Abstract
Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions in the literature: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the unpredictability of the output of an RFID protocol, denoted as unp-privacy. In this article, we first revisit the existing unpredictability-based RFID privacy models and point out their limitations. We then propose a new RFID privacy model, denoted as unp*-privacy, based on the indistinguishability of a real tag and a virtual tag. We formally clarify its relationship with the ind-privacy model. It is proven that ind-privacy is weaker than unp*-privacy. Moreover, the minimal (necessary and sufficient) condition on RFID tags to achieve unp*-privacy is determined. It is shown that if an RFID system is unp*-private, then the computational power of an RFID tag can be used to construct a pseudorandom function family provided that the RFID system is complete and sound. On the other hand, if each tag is able to compute a pseudorandom function, then the tags can be used to construct an RFID system with unp*-privacy. In this sense, a pseudorandom function family is the minimal requirement on an RFID tag's computational power for enforcing RFID system privacy. Finally, a new RFID mutual authentication protocol is proposed to satisfy the minimal requirement.
- Ateniese, G., Camenisch, J., and de Medeiros, B. 2005. Untraceable RFID tags via insubvertible encryption. In Proceedings of the ACM Conference on Computer and Communications Security. 92--101. Google ScholarDigital Library
- Avoine, G. 2005. Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049. http://eprint.iacr.org/.Google Scholar
- Avoine, G., Dysli, E., and Oechslin, P. 2005. Reducing time complexity in RFID systems. In Proceedings of the 12th Annual Workshop on Selected Areas in Cryptography. 291--306. Google ScholarDigital Library
- Bogdanov, A., Knudsen, L. R., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., Seurin, Y., and Vikkelsoe, C. 2007. PRESENT: An ultra-lightweight block cipher. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems. 450--466. Google ScholarDigital Library
- Chien, H.-Y. and Chen, C.-H. 2007. Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards. Comput. Stand. Interf. 29, 2, 254--259. Google ScholarDigital Library
- Damgärd, I. and Pedersen, M. O. 2008. RFID security: Tradeoffs between security and efficiency. In Proceedings of the Cryptographers' Track of the RSA Conference. 318--332. Google ScholarDigital Library
- Duc, D. N., Park, J., Lee, H., and Kim, K. 2006. Enhancing security of EPCglobal gen-2 RFID tag against traceability and cloning. In Proceedings of the Symposium on Cryptography and Information Security.Google Scholar
- Eisenbarth, T., Kumar, S., Paar, C., Poschmann, A., and Uhsadel, L. 2007. A survey of lightweight-cryptography implementations. IEEE Des. Test. Comput. 24, 6, 522--533. Google ScholarDigital Library
- Feldhofer, M., Wolkerstorfer, J., and Rijmen, V. 2005. AES implementation on a grain of sand. IEE Proc. Inform. Sec. 152, 1, 13--20.Google ScholarCross Ref
- Garfinkel, S. L., Juels, A., and Pappu, R. 2005. RFID privacy: An overview of problems and proposed solutions.IEEE Sec. Priv. 3, 3, 34--43. Google ScholarDigital Library
- Goldreich, O., Goldwasser, S., and Micali, S. 1986. How to construct random functions. J. ACM 33, 4, 792--807. Google ScholarDigital Library
- Ha, J., Moon, S.-J., Zhou, J., and Ha, J. 2008. A new formal proof model for RFID location privacy. In Proceedings of the European Symposium on Research in Computer Security (ESORICS). 267--281. Google ScholarDigital Library
- Hopper, N. J. and BLUM, M. 2001. Secure human identification protocols. In Proceedings of the Annual Cryptology Conference (ASIACRYPT). 52--66. Google ScholarDigital Library
- Juels, A. 2004. Minimalist cryptography for low-cost RFID tags. In Proceedings of the Conference on Security in Communication Networks. 149--164. Google ScholarDigital Library
- Juels, A. 2006. RFID security and privacy: a research survey. IEEE J. Select. Areas Comm. 24, 2, 381--394. Google ScholarDigital Library
- Juels, A., Pappu, R., and Parno, B. 2008. Unidirectional key distribution across time and space with applications to RFID security. In Proceedings of the USENIX Security Symposium. 75--90. Google ScholarDigital Library
- Juels, A., Rivest, R. L., and Szydlo, M. 2003. The blocker tag: selective blocking of RFID tags for consumer privacy. In Proceedings of the ACM Conference on Computer and Communications Security. 103--111. Google ScholarDigital Library
- Juels, A. and Weis, S. A. 2005. Authenticating pervasive devices with human protocols. In Proceedings of the Annual Cryptology Conference (CRYPTO). 293--308. Google ScholarDigital Library
- Juels, A. and Weis, S. A. Defining strong privacy for RFID. In Proceedings of the IEEE Pervasive Computing and Communication Conference. 342--347. Google ScholarDigital Library
- Karthikeyan, S. and Nesterenko, M. 2005. RFID security without extensive cryptography. In Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks. 63--67. Google ScholarDigital Library
- Katz, J. and Shin, J. S. 2006. Parallel and concurrent security of the hb and hb+ protocols. In Proceedings of the Annual Cryptology Conference (EUROCRYPT).73--87. Google ScholarDigital Library
- Konidala, D. M., Kim, Z., and Kim, K. 2007. A simple and cost-effective RFID tag-reader mutual authentication scheme. In Proceedings of the Conference on RFID Security. 141--152.Google Scholar
- Kumar, S. and Paar, C. 2006. Are standards compliant elliptic curve cryptosystems feasible on RFID? In Proceedings of the Workshop on RFID Security.Google Scholar
- Ma, C., Li, Y., Deng, R. H., and Li, T. 2009. RFID privacy: relation between two notions, minimal condition, and efficient construction. In Proceedings of the ACM Conference on Computer and Communications Security. 54--65. Google ScholarDigital Library
- Molnar, D. and Wagner, D. 2004. Privacy and security in library RFID: issues, practices, and architectures. In Proceedings of the ACM Conference on Computer and Communications Security. 210--219. Google ScholarDigital Library
- Ng, C. Y., Susilo, W., Mu, Y., and Safavi-Naini, R. 2008. RFID privacy models revisited. In Proceedings of the European Symposium on Research in Computer Security. 251--266. Google ScholarDigital Library
- Ohkubo, M., Suzuki, K., and Kinoshita, S. 2004. Efficient hash-chain based RFID privacy protection scheme. In Proceedings of the International Conference on Ubiquitous Computing—Ubicomp, Workshop Privacy: Current Status and Future Directions.Google Scholar
- Paise, R.-I. and Vaudenay, S. 2008. Mutual authentication in RFID: security and privacy. In Proceedings of the Asian Conference on Computer Security. 292--299. Google ScholarDigital Library
- Peris-Lopez, P., Castro, J. C. H., Estevez-Tapiador, J. M., and Ribagorda, A. 2006. RFID systems: A survey on security threats and proposed solutions. In Proceedings of the 11th IFIP International Conference on Personal Wireless Communications. 159--170. Google ScholarDigital Library
- Peris-Lopez, P., Li, T., Tong Lee, L., Hernandez-Castro, J. C., and Estevez-Tapiador, J. M. 2008. Vulnerability analysis of a mutual authentication scheme under the EPC Class-1 Generation-2 Standard. In Proceedings of the Workshop on RFID Security.Google Scholar
- Samarati, P. and Sweeney, L. 1998. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Tech. rep., SRI International.Google Scholar
- Sarma, S. E., Weis, S. A., and Engels, D. W. 2003. Radio-frequency identification: Security risks and challenges. Crytobytes, RSA Labs. 6, 1, 2--9.Google Scholar
- Spiekermann, S. and Evdokimov, S. 2009. Privacy enhancing technologies for RFID—A critical investigation of state of the art research. IEEE Priv. Sec.Google Scholar
- Tsudik, G. 2006. YA-TRAP: Yet another trivial RFID authentication protocol. In Proceedings of the Intemational Conference on Pervasive Computing and Communications. 640--643. Google ScholarDigital Library
- Tsudik, G. 2007. A family of dunces: Trivial RFID identification and authentication protocols. In Proceedings of the 7th International Conference on Privacy Enhancing Technologies. 45--61. Google ScholarDigital Library
- van Deursen, T. and Radomirovic, S. 2008. Attacks on RFID protocols. Cryptology ePrint Archive, Report 2008/310. http://eprint.iacr.org/.Google Scholar
- van Deursen, T. and Radomirovic, S. 2009. On a new formal proof model for RFID location privacy, Inform. Process. Lett. 110, 2, 57--61. Google ScholarDigital Library
- Vaudenay, S. 2007. On privacy models for RFID. In Proceedings of the Annual Cryptology Conference (ASIACRYPT'07). K. Kurosawa, Ed., Lecture Notes in Computer Science, vol. 4833, Springer, 68--87. Google ScholarDigital Library
Index Terms
- On two RFID privacy notions and their relations
Recommendations
RFID privacy: relation between two notions, minimal condition, and efficient construction
CCS '09: Proceedings of the 16th ACM conference on Computer and communications securityPrivacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the ...
RFID: The Next Serious Threat to Privacy
Radio Frequency Identification, or RFID, is a technology which has been receiving considerable attention as of late. It is a fairly simple technology involving radio wave communication between a microchip and an electronic reader, in which an ...
Impossibility results for RFID privacy notions
Transactions on computational science XIRFID systems have become increasingly popular and are already used in many real-life applications. Although very useful, RFIDs introduce privacy risks since they carry identifying information that can be traced. Hence, several RFID privacy models have ...
Comments