ETAP: Enable Lightweight Anonymous RFID Authentication with O(1) Overhead

Radio frequency identification (RFID) technologies are making their way into retail products, library books, debit cards, passports, driver licenses, car plates, medical devices, etc. The widespread use of tags in traditional ways of deployment raises a privacy concern: They make their carriers trackable. To protect the privacy of the tag carriers, we need to invent new mechanisms that keep the usefulness of tags while doing so anonymously. Many tag applications such as toll payment require authentication. This paper studies the problem of anonymous authentication. Since low-cost tags have extremely limited hardware resource, we propose an asymmetric design principle that pushes most complexity to more powerful RFID readers. Thus, we develop a lightweight technique that generates dynamic tokens for anonymous authentication. Instead of implementing complicated and hardware-intensive cryptographic hash functions, our authentication protocol only requires tags to perform several simple and hardware-efficient operations such as bitwise XOR, one-bit left circular shift, and bit flip. The theoretic analysis and randomness tests demonstrate that our protocol can ensure the privacy of the tags. Moreover, our protocol reduces the communication overhead and online computation overhead to O(1) per authentication for both tags and readers, which compares favorably with the prior art.