Survey: Vulnerability Analysis of Low-Cost ECC-Based RFID Protocols against Wireless and Side-Channel Attacks.

Abstract

The radio frequency identification (RFID) system is one of the most important technologies of the Internet of Things (IoT) that tracks single or multiple objects. This technology is extensively used and attracts the attention of many researchers in various fields, including healthcare, supply chains, logistics, asset tracking, and so on. To reach the required security and confidentiality requirements for data transfer, elliptic curve cryptography (ECC) is a powerful solution, which ensures a tag/reader mutual authentication and guarantees data integrity. In this paper, we first review the most relevant ECC-based RFID authentication protocols, focusing on their security analysis and operational performances. We compare the various lightweight ECC primitive implementations designed for RFID applications in terms of occupied area and power consumption. Then, we highlight the security threats that can be encountered considering both network attacks and side-channel attacks and analyze the security effectiveness of RFID authentication protocols against such types of attacks. For this purpose, we classify the different threats that can target an ECC-based RFID system. After that, we present the most promising ECC-based protocols released during 2014–2021 by underlining their advantages and disadvantages. Finally, we perform a comparative study between the different protocols mentioned regarding network and side-channel attacks, as well as their implementation costs to find the optimal one to use in future works.