedYes

Bibliographical note

Generated from Scopus record by KAUST IRTS on 2023-09-20

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications


Dive into the research topics of 'eRIPP-FS: Enforcing privacy and security in RFID'. Together they form a unique fingerprint.

Cite this