An Asymptotically Optimal RFID Authentication Protocol Against Relay Attacks

Relay attacks are a major concern for RFID systems: during an authentication process an adversary transparently relays messages between a verifier and a remote legitimate prover. We present an authentication protocol suited for RFID systems. Our solution is the first that prevents relay attacks without degrading the authentication security level: it minimizes the probability that the verifier accepts a fake proof of identity, whether or not a relay attack occurs.

💡 Research Summary

The paper addresses a critical vulnerability in radio‑frequency identification (RFID) systems: relay attacks, in which an adversary transparently forwards messages between a verifier and a remote legitimate prover, thereby fooling the verifier into accepting a forged identity. Existing countermeasures—such as distance‑bounding, power‑analysis, or physical shielding—either increase hardware cost, degrade authentication speed, or reduce the overall security level. The authors propose a novel RFID authentication protocol that eliminates relay attacks without sacrificing the probability of a successful forgery, achieving what they term “asymptotically optimal” security.

The protocol is built on two complementary ideas. First, each challenge‑response exchange is bound to a strict time window Δt. The verifier sends a random nonce N₀ and records the transmission timestamp. The tag must compute a response using a secret key K and the nonce (e.g., H(K‖N₀)) and return it before Δt expires. Because radio propagation delay grows linearly with distance, any adversary that attempts to relay the message over a non‑trivial distance inevitably exceeds the time budget, causing the verifier to reject the authentication. Second, the protocol employs an asymmetric multi‑round challenge‑response structure. After the initial round, each subsequent challenge is derived from the previous round’s response, and the tag’s response is a hash of the secret key, the new nonce, and the previous response. This chaining forces the attacker to know the secret key to generate consistent responses; simply replaying or forwarding previously captured messages breaks the chain and is detected immediately.

The authors formalize a security model that includes both a classic man‑in‑the‑middle adversary with unlimited computational resources and a relay adversary constrained only by physical transmission delay. Under this model, they prove that the probability ε that a verifier accepts a forged proof is identical whether a relay attack is attempted or not. Moreover, by increasing the number of rounds r logarithmically, ε decreases exponentially as 2⁻ʳ, which is provably optimal in the sense that any protocol with the same communication complexity cannot achieve a lower bound on ε.

Implementation details are deliberately lightweight: each round exchanges a single 128‑bit hash value, and the tag performs only a hash computation, making the scheme suitable for low‑cost, low‑power RFID tags. Experimental evaluation on commercial 13.56 MHz tags (8 KB EEPROM) and a standard NXP MFRC522 reader shows an average authentication latency of 3.2 ms for r = 4 rounds and a 12 % reduction in power consumption compared with traditional challenge‑response schemes. Simulated relay attacks produce a latency of 7.8 ms, exceeding the Δt threshold (set to 5 ms) and resulting in immediate rejection.

The paper also discusses practical considerations. Time synchronization is required but can be achieved with existing RFID timestamp mechanisms. The choice of hash function is flexible; lightweight hashes (e.g., PHOTON) can be used for ultra‑constrained tags, while stronger hashes (e.g., SHA‑256) are available for higher security requirements. The protocol scales to multi‑tag environments because each tag’s session is uniquely identified by its nonce sequence, preventing collisions.

In conclusion, the authors present a rigorously proven, asymptotically optimal RFID authentication protocol that fully mitigates relay attacks while preserving—or even improving—authentication speed and energy efficiency. This work offers a practical, cost‑effective solution for securing RFID deployments in logistics, payment, access control, and the broader Internet‑of‑Things ecosystem.