Abstract
In this work, we consider privacy in Radio Frequency IDentification (RFID) systems. Our contribution is twofold: (i) We propose a simple, formal definition of strong privacy useful for basic analysis of RFID systems, as well as a different (weaker) definition applicable to multiverifier systems; (ii) We apply our definition to reveal vulnerabilities in several proposed privacy-enhancing RFID protocols; and (iii) We formally analyze and suggest improvements to hash-locks, one of the first privacy-enhancing RFID protocols in the literature.
- Alien Technology. 2005. Alien Technology Corporation achieves another step toward pervasive, economic RFID with announcement of 12.9 cent RFID labels. Alien Technology Press release. http://www.alientechnology.com.Google Scholar
- Avoine, G. 2005. Adversarial model for radio frequency identification. Cryptology ePrint Archive. Report 2005/049. http://eprint.iacr.orgGoogle Scholar
- Avoine, G. 2006. Security and privacy in RFID systems. http://lasecwww.ep.ch/figavoine/rfid/.Google Scholar
- Avoine, G., Dysli, E., and Oechslin, P. 2005. Reducing time complexity in RFID systems. In Proceedings of the 12th Annual Workshop on Selected Areas in Cryptography (SAC'05). Springer-Verlag, Berlin. Google ScholarDigital Library
- Avoine, G. and Oechslin, P. 2005a. RFID traceability: A multilayer problem. In Proceedings of the 9th International Conference on Financial Cryptography and Data Security (FC'05). Springer-Verlag, Berlin, 125--140. Google ScholarDigital Library
- Avoine, G. and Oechslin, P. 2005b. A scalable and provably secure hash based RFID protocol. In Proceedings of the 2nd IEEE International Workshop on Pervasive Computing and Communication Security (PerSec'05). IEEE, Los Alamitos, CA, 110--114. Google ScholarDigital Library
- Burmester, M., van Le, T., and de Medeiros, B. 2006. Provably secure ubiquitous systems: Universally composable RFID authentication protocols. http://eprint.iacr.org/2006/131.pdf.Google Scholar
- Canetti, R. Universally composable security: A new paradigm for cryptographic protocols. IACR ePrint Report 2000/067. http://eprint.iacr.org/2000/067Google Scholar
- Engberg, S., Harning, M., and Jensen, C. 2004. Zero-knowledge device authentication: Privacy and security enhanced RFID preserving business value and consumer convenience. In Proceedings of the 2nd Annual Conference on Privacy, Security, and Trust. IEEE, Los Alamitos, CA.Google Scholar
- Fishkin, K. P., Roy, S., and Jiang, B. 2004. Some methods for privacy in RFID communication. In Proceedings of the 1st European Workshop on Security in Ad-Hoc and Sensor Networks (ESAS'04). Springer, Berlin. Google ScholarDigital Library
- Golle, P., Jakobsson, M., Juels, A., and Syverson, P. 2004. Universal re-encryption for mixnets. In Proceedings of the Cryptographers' Track RSA Conference (CT-RSA). Springer, Berlin, 163--178.Google Scholar
- Hellman, M. 1980. A cryptanalytic time-memory tradeoff. IEEE Trans. Inf. Theor. 26, 401--406.Google ScholarDigital Library
- Juels, A. 2004. Minimalist cryptography for low-cost RFID tags. In Proceedings of the 4th International Conference on Security in Communication Networks (SCN'04). Springer-Verlag, Berlin, 149--164. Google ScholarDigital Library
- Juels, A. 2006. RFID security and privacy: A research survey. IEEE J. Sel. Areas Comm. 24, 2. Google ScholarDigital Library
- Juels, A., Rivest, R., and Szydlo, M. 2003. The blocker tag: Selective blocking of RFID tags for consumer privacy. In Proceedings of the 8th ACM Conference on Computer and Communications Security. ACM, New York, 103--111. Google ScholarDigital Library
- Kahn, F. 2005. Can zero-knowledge tags protect privacy? RFID J. http://www.rfidjournal.com/article/articleview/1891/1/1/.Google Scholar
- Kinoshita, A., Ohkubo, M., Hoshino, F., Morohashi, G., Shionoiri, O., and Kanai, A. 2005. Privacy enhanced active RFID tag. In Proceedings of the International Workshop on Exploiting Context Histories in Smart Environments. Springer-Verlag, Berlin.Google Scholar
- Molnar, D., Soppera, A., and Wagner, D. 2005. A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In Proceedings of the 12th Annual Workshop on Selected Areas in Cryptography (SAC'05). Springer-Verlag, Berlin. Google ScholarDigital Library
- Molnar, D. and Wagner, D. 2004. Privacy and security in library RFID: Issues, practices, and architectures. In Proceedings of the ACM Conference on Communications and Computer Security. ACM, New York, 210--219. Google ScholarDigital Library
- Nohara, Y., Inoue, S., Baba, K., and Yasuura, H. 2005. Quantitative evaluation of unlinkable ID matching schemes. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES'05). ACM, New York. Google ScholarDigital Library
- O'Connor, M. 2006. EPC tags subject to phone attacks. RFID J. http://www1.rfidjournal.com/article/articleview/2167/1/1.Google Scholar
- Oechslin, P. 2003. Making a faster cryptanalytic time-memory trade-off. In Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques. Springer-Verlag, Berlin, 617--630.Google ScholarCross Ref
- Ohkubo, M., Suzuki, K., and Kinoshita, S. 2004. Efficient hash-chain-based RFID privacy protection scheme. In Proceedings of the International Conference on Ubiquitous Computing. Springer-Verlag, Berlin.Google Scholar
- Tsudik, G. 2006a. Personal communication.Google Scholar
- Tsudik, G. 2006b. YA-TRAP: Yet another trivial RFID authentication protocol. In Proceedings of the 4th Annual Conference on Pervasive Computing and Communications (PerCom'06). IEEE, Los Alamitos, CA. Google ScholarDigital Library
- Weis, S., Sarma, S., Rivest, R., and Engels, D. 2003. Security and privacy aspects of low-cost radio frequency identification systems. In Proceedings of the International Conference on Security in Pervasive Computing (SPC'03). Springer-Verlag, Berlin, 454--469.Google Scholar
Index Terms
- Defining strong privacy for RFID
Recommendations
RFID privacy: relation between two notions, minimal condition, and efficient construction
CCS '09: Proceedings of the 16th ACM conference on Computer and communications securityPrivacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the ...
Defining Strong Privacy for RFID
PERCOMW '07: Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications WorkshopsIn this work, we consider privacy in Radio Frequency IDentification (RFID) systems. Our contribution is twofold: (1) We propose a simple, formal definition of strong privacy useful for basic analysis of RFID systems, as well as a different (weaker) ...
A Novel Anonymous RFID Authentication Protocol Providing Strong Privacy and Security
MINES '10: Proceedings of the 2010 International Conference on Multimedia Information Networking and SecurityAs the radio frequency identification (RFID) technology continues to evolve and mature, RFID tags can be implemented in a wide range of applications. Due to the shared wireless medium between the RFID reader and the RFID tag, however, adversaries can ...
Comments