RFID security, privacy and authentication for smart E-travel

  • Mouza Ahmed Rashed Bani Shemaili

Student thesis: Master's Thesis


Radio Frequency Identification (RFID) is the technology that will spread in the near future to enter all of our everyday activities such as transport, travel, health, etc. However, the security of this technology is very much vulnerable, especially in the areas of privacy and authentication. Moreover, adding some security measures to RFID chips is considered a challenge since RFID is considered a low computation power device that cannot handle the available security algorithms.
However, RFID tag data must be protected in ways that will present sufficient computational challenges to adversaries. Therefore, this project tries to address one of these issues, which is authentication, by proposing a suitable lightweight mutual authentication to be implemented for passive RFID tags. The proposed protocol uses the simple and low cost Shrinking Generator that can be considered as an alternative for the use as the One Time Pad algorithm. Also, the protocol was implemented by using both hardware and software. The hardware implementation was done on a PIC-microcontroller and the software implementation was done by using the Java programming language. Both implementations were thoroughly tested and they proved the correctness of the protocol. A cryptanalysis of the proposed protocol on the passive RFID tag against most well-known types of attacks that could be launched at RFID systems was undertaken and presented. The results of this cryptanalysis showed that the protocol is resilient and resistant to most known attacks such as Denial of Service Attack, Man in the Middle Attack, Replay Attack and Forward and Backward Secrecy Attack issues. The protocol requires about 104 bytes of rewritable memory and 16 bytes of read-only memory on the tag which is considered lightweight and suitable for passive RFID tags. Also, an evaluation of the protocol and a comparison with other similar protocols is provided.
Date of Award2010
Original languageAmerican English
SupervisorChan Yeun (Supervisor)


  • RFID Technology
  • Authentication

Cite this