Yingjiu Li
Abstract
Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions in the literature: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the unpredictability of the output of an RFID protocol, denoted as unp-privacy. In this article, we first revisit the existing unpredictability-based RFID privacy models and point out their limitations. We then propose a new RFID privacy model, denoted as unp*-privacy, based on the indistinguishability of a real tag and a virtual tag. We formally clarify its relationship with the ind-privacy model. It is proven that ind-privacy is weaker than unp*-privacy. Moreover, the minimal (necessary and sufficient) condition on RFID tags to achieve unp*-privacy is determined. It is shown that if an RFID system is unp*-private, then the computational power of an RFID tag can be used to construct a pseudorandom function family provided that the RFID system is complete and sound. On the other hand, if each tag is able to compute a pseudorandom function, then the tags can be used to construct an RFID system with unp*-privacy. In this sense, a pseudorandom function family is the minimal requirement on an RFID tag's computational power for enforcing RFID system privacy. Finally, a new RFID mutual authentication protocol is proposed to satisfy the minimal requirement.
- Ateniese, G., Camenisch, J., and de Medeiros, B. 2005. Untraceable RFID tags via insubvertible encryption. In Proceedings of the ACM Conference on Computer and Communications Security. 92--101. Google Scholar
Digital Library
- Avoine, G. 2005. Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049. http://eprint.iacr.org/.Google Scholar
- Avoine, G., Dysli, E., and Oechslin, P. 2005. Reducing time complexity in RFID systems. In Proceedings of the 12th Annual Workshop on Selected Areas in Cryptography. 291--306. Google ScholarDigital Library
- Bogdanov, A., Knudsen, L. R., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., Seurin, Y., and Vikkelsoe, C. 2007. PRESENT: An ultra-lightweight block cipher. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems. 450--466. Google ScholarDigital Library
- Chien, H.-Y. and Chen, C.-H. 2007. Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards. Comput. Stand. Interf. 29, 2, 254--259. Google ScholarDigital Library
- Damgärd, I. and Pedersen, M. O. 2008. RFID security: Tradeoffs between security and efficiency. In Proceedings of the Cryptographers' Track of the RSA Conference. 318--332. Google ScholarDigital Library
- Duc, D. N., Park, J., Lee, H., and Kim, K. 2006. Enhancing security of EPCglobal gen-2 RFID tag against traceability and cloning. In Proceedings of the Symposium on Cryptography and Information Security.Google Scholar
- Eisenbarth, T., Kumar, S., Paar, C., Poschmann, A., and Uhsadel, L. 2007. A survey of lightweight-cryptography implementations. IEEE Des. Test. Comput. 24, 6, 522--533. Google ScholarDigital Library
- Feldhofer, M., Wolkerstorfer, J., and Rijmen, V. 2005. AES implementation on a grain of sand. IEE Proc. Inform. Sec. 152, 1, 13--20.Google ScholarCross Ref
- Garfinkel, S. L., Juels, A., and Pappu, R. 2005. RFID privacy: An overview of problems and proposed solutions.IEEE Sec. Priv. 3, 3, 34--43. Google ScholarDigital Library
- Goldreich, O., Goldwasser, S., and Micali, S. 1986. How to construct random functions. J. ACM 33, 4, 792--807. Google ScholarDigital Library
- Ha, J., Moon, S.-J., Zhou, J., and Ha, J. 2008. A new formal proof model for RFID location privacy. In Proceedings of the European Symposium on Research in Computer Security (ESORICS). 267--281. Google ScholarDigital Library
- Hopper, N. J. and BLUM, M. 2001. Secure human identification protocols. In Proceedings of the Annual Cryptology Conference (ASIACRYPT). 52--66. Google ScholarDigital Library
- Juels, A. 2004. Minimalist cryptography for low-cost RFID tags. In Proceedings of the Conference on Security in Communication Networks. 149--164. Google ScholarDigital Library
- Juels, A. 2006. RFID security and privacy: a research survey. IEEE J. Select. Areas Comm. 24, 2, 381--394. Google ScholarDigital Library
- Juels, A., Pappu, R., and Parno, B. 2008. Unidirectional key distribution across time and space with applications to RFID security. In Proceedings of the USENIX Security Symposium. 75--90. Google ScholarDigital Library
- Juels, A., Rivest, R. L., and Szydlo, M. 2003. The blocker tag: selective blocking of RFID tags for consumer privacy. In Proceedings of the ACM Conference on Computer and Communications Security. 103--111. Google ScholarDigital Library
- Juels, A. and Weis, S. A. 2005. Authenticating pervasive devices with human protocols. In Proceedings of the Annual Cryptology Conference (CRYPTO). 293--308. Google ScholarDigital Library
- Juels, A. and Weis, S. A. Defining strong privacy for RFID. In Proceedings of the IEEE Pervasive Computing and Communication Conference. 342--347. Google ScholarDigital Library
- Karthikeyan, S. and Nesterenko, M. 2005. RFID security without extensive cryptography. In Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks. 63--67. Google ScholarDigital Library
- Katz, J. and Shin, J. S. 2006. Parallel and concurrent security of the hb and hb+ protocols. In Proceedings of the Annual Cryptology Conference (EUROCRYPT).73--87. Google ScholarDigital Library
- Konidala, D. M., Kim, Z., and Kim, K. 2007. A simple and cost-effective RFID tag-reader mutual authentication scheme. In Proceedings of the Conference on RFID Security. 141--152.Google Scholar
- Kumar, S. and Paar, C. 2006. Are standards compliant elliptic curve cryptosystems feasible on RFID? In Proceedings of the Workshop on RFID Security.Google Scholar
- Ma, C., Li, Y., Deng, R. H., and Li, T. 2009. RFID privacy: relation between two notions, minimal condition, and efficient construction. In Proceedings of the ACM Conference on Computer and Communications Security. 54--65. Google ScholarDigital Library
- Molnar, D. and Wagner, D. 2004. Privacy and security in library RFID: issues, practices, and architectures. In Proceedings of the ACM Conference on Computer and Communications Security. 210--219. Google ScholarDigital Library
- Ng, C. Y., Susilo, W., Mu, Y., and Safavi-Naini, R. 2008. RFID privacy models revisited. In Proceedings of the European Symposium on Research in Computer Security. 251--266. Google ScholarDigital Library
- Ohkubo, M., Suzuki, K., and Kinoshita, S. 2004. Efficient hash-chain based RFID privacy protection scheme. In Proceedings of the International Conference on Ubiquitous Computing—Ubicomp, Workshop Privacy: Current Status and Future Directions.Google Scholar
- Paise, R.-I. and Vaudenay, S. 2008. Mutual authentication in RFID: security and privacy. In Proceedings of the Asian Conference on Computer Security. 292--299. Google ScholarDigital Library
- Peris-Lopez, P., Castro, J. C. H., Estevez-Tapiador, J. M., and Ribagorda, A. 2006. RFID systems: A survey on security threats and proposed solutions. In Proceedings of the 11th IFIP International Conference on Personal Wireless Communications. 159--170. Google ScholarDigital Library
- Peris-Lopez, P., Li, T., Tong Lee, L., Hernandez-Castro, J. C., and Estevez-Tapiador, J. M. 2008. Vulnerability analysis of a mutual authentication scheme under the EPC Class-1 Generation-2 Standard. In Proceedings of the Workshop on RFID Security.Google Scholar
- Samarati, P. and Sweeney, L. 1998. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Tech. rep., SRI International.Google Scholar
- Sarma, S. E., Weis, S. A., and Engels, D. W. 2003. Radio-frequency identification: Security risks and challenges. Crytobytes, RSA Labs. 6, 1, 2--9.Google Scholar
- Spiekermann, S. and Evdokimov, S. 2009. Privacy enhancing technologies for RFID—A critical investigation of state of the art research. IEEE Priv. Sec.Google Scholar
- Tsudik, G. 2006. YA-TRAP: Yet another trivial RFID authentication protocol. In Proceedings of the Intemational Conference on Pervasive Computing and Communications. 640--643. Google ScholarDigital Library
- Tsudik, G. 2007. A family of dunces: Trivial RFID identification and authentication protocols. In Proceedings of the 7th International Conference on Privacy Enhancing Technologies. 45--61. Google ScholarDigital Library
- van Deursen, T. and Radomirovic, S. 2008. Attacks on RFID protocols. Cryptology ePrint Archive, Report 2008/310. http://eprint.iacr.org/.Google Scholar
- van Deursen, T. and Radomirovic, S. 2009. On a new formal proof model for RFID location privacy, Inform. Process. Lett. 110, 2, 57--61. Google ScholarDigital Library
- Vaudenay, S. 2007. On privacy models for RFID. In Proceedings of the Annual Cryptology Conference (ASIACRYPT'07). K. Kurosawa, Ed., Lecture Notes in Computer Science, vol. 4833, Springer, 68--87. Google ScholarDigital Library
Index Terms
- On two RFID privacy notions and their relations
Recommendations
RFID privacy: relation between two notions, minimal condition, and efficient construction
CCS '09: Proceedings of the 16th ACM conference on Computer and communications securityPrivacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the ...
RFID: The Next Serious Threat to Privacy
Radio Frequency Identification, or RFID, is a technology which has been receiving considerable attention as of late. It is a fairly simple technology involving radio wave communication between a microchip and an electronic reader, in which an ...
Impossibility results for RFID privacy notions
Transactions on computational science XIRFID systems have become increasingly popular and are already used in many real-life applications. Although very useful, RFIDs introduce privacy risks since they carry identifying information that can be traced. Hence, several RFID privacy models have ...
Reviews
Scott Arthur Moody
As radio frequency identification (RFID) technology becomes widespread, such as for high-speed highway toll payments, ensuring user security and privacy is paramount. At issue is the unauthorized accessing of RFID user tags through an adversary RFID reader, with the intent to track or masquerade as the user. The authors describe two RFID privacy-preserving concepts that provide user anonymity and unlinkability of the protocol transcripts of a tag. They describe the difference between "unp-privacy" (based on the unpredictability of a tag) and "ind-privacy" (based on the indistinguishability between two tags). Even though ind-privacy is arguably the correct notation, proven implementations haven't been observed. Thus, the authors provide their own unp*-privacy protocol, which they say implies ind-privacy. This paper provides a very readable layman's explanation of the adversary issues with RFID technology, "including eavesdropping, alteration of communication messages, replay attacks, corruption of tags, and physical or side-channel attacks to tags." Throughout the paper, the authors describe these issues and include the rigor of detailed theorems and proofs. They describe an RFID model, the adversary, and the completeness and soundness of RFID systems. With that RFID model foundation, the authors go on to describe the various limitations of the privacy models. For example, even though the various protocols provide two or three round-trip query communications between a reader and the RFID tag, there are still areas an adversary can exploit. In contrast to other security protocols, large or unlimited amounts of communication are not acceptable here because of the rapid response requirements, such as that car traveling through the toll. In addition, most current privacy flaws occur because the RFID protocols are too lightweight and cannot implement appropriate cryptographic functions. Finally, the authors provide detailed information on their new privacy model, unp*-privacy. They show how an adversary cannot distinguish the output of a real tag from that of a virtual tag without the secret key. This means the number of round-trip queries doesn't affect the protocol's effectiveness. However, in contrast to lightweight protocols, the unp*-privacy protocol requires that each RFID tag must be able to compute a pseudorandom function (PRF) or its equivalent. The authors identify these constraints and define the open problems for finding a minimal condition to enforce ind-privacy in RFID systems. This paper will be valuable to those developing various large-scale RFID systems, like traffic tolling systems, where privacy and anonymity has always been a concern. The described techniques allow developers to create more advanced capabilities, without the issues inherent to the various lightweight and privacy-prone approaches. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments