Lightweight RFID Authentication With Forward and Backward Security

This paper proposes a lightweight RFID authentication protocol that supports forward and backward security. The only cryptographic mechanism that this protocol uses is a PseudoRandom Number Generator (PRNG) that is shared with the backend Server. Authentication is achieved by exchanging a few numbers (3 or 5) drawn from the PRNG. The lookup time is constant, and the protocol can be easily adapted to prevent online man-in-the-middle relay attacks. Security is proven in the UC security framework.