Elsevier

Ad Hoc Networks

Volume 37, Part 2, February 2016, Pages 195-208
Ad Hoc Networks

Key evolving RFID systems: Forward/backward privacy and ownership transfer of RFID tags

https://doi.org/10.1016/j.adhoc.2015.08.019Get rights and content

Abstract

RFID, which stands for Radio Frequency Identification, is a relatively new technology often envisioned as an enabler of the Internet of Things. The widespread use of this technology, however, introduces many security and privacy risks since tags contain information that can be easily obtained by anyone with a reader. Eventually this can lead to tracking of users, profiling and violation of their basic right to privacy.

In this work we make an important step in providing for RFID privacy by letting users control all the tags they possess. The moment a person buys a tagged object and becomes the owner of it, no one should be able to find any information about the object or have access to the tag. We do this by developing and formalizing the notion of a key-evolving RFID system. In particular, (i) we explain how such a system can be made forward secure using pseudo-random generators and functions, (ii) we derive concrete results based on the security of the underlying primitives, and (iii), we explain how this can be realized in practice using a protocol that achieves secure ownership transfer and controlled delegation without relying on Trusted Third Parties.

Introduction

Radio Frequency Identification uses small devices called RFID tags to remotely access and retrieve data stored in objects. Such embedded tags can have remarkable applications. At a smaller scale they can improve efficiency in inventory control, logistics and supply chain management. At a larger scale, they can enable the creation of an entirely new network, an Internet of Things, which can be used to promote access and connectivity for anything.

RFID provides a simple, unobtrusive and cost-effective system of item identification, connecting everyday objects and devices to large databases and networks. This technology will allow the interaction with physical objects and everyday items, turning the static objects of today into dynamic and intelligent ones. This can lead to the creation of innovative products and services, thus enabling new forms of communication between people and their environments as well as between objects themselves [1].

Applications of RFID technology are numerous; they include toll collection, supply-chain management, counterfeiting control, patient and child monitoring, and so on. E-government applications are well under development that include RFID in driver licences, passports or cash. RFID readers are already embedded in mobile phones. Advances in smart homes, personal robotics and wearable computing are also areas that will benefit the most from RFID deployment, eventually contributing to the vision of a fully interactive environment [2].

However, the use of this technology introduces serious privacy risks. As RFID tags respond to any reader request, even without knowledge of the owner, data stored in them can easily be retrieved by readers placed in strategic locations (entrance of buildings, points of interest in the city, and so on). This, in turn, may lead to tracking and profiling of individuals by the tags contained in the objects they carry [3], [4], [5]. Unfortunately, the scale and capacity of these new technologies can intensify this problem since invisible data exchange between things and people, or between things themselves, may occur without the consent of the owners and originators of such data. The question then becomes: Who will control the data collected by all these devices embedded in the surrounding environment?

This problem is further magnified by the ever-increasing use of RFID objects in personal environments, where mobile RFID readers (e.g. embedded in mobile phones [6]) can interact with home appliances, thus enabling a more natural interaction between users and their home devices. It should be clear that the use of a centralized model where tag responses must be conveyed to some company database in order to be interpreted by the reader creates serious privacy and trust issues. In this work, we develop protocols specifically tailored for such personal environments where users, by means of their personal readers, directly own tags, thus removing the need of Trusted Third Parties required in centralized models.

Our contribution: As a first step towards RFID privacy, we feel that anyone in possession of RFID-tagged items should be in complete control of the tags they carry. Additionally, we believe the vision of Internet of Things will be severely limited if it does not allow for the possibility of transferring objects to new owners without violating the privacy of past ones. However, the existing model makes the implicit assumption that the old and new owners must trust the same central database which by default controls all tag secrets. Hence tracking is still possible.

This paper extends and improves our prior work in [7] with significant new material. Our contributions can be summarized by the following: (i) We formalize the notion of a key-evolving RFID system that can be used to guarantee the concept of forward privacy. (ii) We show how such systems can be built using basic RFID systems and forward secure pseudo-random number generators or pseudo-random functions by showing how their security reduces to the security of the underlying primitives. (iii) We extend our solution and propose a realistic implementation of a system that guarantees owner privacy. This system additionally provides for controlled delegation and authorization recovery which are properties particularly useful for after-sales and maintenance services. (iv) Finally, we thoroughly analyze the security of this proposal and we show how it ensures the privacy of both new and past owners based on a set of realistic assumptions.

Paper organization: The rest of the paper is organized as follows. In Section 2, we discuss related work and summarize previous efforts in providing for forward privacy and ownership transfer in RFID systems. In Section 3, we present a typical architecture of an RFID system, we motivate the need for forward privacy and discuss the threats that can be applied when tags can change owners. The definition and the security proofs for key-evolving, forward-secure RFID systems appear in Sections 4 and 5. Based on this, a realistic implementation is shown in Section 6. Finally, Section 7 concludes this work.

Section snippets

Related work

The problem of RFID privacy1 has been considered extensively in the literature but only a few works have examined ownership transfer of RFID tags.

In [8], an ownership transfer scheme has been proposed based on a tree of secret keys where each tag is preloaded with all the keys corresponding to the path from the root to the tag. When queried by a reader, tags generate a response from each such key

Threat model, assumptions and design goals

A typical architecture of an RFID system includes RFID tags, readers and a back-end database (Fig. 1). An RFID device carries an antenna and a radio transceiver, which read the radio frequency and transfer some piece of information to the reader. This information is subsequently passed to the back-end database which helps identify the tag and return relevant information about the tagged object.

Basic privacy for RFID tags

In this section we formalize the notion of privacy in RFID tags. We follow the model proposed in [25] that is based on indistinguishability of tag responses (a closely related model is the one proposed in [26]). The idea is that an RFID protocol is considered private if an adversary cannot differentiate between two different tags within the limits of its computational power and number of queries. For completeness, we briefly review the basic privacy model of [25]. Then, in Section 5, we provide

Forward privacy for RFID tags

A key-evolving RFID systemFS=(Keys, Update, R,{Ti})consists of a reader R,a set of n tags {Ti},a key generation function Keys and a key update function Update which can be used to update the key of any tag Ti. The scheme then evolves into stages, and in stage jthe reader and Tiuse a key denoted by kij. Each stage key kijis obtained from the previous key kij1with the application of the deterministic update algorithm as in kijFS.Update(Ti,kij1).

When such update operation is performed

Ownership transfer made easy

So far we have showed that if the underlying basic system is secure (Section 4) and the reader and a tag share some state S which can both update using either a PRG or a PRF (Section 5), then the resulting system is forward secure. Thus, even if some adversary has compromised a tag now, past transactions with this tag remain secure.

However, this discussion implicitly assumed that Update creates the next key concurrently at both reader and tag without going into the details as to how these

Conclusions

In this work we have formalized the notion of key-evolving RFID systems using PRGs and PRFs that can be proven to be forward secure. We have derived concrete results based on the security of the underlying primitives and presented a simple, yet realistic protocol that allows users to securely own and transfer RFID tags. The protocol ensures forward and backward privacy and protection against a number of attacks such as tracking, impersonation, desynchronization and so on. Additionally, the

Acknowledgment

The author would like to thank the anonymous reviewers for their useful comments that helped improve the paper considerably.

Tassos Dimitriou is currently affiliated with the Department of Computer Engineering at Kuwait University (KU) and the Research and Academic Computer Technology Institute (CTI), Greece. Prior to that he was an Associate Professor at Athens Information Technology, Greece (AIT), where he was leading the Algorithms and Security group, and adjunct Professor in Carnegie Mellon University, USA, and Aalborg University, Denmark. Dimitriou contacts research in areas spanning from the theoretical

References (40)

  • D. Molnar et al.

    A scalable, delegatable pseudonym protocol enabling ownership transfer of rfid tags

    SAC

    (2005)
  • T. Dimitriou

    A secure and efficient rfid protocol that could make big brother (partially) obsolete

    Proceeings of the 4th IEEE International Conference on Pervasive Computer and Communications (PerCom)

    (2006)
  • K. Nohl et al.

    Quantifying information leakage in tree-based hash protocols

    Proceeings of the 8th International Conference on Information and Communications Security (ICICS)

    (2006)
  • K. Osaka et al.

    An efficient and secure rfid security method with ownership transfer

    Proceeings of the IEEE International Conference on Computational Intelligence and Security (CIS’06)

    (2006)
  • C.H. Lim et al.

    Strong and robust rfid authentication enabling perfect ownership transfer

    Proceeings of the 8th International Conference on Information and Communications Security (ICICS ’06)

    (December 2006)
  • R.C.-W. Phany et al.

    Privacy analysis of forward and backward untraceable rfid authentication schemes

    Wirel. Pers. Commun.

    (November 2011)
  • C. Berbain et al.

    An efficient forward private rfid protocol

    Proceedings of the 16th ACM conference on Computer and Communications Security

    (2009)
  • M. Ohkubo et al.

    Cryptographic Approach to Privacy-friendly Tags

    RFID Privacy Workshop

    (2003)
  • O. Billet et al.

    Lightweight privacy preserving authentication for RFID using a stream cipher

    Proceedings of Fast Software Encryption (FSE 2010)

    (2010)
  • M.R.S. Abyaneh

    On the privacy of two tag ownership transfer protocols for rfids

    Proceedings of the International Conference for Internet Technology and Secured Transactions

    (2011)
  • Cited by (24)

    • A novel group ownership transfer protocol for RFID systems

      2019, Ad Hoc Networks
      Citation Excerpt :

      However, in 2016, Shen et al. [34] analyzed Chen et al.’s work and identified some weaknesses such as vulnerability to server spoofing attacks and replay attacks. As RFID applications keep gaining popularity along the years, many ownership transfer protocols have been developed and proposed, and most of these protocols deal with ownership transfer one tag at a time [5,7,11,13,14,22,25,28,29,45] with only few exceptions that aim to offer group ownership transfer service [19,20,38,42,45]. Let's talk about the ownership transfer protocols for single tags first.

    • Security enhancement on an RFID ownership transfer protocol based on cloud

      2019, Future Generation Computer Systems
      Citation Excerpt :

      Generally speaking, performance can be analyzed by complexity or experiment. Here, we analyze the cost-effectiveness complexity performance of the proposed ownership transfer protocol and compare it with four related ownership transfer protocols including Doss et al.’s protocol [10], Sundaresan et al.’s protocol [17], Dimitriou’s protocol [9], and Cao et al.’s protocol [7]. The performance comparison results are shown in Table 6.

    • Design and Research of IOT Based Logistics Warehousing and Distribution Management System

      2023, Lecture Notes on Data Engineering and Communications Technologies
    • Narrow privacy and desynchronization in Vaudenay’s RFID model

      2022, International Journal of Information Security
    • Privacy-Preserving Authenticated Key Exchange for Constrained Devices

      2022, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    View all citing articles on Scopus

    Tassos Dimitriou is currently affiliated with the Department of Computer Engineering at Kuwait University (KU) and the Research and Academic Computer Technology Institute (CTI), Greece. Prior to that he was an Associate Professor at Athens Information Technology, Greece (AIT), where he was leading the Algorithms and Security group, and adjunct Professor in Carnegie Mellon University, USA, and Aalborg University, Denmark. Dimitriou contacts research in areas spanning from the theoretical foundations of cryptography to the design and implementation of leading edge efficient and secure communication protocols. Emphasis is given in authentication and privacy issues for various types of networks (ad hoc, smart dust, RFID, etc.), security architectures for wireless and telecommunication networks and the development of secure applications for networking and electronic commerce. His research in the above fields has resulted in numerous publications, some of which received distinction, and numerous invitations for talks in prestigious conferences. Dimitriou is a senior member of IEEE, ACM and a Fulbright fellow. More information about him can be found in the web page http://tassosdimitriou.com/.

    Research supported by Kuwait University, Research grant no. QE 01/13.

    View full text