Implementation of Secured RFID Mutual

Authethentication Protocol
AISHWARYA A NAIRI, K.SIVASANKARAN2
1 Student(Mtech VLSI DESIGN) Dept of ECE(SENSE), Vellore Institute of Technology , Vellore, Tamil Nadu, India,
E-mail: aishwaryaanair17@gmail.com.
2
Associate Professor , Dept of ECE(SENSE), Vellore Institute of Technology, Vellore, Tamil Nadu, India,
E-mail: k.sivasankaran@vit.ac.in.

Abstract—RFID is the most flexible auto identification An efficient way to solve these security problems for passive
technology has a dereliction in its security .Over many years UHF RFID is to adopt a mutual authentication protocol.
researchers are working up on security issues facing in RFID Generally, a RFID application system consists of tag, reader
communication and they come up with mutual authentication and back-end server. So here the paper is divided in to four
Protocol. Here is the lightweight mutual authentication section. Section II will give the Related Works. Section III
protocol which implemented in ASIC based on the EPC global, give an idea about Mutual Authentication Protocol .Section
which is the widely used industrial standard for passive UHF IV is about architecture and design. Next Section is about
RFID communication. Here I incorporated a variable Proposed Modification. Last section is full about
Fibonacci LFSR rather than normal LFSR which will increase
Implementation and results
the security compare to previous works. The RFID blocks were
designed by verilog HDL,synthesized and implemented in SCL
180nm technology.I have used Synopsys EDA tool for design II. RELATED WORKS
and Implementation So many security mutual authentication protocols have
been proposed for passive UHF RFID. Chien classified these
Keywords—RFID,VLFSR,Synopsys,Synthesis,Physical
protocols into four classes [15]. The first class is called “full
Design ,ROM,Cyclic Redunancy check,Fibonocci LFSR
edged class” that supports the conventional cryptographic
function. The second class is called “simple” that should
I. INTRODUCTION support random number generator and one-way hashing
In the new modern era companies wanted to transfer data function on tags. The third class is called “lightweight”
into the computer without just manually typing it so as to protocols that require a random number generator and simple
save time, reduce error, increase the efficiency and to free up functions like CRC checksum. The fourth class is called
the employees to do other useful jobs. This idea led to the “ultra-lightweight” protocols that only involve simple
emergence of a broad ne automatic identification to help bitwise operation (like XOR, AND, OR, etc.). Due to the use
machines to identify objects, captures the information and of random number generator and VLFSR sample function,
transfer the data in to computer automatically..There are our protocol belongs to the lightweight class.
different automatic identification technologies like barcode, To tackle the security issues researchers have proposed
smartcards, biometric scan etc. Of these RFID technology is some Pad generation function which issued to protect the
the most prominent because to capture the information tags various password or crucial data during the transfer. Yu-
without any line of sight, reading information fastly from Jung Huang, Wei Cheng Lin, and Hung-LinLi presented a
multiple objects, hiding the unauthorized author’s thus journal similar to the Pad generation concept, where
increasing security and to detect the distant object data. implemented in FPGA Board. Here they used to produce
There are two types of RFID,,Active and Passive. Unlike cover coding pad to mask the tag’s access password before
active tags Passive does not have an internal power source. It the data is transmitted .Here the information from tag to
derives energy from the electromagnetic signal send by the reader or reader to tag can be accessed by simple exor
reader. Passive RFID tags mainly operates in three different function operation. However the problem with it is the
frequency region., Low Frequency, High Frequency and increase in power dissipation due to increase in hardware.
Ultra High Frequency region. Here our protocol is Lili Wei, Zhaotong Luo, QiangQu, Qing He and Jingwei
implemented in UHF Frequency region, within a range of presented a fully fledged authentication protocol which
860 MHz to 960 MHz, widely used a public key cryptography and also the crypto
RFID communication follows some standards. Out of that GPS method but the problem is the lack of the security proof
widely used standard is EPC Global C1G2 standard. These and also had limitations on the number count of the tag.
are driven standards by Electronic Product Code . The EPC In 2010 ,a Novel anonymous RFID authentication
Gen2 air interface standard was first published in 2004, protocol was presented by Jian Shen Dongmin Choi,
which defines the physical and logical requirements for a Sangman Mohand Ilyong Chung, they denote their protocol
RFID system of interrogators and passive tags, operating in as ARAP which provide a strong privacy and also the
the 860MHz-960MHz. Ultra High Frequency (UHF) range. security aspects by taking the pseudonym concept to protect
Over the year researchers are working on security issues of from the synchronization, disclosure and attack. Here
RFID, Because of the absence of necessary security scheme protocol works without disclosing the real ID’s of the
in EPC Gen2 standard, the radio communication between participating tags and provide strong privacy and security. So
RFID tags and readers raise a number of security issue. the RFID tags substitute pseudonym for all real ID’s and this
RFID tag preshares the Pseudonym ,the secret as well as R3||R2 ⊕ SID by XOR operation. The secret value Sj is
information to backend. obtained based on the SID extracted.
In 2015 Mahsa Fathi and Elham Tavakol claimed and
proved that the ARAP protocol is very badly vulnerable to
the security and the de synchronization and modifies the a
new authentication protocol which takes with hash function
and also the PRNG (Pseudo Random Number
Generation)which safeguards the information ROM
attackers. 2015 Yu-Jung Huang, Wei-Cheng Lin, and Hung-
Lin Li proposed a new lightweight authentication protocol
based on TRNG which will provide more security compared
go previous works but with little high power dissipation. .In
this thesis, I modify the design to provide better secure
communication from tag to reader by incorporating a
Fibonacci LFSR in the design.
Figure 2. Mutual Authentication Protocol
Using these we generate 32 bit random number Rb by
passing it through the same LFSR structure as in tag. The
III. MUTAL AUTHENTICATION PROTOCOL tag authentication is done by verifying whether Rt is same
as that of Rb.If they are equal secret value Sj + 1 = R3||R2⊕
Figure below shows the state diagram of tags pa. The tag Sj, SIDj + 1 = LFSR(R1||R2,SID) and LFSR(R1||R2,SID) is
implements seven states. The authentication phase is done in sent to the tag through reader for server authentication. The
secure state or open state but since there is an update going tag updates secret value and SID as Sj + 1 = R3||R2⊕Sj,
on with the secret value and SID we implement the protocol SIDj + 1 = LFSR(R1||R2,SID) after a valid server
insecuredstate. authentication. This marks the end of protocol for the jth
section. If Rt 6= Rb server finds the previous secret value
and SID which will be the inputs for the LFSR function ie
Rt = LFSR(R1||R2,Sj −1) and protocol continues as
mentioned earlier. This is done so as to prevent
synchronization problems. But if still Rt ≠ Rb the protocol
ends here ie. the tag authentication has failed. The security
is said to have protection from Eavesdropping, Location
Tracking, Replay Attack, Forward Security, Confidentiality,
Man-in-the-Middle Attack, De-Synchronization Attack and
Mutual Authentication

IV. ARCHITECTURE AND DESIGN

The block diagram of a passive tag is shown in Figure 3 that

has an analog frontend and a digital backend.

Figure .1 Tag States

The flow diagram of the implemented protocol is shown in
Figure 2. First the tag send the authenticate command that is Figure 2.Architecture of Tag
specified by the EPC C1G2 standard. The authenticate
framework is shown in Figure 3. The tag reads in the The frontend is responsible for transmitting data back and
random number R1 obtained from the reader along wi th the forth to the reader, provides control signals such as clock,
true random number R2 and is given to the LFSR block reset and also TRNG to the digital block. We concentrate on
where we obtain a 32 bit random number Rt based on a the digital backend where the protocol is implemented. It
secret value Sj. The Rt along with R3||R2⊕SID is sent to has ROM interfaced in it.
the server through the reader along with UID and R1. At
server we get the SID from UID, R2 is extracted from
 Figure below shows the digital baseband. 2)Variable LFSR
Linear Feedback Shift Register (LFSR) is the key element of
the implemented protocol. A simple LFSR is a shift register
where its inputs are driven by XOR operation ie. is a linear
function of its previous state there for making it deterministic
The implemented LFSR structure has 2 sets of registers
coefficient and shift register.

Figure 3. Architecture of Passive Tag

Figure 5.Variable LFSR

1)PIE DECODER
They both are initialized with R1||R2 and Sa respectively
As per EPC C1G2 standard for reader to tag transmission after the decoder reads all the data inputs. Input to the shift
we use Pulse Interval Encoding (PIE) technique, hence we registers is decided based upon the value initialized in
design a pie decoder where data symbols are recognized coefficient register and according to the value of Sb stored in
based upon the amount of time each symbol is high. The ROM, the shift register shifts the values to Sb cycles so that
decoding starts by resetting all values in the READY state we get Rt which is to be encoded back to the reader.
and if data sampled is high for 12.5us in the DELIMITER
state then data 0 follows and we start to sample RTcal in the 3)ROM
SAMPLE_RTCAL state, we divide this value by 2 to get We implemented a simple ROM so as to store secret
PIVOT. Here shows the state diagram of pie decoder. value Sj = Sa||Sb, Secure ID (SID) and tag random numbers
(R2,R3). Sa is used to initialize the coefficient register in
LFSR while Sb decides for how much cycles thus Shift
register shifts its values.R1,R2andSIDis encoded back to
other reader after a XOR operation .R2 is also used to
initialize shift register.
4) CRC 5 and CRC 16
Cyclic-redundancy check issued to ensures a valid
communication between the reader and tag. This Is done as
per the EPC gen2 standards as a safeguard against bit errors.
The CRC5 and CRC16 circuits are in the form of LFSR that
consist of 5 and 16 registers respectively. The basic working
principle of both these modules are that initially the registers
are preloaded to 010012 (CRC5) or FFFFh (CRC16). The
data bits which are to be encoded is clocked to the input of
the modules. This register now holds the crc5 output while to
get crc16 output we need to get the values of registers in
crc16 inverted. Here CRC5 is used to validate
AUTHENTICATE command while the CRC16 is used to
Figure.4 Pie Decoder compute the crc16 value which has to be send to the reader.
Any value less than PIVOT is recognized as data 0 and 5)FM ENCODER
greater PIVOT is recognized as 1. In In DECIDE_TRCAL
we sample TRcal (used for calculating backscatter Fm0 encoder specified by the EPC gen2 standards to
frequency),Data0or Data1 based upon the command, backscatter the data back to the reader in a frequency that
followed by OPCODE_PW where we sample the input will be decided by the TRCAL value send from the reader.
OPCODE and check if it is correctly matched in the The clock managing module reads the TRCAL value and set
DECIDE_OPCODE state and raise the Opcode flag. We the required backscatter frequency and provides this as the
then sample and decode the data inputs in DATA_DECODE input clock to the fm0 encoder. The Backscatter link
state and raise the data ready flag after reading in all the data frequency ranges between 40-640 KHz and the output clock
and go to the WAIT state for further processing. to the encoder is determined by the formula Clk encoder =
TRCAL÷DR where DR is the data rate which can have value
64/3 or 8.Here is the State diagram and toggling activity of
FM0 encoder.
 VI.. IMPLEMENTATION AND RESULTS
Every block designs are designed in Verilog Hardware
Description Language(HDL)with compilation and simulation
is done in Modelsim as well Synopsys SCL 180 nm tool. The
implementation is carried out up to routing which include
pre layout and post layout STA. Entire implementation is
done using Synopsys SCL 180nm.
Figure 6. State Diagram of FM Encoder As in block diagram, many blocks are designed for protocol
implementation. Following are obtained waveforms for the
blocks used to implement the protocol.
1)Cyclic Redundancy Check
CRC is used to detect errors while transmitting and
receiving of data from any circuit .Here two types of CRC.s
is used,CRC5 and CRC 16.CRC 5 is for detecting error while
communicating from reader to tag which is initialized by
110002 and CRC16 is used in tag to reader communication
and initialized by FFFFh..Here is the output waveform CRC 5

Figure 7.FM0 Basis Function


ggling activity of FM0 Encoder can be explained as
 It inverts the phase of the base band signal at the
when the input is 0
 It does NOT invert the phase when it is 1
V.PROPOSED DESIGN
As said we are aiming to have high secure communication
between tag and reader. So we want to have such type of Figure 9.CRC 5 Output
structure to increase the security.
So in this proposed design, I am using Fibonacci VLFSR
rather than using a normal LFSR that is used in current 2)Variable LFSR
architecture. Proposed Architecture is shown below shown in VLFSR is used to get Rt which will protect the secure
figure ID,and true random number. Initialize with two type of
register, Shift and Coefficient Register .

Figure 8.Proposed Design

Figure 9. Variable LFSR
So here an Normal VLFSR is replaced with Fibonacci LFSR
which cause its increase in security. In normal LFSR ,the 3)Clock Management Module:
bits are just shifting only, but in Fibonacci LFSR ,a shifting
of any bit depends on addition of previous two bits. So in
CMM is responsible for setting backward frequency. The
backend server, to extract the values, it requires the
extraction of previous two bits. waveform given below we can see that, backscatter clock
value is set when the Data Rate is equal to 8 or 64/3.
 Figure below shows the Synthesized output put from SCL
180nm.The synthesized output is the result after logic
synthesis ,floor planning ,Placement ,CTS,Routing. Also
verified the timing violation after logic synthesis and
Routing. It ensures that my design did not have any setup as
well as hold violation.

Figure 10. Clock Management Module

4)FM Encoder
Encoder is to encode the values which is given from
VLFSR, Pie decoder, CRC’s.The transfer data to reader is
by reply command. Figure 11 will show the FM Encoder

Figure 12.Physical Synthesis Output.

Proposed Implementation Results:

The modified circuit replace with Variable Fibonacci
LFSR which ensure more security. Here is the output of
replaced Fibonacci LFSR:

Figure11.FM Encoder
5)RFID Main module:
For the simulation we have considered the following inputs.
• R1=17B6h
• R2=AA10h
• R3=BBF1h
•Sa=45ADBECFh
• Sb=14h
• Sid=DAAEDD10h
• TRCAL=6410 Here the results are optimized with synopsys DC Compiler.
Comparison of Results:

Parameter Reference Paper Proposed Design

Slack 5.4ns 6.6ns
Dynamic Power 1.05µW 95.04nW
Supply Voltage 1.8V 1.8V

VII.CONCLUSION
In this paper ,an RFID light weight mutual authentication
protocol is implemented I modified VLFSR to get
Fibonacci LFSR in order to get more, which shows
significant reduction in area and power as compared to
Figure 10 :Basic RFID Protocol existing digital baseband architecture. The implemented
architectureisoftheEPCClass1Generation2standardsandisaso
lutionforthedereliction in its security. The architecture
consisted of a PIE decoder for decoding the message signal
send from the interrogator to tag, a LFSR for implementing
the protocol, A clock management module for providing a
clock to the encoder for backscattering the message signal
back from Tag to interrogator in a specific frequency , ROM
for storing random number values,CRC5 and CRC16
modules for checking bit errors and an encoder for e
backscattering the message signal back to the interrogator.
The protocol was successfully verified by Verilog Test
bench and synthesized in Synopsys DC compiler.

REFERENCES

[1]Yu-Jung Huang, Wei-Cheng Lin, and Hung-Lin Li,

(2012) ’Efficient implementation of RFID mutual
authentication protocol’, IEEE Trans. Ind. Electron, Vol.
59, no. 12, pp. 47844791
[2]Hung-Yu Chien, (2007) ’SASI: A New Ultralightweight
RFID Authentication Protocol Providing Strong
Authentication and Strong Integrity’,IEEETransactionon
dependable and secure computing, Vol. 4, No. 4.
[3] Lili Wei, Zhaotong Luo, Qiang Qu, Qing He, Jingwei
Xu 2014 ’"A Low-cost PKC-based RFID Authentication
Protocol and Its Implementation’, Tenth International
Conference on Computational Intelligence and Security
[4] Jian Shen, Dongmin Choi, Sangman Moh and Ilyong
Chung (2010) ‘A Novel Anonymous RFID Authentication
Protocol Providing Strong Privacy and
Security’,2010International Conference on Multimedia
Information Networking and Security.
[5] Mahsa Fathi and Elham Tavakol. (2015) ‘Security of
an anonymous RFID authentication protocol and its
improvement’, 2015 IEEE European Modelling
Symposium
[6]ZilongLiu,DongshengLiu,LunLi,HuiLin,andZhenqiang
Yong.(2015)‘Implementation of a New RFID
Authentication Protocol for EPC Gen2 Standard’,IEEE
Sensors Journal, Vol. 15, No. 2.
[7] Michael Todd (2010) ‘Hardware Emulation of a
Secure Passive RFID Sensor System’, Thesis submitted to
the Graduate School of the University of Massachusetts
Amherst.
[8] Honorio Martin, Enrique San Millan, Pedro Peris-
Lopez, and Juan E. Tapiador. (2013) ‘Efficient ASIC
Implementation and Analysis of Two EPC-C1G2 RFID
Authentication Protocols’, IEEE Sensors Journal, Vol. 13,
No. 10.
[9] Jing Liu, Yihao Chen and Runxi Zhang. (2010) ‘ASIC
design of UHF RFID reader digital baseband’,
Microelectronics and Electronics (PrimeAsia),2010 Asia
Pacific Conference on Postgraduate Research