A Case Against Currently Used Hash Functions in RFID Protocols

Transcription

1 A Case Against Currently Used Hash Functions in RFID Protocols Martin Feldhofer and Christian Rechberger Graz University of Technology Institute for Applied Information Processing and Communications Inffeldgasse 16a, A 8010 Graz, Austria {Martin.Feldhofer,Christian.Rechberger}@iaik.tugraz.at Abstract. Designers of RFID security protocols can choose between a wide variety of cryptographic algorithms. However, when implementing these algorithms on RFID tags fierce constraints have to be considered. Looking at the common assumption in the literature that hash functions are implementable in a manner suitable for RFID tags and thus heavily used by RFID security protocol designers we claim the following. Current standards and state-of-the-art low-power implementation techniques favor the use of block ciphers like the Advanced Encryption Standard (AES) instead of hash functions from the SHA family as building blocks for RFID security protocols. In turn, we present a low-power architecture for the widely recommended hash function SHA-256 which is the basis for the smallest and most energy-efficient ASIC implementation published so far. To back up our claim we compare the achieved results with the smallest available AES implementation. The AES module requires only a third of the chip area and half of the mean power. Our conclusions are even stronger since we can show that smaller hash functions like SHA-1, MD5 and MD4 are also less suitable for RFID tags than the AES. Our analysis of the reasons of this result gives some input for future hash function designs. 1 Introduction In the last few years, many research activities were conducted in the area of RFID security. Various attacks on the used algorithms, protocols and implementations showed that the protection of RFID systems requires more attention. Many security protocols were proposed to protect the violation of privacy and the authenticity of goods. Most of them use symmetric cryptography because of the fierce constraints for RFID tag implementations. From the implementation point of view, the difficulties in RFID tag design are the very tight requirement for the production of RFID tags. In addition to low die-size requirements the power consumption of the RFID tag is of utmost importance. In the HF frequency range at MHz the maximum mean current consumption without reducing the operation range of the tags is 15 µa. Due to the limited available chip area, the limited power consumption and the limited

2 2 M. Feldhofer, Ch. Rechberger time, an algorithm is allowed to execute, the selection of appropriate security algorithms and protocols is very important. Unfortunately, the use of public key cryptography is out of range with today s semiconductor process technologies. The required computational power cannot be included on RFID tags in terms of speed and power consumption. Therefore, primitives from symmetric cryptography are heavily used by protocol designers in this area. Hash functions are conceptually simpler than block ciphers, since they do not need a key. In the RFID security community, it is commonly assumed that hash functions are therefore also the better choice from the implementation point of view. As a consequence, most of the proposed protocols for protecting RFID tags base on hash function implementations [1, 3, 7, 9, 13, 16]. Only in the work of Feldhofer et al. [5] the use of block ciphers is discussed in more detail. Our Contribution. In big parts of the available literature on RFID security protocols the use of hash functions as basic building blocks is proposed with the reasoning that they are easier to implement on RFID tags than a block cipher like AES [10]. In this paper we give conclusive evidence that it is better to use a standardized block cipher like AES [10] on RFID tags than using one of the standardized hash functions from the SHA family [11]. On the basis of a survey on existing RFID security protocols we see that either symmetric encryption primitives or hash functions are always the underlying building blocks if authentication is needed. In Section 2 we derive the requirements for the basic building blocks. In Section 3 we present the smallest and most power-efficient SHA-256 ASIC implementation published so far. In Section 4 we map these results to other MD4 family hash functions like SHA-1, MD5 and MD4 and we compare the achieved results of hash implementations with the low-power AES implementation of Feldhofer et al. [6] which requires less chip area and has lower power consumption figures. Based on that we derive two simple criteria that firstly explain the reason between the gap we observe, and secondly give hints for the design of new hash functions which are more suitable for RFID tags. 2 Cryptographic Primitives in RFID Security Protocols The cryptographic literature offers a variety of cryptographic primitives which can be used as basic building blocks in the design of security protocols. Depending on assumptions about available keying material, difficulty and trust on underlying problems, or implementation constraints, a multitude of options is available. In the context of RFID systems, the choice is somewhat smaller because of fierce constraints from the implementation point of view. Thus, we subsequently focus on algorithms attributed to the area of symmetric cryptography.

3 A Case Against Currently Used Hash Functions in RFID Protocols 3 Here, the high level of security (112 to 256 bits) and meeting the implementation constraints is possible without requiring unreasonable amounts of keying material. Protocol designers can choose from primitives like block/stream ciphers, hash functions, message authentication codes (MACs), universal hash functions or pseudorandom number generators (PRNGs). Some of these primitives can be efficiently turned into others. A block cipher can be turned into a hash function. For universal hash functions to be used in the setting for RFID security protocols, a cryptographically secure PRNG is needed to generate new keying material. Standardized and trusted PRNGs are in turn again based on block ciphers or hash functions. This implies that for RFID security protocols using PRNGs on top of primitives like ciphers or hash functions, no substantial additional circuit is required. MACs are mainly based on hash functions, ciphers or universal hash functions. Summing up this short overview, we conclude that for RFID authentication protocols based on symmetric cryptography either hash functions or ciphers are the most suitable basic building blocks. Subsequently we will thus focus on these. 2.1 Survey of Symmetric Primitives in State-of-the-art Proposals for RFID Protocols As mentioned before, the reason to employ cryptographic primitives in RFID protocols is to provide some form of authentication and/or some form of anonymity. In protocols that use hash functions on the RFID tag, the following properties are generally needed. In order to provide some form of anonymity, the output of the hash function should not be distinguishable from a truly random bitstring. For authentication purposes, the designer of RFID protocols relies on the preimage resistance or 2nd-preimage resistance of the used hash function. Occasionally, also collision resistance is needed [13]. In protocols that use ciphers as a cryptographic primitive, anonymity is again provided by the difficulty of distinguishing its output from a truly random bitstring. Authenticity is guaranteed by the resistance against key-recovery attacks of the employed cipher. Subsequently we focus on proposals which offer the possibility to authenticate the tag and/or the reader and thus tackle the problem of tag cloning. Symmetric Encryption There are only a few protocol designers which base their RFID authentication protocols on symmetric-key encryption primitives. Feldhofer et al. [5] use simple challenge-response authentication for unilateral and mutual authentication of RFID tag and reader. The random values r t and r r are the challenges from the tag and the reader which are encrypted using

4 4 M. Feldhofer, Ch. Rechberger the function E K which is in their case AES. They mention the problem of key distribution and key management when using symmetric authentication methods but do not provide any detailed solution for it. Hashing Weis et al. [16] proposed the hash-lock scheme and the improved randomized hash-lock scheme. Thereby, the tag is authenticated by the tuple (r t,h(id,r t )) where r t is a random value generated by the tag for tracking prevention and the hash value is generated over ID and r t. In the protocol of Henrici et al. [7] the tag sends the hash value of its ID together with a transaction number to the reader and authenticates the tag to the reader. The reader responds with a random value which is used to refresh the tag identifier on every successful transaction. Lee and Verbauwhede [9] propose a protocol where a hash function h(k r s ) of a key K and a random value r s is used for mutual authentication of reader and tag. Additionally, r s is used for updating the key in the tag. Dimitriou [3] uses in his authentication protocol a message authentication code (MAC) h k which is based on hash functions. Random values generated by reader and tag are used for mutual authentication and refreshing the key in the tag. Rhee et al. [13] suggest a hash-based challenge-response protocol where the secret key in the protocol is the ID. The tag does not need to update the secret key which avoids attacks by interrupting the session. In the protocol of Choi et al. [1] tags have a common secret key K and a tag-specific secret S which are used for mutual authentication based on hash functions. A counter c is incremented in the tag on each access for prevention of replay attacks. 3 Hardware Implementation of SHA-256 One of the main contributions of this paper is the ASIC implementation of a SHA-256 module which fulfills the requirements for RFID tags. SHA-256 is a member of the SHA-2 family of hash functions which is in turn the latest official descendant of the MD4 family. SHA-256 was chosen because it is widely recommended and offers a security level equivalent to AES-128. For the design of hardware modules in RFID systems the differences between power consumption and energy consumption is important to notice. In contrast to battery-powered devices where energy consumption is the optimization goal, the mean current consumption is the critical concern for passively powered RFID tags. The duration of the operation is of reduced concern. It is important that the power consumption per clock cycle is limited although the total energy consumption of an operation might be larger. This comes due to the limited energy transmission from the RFID reader to the tag during one clock cycle. Here it is often necessary to serialize operations because the concurrent

5 A Case Against Currently Used Hash Functions in RFID Protocols 5 calculation would exceed the available power and the large voltage drop causes a reset in the circuit. Our implementation goal of the SHA-256 was to minimize the mean power consumption while using only small chip area. 3.1 Description of SHA-256 SHA-256 [11] is an iterated cryptographic hash function based on a compression function that operates on an internal state of 256 bits. This internal state is initialized using IVs as specified in [11]. SHA-256 updates the state of eight 32-bit variables A,..., H according to the values of bit words M 0,..., M 15 of the message. The compression function consists of 64 identical step transformations as presented in Fig. 1. The step transformations employ the bitwise Boolean functions Ma j and Ch, and two GF(2)-linear functions Σ 0 (x) = ROT R 2 (x) ROT R 13 (x) ROT R 22 (x) and Σ 1 (x) = ROT R 6 (x) ROT R 11 (x) ROT R 25 (x). The i-th step uses a fixed constant K i which is a distinct 32-bit word for each step and the i-th word W i of the expanded message. The message expansion works as follows. An input message is split into 512-bit message blocks (after padding). The message expansion takes as input a vector M with 16 words and outputs a vector W with N words. The words of W i, the expanded vector, are generated from the initial message M according to the following formula: W i = { M i for 0 i 15 σ 1 (W i 2 ) W i 7 σ 0 (W i 15 ) W i 16 for 16 i 63. The functions σ 0 (x) and σ 1 (x) are defined as follows: σ 0 (x) = ROT R 7 (x) ROT R 18 (x) SHR 3 (x) and σ 1 (x) = ROT R 17 (x) ROT R 19 (x) SHR 10 (x). After 64 steps, the feed-forward operation is applied. It is done by word by word modular addition of the previous chaining values (the IVs in the case of the first block) to the current state variables. 3.2 Related SHA-256 Implementations Although many hash hardware architectures have been proposed in the last years, none of the published work focus on low die-size and low power-consumption requirements as needed for contactlessly powered devices like RFID tags. Nearly all of these architectures focus on GBit throughput rates and do not mind high power consumption at all. Especially the implementations using FP- GAs as target technology make extensive use of pipelining and unrolling techniques. Some representatives of this category are Pramstaller and Aigner [12]

6 6 M. Feldhofer, Ch. Rechberger A N B N C N D N E N F N G N H N Σ 0 Σ 1 M A J C H KN WN A N1 N B N1 N C N1 N D N1 N E N1 N F N1 N G N1 N H N1 N Fig. 1. One step of the state update transformation of SHA-256 and Sklavos and Koufopavlou [15]. Only a few publications of ASIC hash implementations are available so far. The implementations of Satho and Tadanobu [14], Dominikus [4] and Dadda et al. [2] are directly comparable with our design as they have shown results of SHA-256 implementations. 3.3 Architecture of SHA-256 Module Implementing the SHA-256 (and also other MD4 family hash functions like SHA-1, MD5 and MD4) algorithm as a 32-bit architecture is the only useful data bit width because of the design of the algorithm. High-level simulations with a data word size of 8 bits showed that the performance is unacceptably bad which was not astonishing as the algorithms were designed for 32-bit platforms. The architecture of the SHA-256 module consists of a datapath and a controller circuit. The datapath of the proposed 32-bit SHA-256 module is depicted in Fig. 2. It is to the best of our knowledge the smallest hardware implementation of the SHA-256 algorithm published so far. The main parts of the module are the RAM circuits, the dedicated logic functions for the SHA-256 transformations, temporary storage registers and one 32-bit adder. The controller module which is not shown in the figure is implemented as a finite state machine that generates the control and address signals for the datapath. All RAM parts have a register-based implementation which allows the use of clock gating to minimize power consumption. The major design principle is that only 32 flip-flops are clocked within the same clock cycle. This averages the power consumption of the circuit which is crucial for wirelessly powered devices like RFID tags. This represents the most important design difference to existing SHA-256 im-

7 A Case Against Currently Used Hash Functions in RFID Protocols 7 W-RAM 16x32-bit A, B, C E, F, G A E State- RAM 8x32-bit H-RAM 8x32-bit data out T2 0 1 Ch Maj 1 0 SHA2 Const T1 data in 32-bit Adder Fig. 2. Architecture of low-power SHA-256 datapath plementations where in every clock cycle all registers of a RAM module need a clock pulse because of the pipelined structure. The RAM consists of the three different parts: message expansion RAM (W-RAM), state variables A-H (State- RAM) and the chaining variables (H-RAM). The W-RAM stores the sixteen 32-bit words W i necessary for the message schedule. This RAM module is single ported to ease silicon implementation and reduce controlling complexity. The State-RAM contains the eight state variables A-H which are used during the step transformation. Because of the internal structure of the algorithm it was necessary to implement this 8 32-bit RAM having a separated read and write port. The synthesis results show that the additional hardware for this dualport RAM is negligible but the throughput is augmented significantly. The third RAM part, the H-RAM, stores the 8 32-bit chaining variables. It is updated only at the beginning and at the end of each step transformation. The output of the datapath comes directly from the H-RAM. The dedicated hardware modules in the datapath perform the SHA-256 functions σ 0, σ 1, Ch, Ma j, Σ 0 and Σ 1. The inputs of these functions come either from the output of the RAM or they are directly routed from the state variables A-H to the corresponding module. The sequence of 64 constant 32-bit words are stored in a look-up table which was generated by the synthesizer. The two 32-bit registers T 1 and T 2 are used during step transformation to store intermediate results. Again clock gating is used to reduce the power consumption while the registers are not required. All RAM circuits, the dedicated hardware modules, the look-up table and the registers have the mechanism to disable the output of the module which sets the 32-bit output of the module to zero. This method, called

8 8 M. Feldhofer, Ch. Rechberger sleep-mode logic, reduces the switching activity of the combinational logic behind this gates to a minimum. Additionally, the two large multiplexers degrade to merely an OR tree. A further big difference to existing hash architectures is the use of a single 32-bit adder. The critical path of the circuit is heavily reduced to produce less signal activity and hence has lower power consumption. A calculation of a hash value works as follows. Before the step transformation starts the initial hash value has to be loaded into the H-RAM module. Then the data input including padding is stored in the W-RAM. After transferring data from the H-RAM to the state variables the step transformation starts. According to the SHA-256 algorithm the state variables are updated using the dedicated functions, the intermediate storage registers and the appropriate SHA-256 constant from the look-up table. The message schedule is also executed in each step which allows to generate the required message expansion in place without any additional memory. At the end of the 64 rounds the hash value is calculated using the state variables and the old chaining variables. Now the hash value can be read at the data output or the next message block has to be processed with the same procedure except the initialization of the H-RAM which holds its value. 3.4 Achieved Results The implementation of our SHA-256 architecture requires a current consumption of µa at a frequency of 100 khz on a 0.35 µm CMOS process technology with a supply voltage of 3.3 V. All presented results in Table 1 come from simulations on transistor level using Nanosim from Synopsys. Performing a hash calculation on a 512-bit block of data requires 1,128 clock cycles which is suitable for RFID communication protocols using interleaved protocols according to [5]. Although not designed for high speed, the circuit has a maximum clock frequency of 50 MHz and achieves a data throughput of up to 22.5 Mbps. The required hardware complexity is 597,740 µm 2 which corresponds to 10,868 gate equivalents (GEs). The complexity of each component is also listed in Table 1. Table 2 presents a comparison of our approach with the work of Dadda [2], Dominikus [4] and Satoh [14]. While Dominikus [4] does not provide information about the implementation of the RAM circuit Dadda [2] and Satoh [14] use shift registers for implementation of the RAM. The state variables, the chaining variables and the expanded message words are in each case structured as a 32- bit pipelined register file where in each clock cycle all registers are updated and cause therefore high power consumption. Hence, power saving techniques like clock gating are not applicable. It can be seen that the use of very recent process technologies brings advantages in the maximum clock frequency. As RFID tags are low-end devices,

9 A Case Against Currently Used Hash Functions in RFID Protocols 9 Table 1. Synthesis results of all components of the low-power SHA-256 module Module/Component I mean Chip area [GE] State-RAM ,984 W-RAM ,881 H-RAM ,427 SHA-256 Constants bit Registers 2x0.80 2x197 σ 0 & σ 1 & Σ 0 & Σ 1 & Ch & Maj bit Adder Multiplexer & others Controller Total ,868 Table 2. SHA-256 comparison with related work based on power consumption and gate count SHA-256 CMOS Tech. I mean Chip area f max Clock ASIC µm GE MHz cycles This work 3.3V , ,128 Dadda [2] 1.8V a 14, Dominikus [4] 3.3V a 10,900 RAM Satoh [14] 1.5V a 11, a No figures given. Because of the hardware architecture the current consumption is expected to be a multiple of ours. today most manufacturer use the cheaper 0.35 µm and 0.25 µm CMOS process technologies. Unfortunately, all other related work does not include power consumption figures to their results. Because of the pipelined design in the data memory it can be seen that they are not optimized for low power consumption. In addition to being the smallest published ASIC implementation of SHA-256 our low-power approach allows application of SHA-256 in RFID system with minimal reduction of the operation range. 4 Discussion of Implications Table 3 presents a comparison of four hash function implementations with the AES implementation of Feldhofer [6]. The figures of the SHA-256 and SHA-1 implementations are synthesis results while for MD5 and MD4 only estimations are available. Note that the algorithms have different block lengths and security level which was not normalized in the table. The chip area includes all necessary

10 10 M. Feldhofer, Ch. Rechberger components to operate the module stand alone while the cycle count is the number of clock cycles for one block of data. Choosing the older and smaller hash functions might be an option if collision resistance is not needed. Kaps et al. [8] state that a SHA-1 implementation with only 4,276 gate equivalents which is more energy efficient than their AES implementation is possible. In our setting this analysis does not apply since they do not take the message expansion RAM into account (which compares to 2,400 GEs). They state that an external memory holds these sixteen 32-bit words which is not possible on an RFID tag. The major outcome is that there are two dominating factors that decide on the suitability of symmetric primitives for RFID tags. Firstly, the required number of registers which store state variables, chaining variables and message words. Secondly, the underlying word size of the used primitive. All popular hash functions operate on input blocks of at least 512 bits. Including the size of the state which is at least as big as the output of the hash functions, the resulting lower bound on the gate count is already higher than the smallest known AES implementation. Note that also hash functions which we did not consider in this paper so far (like Tiger or Whirlpool) have the same structural disadvantage compared to block ciphers like the AES. Since AES operates on elements in GF(2 8 ), the minimal number of registers (8) that have to be clocked is much lower compared to any member of the MD4 family of hash functions which have a word size of at least 32 bits. Architectures for the MD4 family which operate on less than 32 bits at a time face heavy penalties when taking runtime into consideration. This results in a big difference in the achievable mean power consumption of resulting RFID tags, which is the most critical factor for application of passive RFID tags. Looking at other hash functions, the situation is more diverse. Tiger operates on 64-bit words and thus is likely to have an ever higher mean power consumption. On the other hand, Whirlpool operates like AES on elements in GF(2 8 ), which means that the mean power consumption would not be the limiting factor for usage in Table 3. Synthesis results (for SHA-256, AES, SHA-1) and estimations (MD5, MD4) of hash functions and AES algorithm implementations for low die-size and low power consumption Algorithm Chip area I mean Clock GE cycles SHA , ,128 SHA-1 8, ,274 MD5 8, MD4 7, AES [6] 3, ,032

11 A Case Against Currently Used Hash Functions in RFID Protocols 11 RFID security protocols. Overall, future hash functions designs which aim for efficient implementations on RFID tags need to take both points into account. Consequently, the use of block ciphers like the AES as a basic building block for the design of RFID security protocols is the most sensible choice as of today. Stream ciphers for resource-constraint environments which are currently evaluated by the project estream of the European Union sponsored Network of Excellence ECRYPT might be useful as well. 5 Conclusions and Future Work Contrasting some commonly made assumption in the literature on RFID protocols, we showed the following. Current standards and state-of-the-art low-power implementation techniques favor the use of block ciphers like the AES instead of hash functions as the cryptographic building blocks for secure RFID protocols. To investigate this issue, we proposed a low-power architecture for the MD4 family of hash functions and gave a detailed analysis of this smallest SHA-256 ASIC implementation known so far. Our result has about 10,000 gates and a mean power consumption of 15 µa at 100 khz using a cheap 0.35 µm process technology which is indeed within the constraints of EPC class 2 tags. Even though it is interesting to know that also SHA-256 might be small enough for some RFID tags, we have to compare it with implementations of other primitives. Comparing it with the smallest known AES implementation we conclude that no known hash function can achieve similar results given fierce implementation constraints (like mean power consumption) as it is the case for RFID systems. Reducing the gate count by switching to smaller hash functions like SHA-1, MD5 or even MD4 does not affect these conclusions. The reason is two-fold: Firstly, the underlying word size. The minimal number of registers that have to be clocked in the case of AES (8) is much lower compared to any member of the MD4 family of hash functions which have a word size of 32 bits. This results in a big difference in the achievable mean power consumption of resulting RFID tags, which is an important measure. Secondly, the necessary number of registers. It turns out that all hash functions used today have a structural disadvantage compared to the AES. That is why choosing AES results in comparatively cost-efficient RFID security protocols while keeping a high level of security. Thus it remains to be seen which of the many hash-based protocols can be converted into protocols using a cipher to allow for production of small and cheap tags. Alternatively, AES-based hash functions need to be evaluated from the RFID perspective.

12 12 M. Feldhofer, Ch. Rechberger References 1. E. Y. Choi, S.-M. Lee, and D. H. Lee. Efficient RFID Authentication Protocol for Ubiquitous Computing Environment. In Embedded and Ubiquitous Computing - EUC 2005 Workshops, volume 3823 of LNCS, pages Springer, December L. Dadda, M. Macchetti, and J. Owen. The Design of a High Speed ASIC Unit for the Hash Function SHA-256 (384, 512). In 2004 Design, Automation and Test in Europe Conference and Exposition (DATE 2004), volume 3, pages IEEE Computer Society, T. Dimitriou. A Lightweight RFID Protocol to protect against Traceability and Cloning attacks. In First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm 2005), pages 59 66, Athens, Greece, September IEEE Computer Society. 4. S. Dominkus. A hardware implementation of MD4-family hash algorithms. In 9th IEEE International Conference on Electronics, Circuits and Systems, volume 3, pages IEEE Computer Society, October M. Feldhofer, S. Dominikus, and J. Wolkerstorfer. Strong Authentication for RFID Systems using the AES Algorithm. In Cryptographic Hardware and Embedded Systems CHES 2004, volume 3156 of LNCS, pages Springer, August M. Feldhofer, J. Wolkerstorfer, and V. Rijmen. AES Implementation on a Grain of Sand. IEE Proceedings on Information Security, 152(1):13 20, D. Henrici and P. Müller. Hash-based Enhancement of Location Privacy for Radio- Frequency Identification Devices using Varying Identifiers. In 2nd IEEE Conference on Pervasive Computing and Communications Workshops (PerCom 2004 Workshops), pages IEEE Computer Society, March J.-P. Kaps and B. Sunar. Energy comparison of AES and SHA-1 for ubiquitous computing. In 2nd IFIP International Symposium on Network Centric Ubiquitous Systems (NCUS 2006), LNCS. Springer, Y. Lee and I. Verbauwhede. Secure and Low-cost RFID Authentication Protocols. In 2nd IEEE Workshop on Adaptive Wireless Networks (AWiN), National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard, November Available online at National Institute of Standards and Technology (NIST). FIPS-180-2: Secure Hash Standard, August Available online at N. Pramstaller and M. Aigner. A Universal and Efficient SHA-256 Implementation for FP- GAs. In Austrochip 2004, pages 89 93, ISBN K. Rhee, J. Kwak, S. Kim, and D. Won. Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment. In Security in Pervasive Computing, Second International Conference, SPC 2005, volume 3450 of LNCS, pages Springer, A. Satoh and T. Inoue. ASIC-Hardware-Focused Comparison for Hash Functions MD5, RIPEMD-160, and SHS. In International Symposium on Information Technology: Coding and Computing (ITCC 2005), volume 1, pages IEEE Computer Society, N. Sklavos and O. Koufopavlou. Implementation of the SHA-2 Hash Family Standard Using FPGAs. The Journal of Supercomputing, 31(3): , March S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels. Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In 1st Annual Conference on Security in Pervasive Computing, volume 2802 of LNCS, pages , 2003.