Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Enhancing RFID Security and Privacy by Physically Unclonable Functions

  • Chapter
  • First Online:
Towards Hardware-Intrinsic Security

Part of the book series: Information Security and Cryptography ((ISC))

  • 3164 Accesses

Abstract

Radio frequency identification (RFID) is a technology that enables RFID readers to perform fully automatic wireless identification of objects that are labeled with RFID tags. Initially, this technology was mainly used for electronic labeling of pallets, cartons, and products to enable seamless supervision of supply chains. Today, RFID technology is widely deployed to many other applications as well, including animal and product identification [2, 42], access control [2, 47], electronic tickets [47] and passports [27], and even human implantation [30].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Note that illegitimate tags created by the \(\ensuremath{\mathsf{CreateTag}}\) oracle are initialized in the same way as legitimate tags with the only difference that their identifier \(\ensuremath{\mathtt{ID}}\) and secret K is not added to the credentials database \(\ensuremath{\mathtt{DB}}\) of \(\ensuremath{\mathcal{R}}\). As shown in [67], an adversary can use such tags to violate the privacy objectives.

  2. 2.

    Note that, in case of PUF-enabled RFID tags, a destructive adversary can corrupt the tag and read out its memory whereas the properties of the PUF ensure that the PUF is destroyed and the adversary does not obtain any information on the PUF.

References

  1. G. Ateniese, J. Camenisch, B. de Medeiros, in Untraceable RFID Tags via Insubvertible Encryption. Proceedings of the 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 7–11 Nov 2005 (ACM Press, 2005), pp. 92–101

    Google Scholar 

  2. Atmel Corporation. Innovative IDIC solutions. http://www.atmel.com/dyn/resources/ prod_documents/doc4602.pdf, 2007

  3. Gildas Avoine. Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049, 2005.

    Google Scholar 

  4. G. Avoine, E. Dysli, P. Oechslin, in Reducing Time Complexity in RFID systems. 12th International Workshop on Selected Areas in Cryptography (SAC), Kingston, ON, Canada, 11–12 Aug 2005. Lecture Notes in Computer Science, vol. 3897 (Springer, Berlin, 2005), pp. 291–306

    Google Scholar 

  5. G. Avoine, C. Lauradoux, T. Martin in When Compromised Readers Meet RFID. The 5th Workshop on RFID Security 2009, Leuven, Belgium, 30 June–2 July, 2009

    Google Scholar 

  6. L. Bolotnyy, G. Robins, in Physically Unclonable Function-Based Security and Privacy in RFID systems. Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications, White Plains, NY, USA, 19–23 Mar 2007 (IEEE Computer Society, Washington, DC, 2007)

    Google Scholar 

  7. M. Burmester, T. van Le, B. de Medeiros, Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols. Proceedings of Second International Conference on Security and Privacy in Communication Networks (SecureComm), Baltimore, MD, USA, 28 Aug–1 Sept 2006 (IEEE Computer Society, Washington, DC, 2006), pp. 1–9

    Google Scholar 

  8. I. Damgård, M. Østergaard, RFID Security: Tradeoffs Between Security and Efficiency. Cryptology ePrint Archive, Report 2006/234, 2006

    Google Scholar 

  9. P. D’Arco, A. Scafuro, I. Visconti, in Revisiting DoS Attacks and Privacy in RFID-Enabled Networks. Proceedings of ALGOSENSORS, Rhodes, Greece, 10–11 July 2009. Lecture Notes in Computer Science (Springer, July 2009)

    Google Scholar 

  10. P. D’Arco, A. Scafuro, I. Visconti, in Semi-Destructive Privacy in DoS-Enabled RFID Systems. Proceedings of RFIDSec, Leuven, Belgium, 30 June-2 July 2009, July 2009

    Google Scholar 

  11. S. Devadas, E. Suh, S. Paral, R. Sowell, T. Ziola, V. Khandelwal, in Design and Implementation of PUF-Based Unclonable RFID ICs for Anti-counterfeiting and Security Applications. IEEE International Conference on RFID 2008, Las Vegas, NV, USA, 16–17 April, 2008 (IEEE Computer Society, 2008), pp. 58–64

    Google Scholar 

  12. T. Dimitriou, in A Lightweight RFID Protocol to Protect Against Traceability and Cloning Attacks. Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm) Athens, Greece, 5–9 Sept 2005 (IEEE Computer Society, 2005), pp. 59–66

    Google Scholar 

  13. Y. Dodis, L. Reyzin, A. Smith, Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2–6 May, 2004, Proceedings. Lecture Notes in Computer Science, vol. 3027 (Springer, 2004), pp. 523–540

    Google Scholar 

  14. Y. Dodis, L. Reyzin, A. Smith, in Security with Noisy Data, chapter Fuzzy Extractors, (Springer, 2007), pp. 79–99

    Google Scholar 

  15. EPCglobal Inc. Object Naming Service (ONS), version 1.0, October 2005

    Google Scholar 

  16. EPCglobal Inc. Web site of EPCglobal Inc http://www.epcglobalinc.org/, April 2008

  17. K. Finkenzeller, RFID-Handbook 2nd edn. (Carl Hanser Verlag, Munich, Germany, Apr 2003). Translated from the 3rd German edition by Rachel Waddington, Swadlincote, UK

    Book  Google Scholar 

  18. D. Frumkin, A. Shamir, Un-Trusted-HB: Security Vulnerabilities of Trusted-HB. Cryptology ePrint Archive, Report 2009/044, 2009

    Google Scholar 

  19. B. Gassend, D. Clarke, M. van Dijk, S. Devadas, in Controlled Physical Random Functions. Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, NV, USA, 9–13 Dec 2002 (IEEE Computer Society, 2002), pp. 149–160

    Google Scholar 

  20. H. Gilbert, M. Robshaw, H. Silbert, An Active Attack Against HB+ — A Provable Secure Leightweight Authentication Protocol. Cryptology ePrint Archive, Report 2007/237, 2007

    Google Scholar 

  21. H. Gilbert, M.J.B. Robshaw, Y. Seurin, in Good Variants of HB+ Are Hard to Find. in G. Tsudik. Financial Cryptography and Data Security, 12th International Conference, FC 2008, Cozumel, Mexico, 28–31 Jan 2008, Revised Selected Papers. Lecture Notes in Computer Science, (Springer, 2008), pp. 156–170

    Google Scholar 

  22. P. Golle, M. Jakobsson, A. Juels, P. Syverson, in Universal Re-encryption for Mixnets. The Cryptographers’ Track at the RSA Conference 2004, Proceedings. Lecture Notes in Computer Science, San Francisco, CA, USA, 23–27 Feb 2004 (Springer, 2004), pp. 163–178.

    Google Scholar 

  23. J.H. Ha, S.J. Moon, J. Zhou, J.C. Ha, A new formal proof model for RFID location privacy. In Jajodia and Lopez (28), pp. 267–281

    Google Scholar 

  24. D. Henrici, P. Müller, in Hash-Based Enhancement of Location Privacy for Radio-Frequency Identification Devices Using Varying Identifiers. Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, Orlando, FL, USA, 14–17 Mar 2004 (IEEE Computer Society, 2004), pp. 149–153

    Google Scholar 

  25. D.E. Holcomb, W.P. Burleson, K. Fu, Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags. Conference on RFID Security 2007, Malaga, Spain, 11–13 July 2007

    Google Scholar 

  26. M. Hutter, J.-M. Schmidt, T. Plos, RFID and Its Vulnerability to Faults. 10th International Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2008, Washington, DC, USA, 10–13 Aug 2008, Proceedings. Lecture Notes in Computer Science, vol. 5154 (Springer, 2008), pp. 363–379

    Google Scholar 

  27. I.C.A. Organization. Machine Readable Travel Documents, Doc 9303, Part 1 Machine Readable Passports, 5th edn., 2003

    Google Scholar 

  28. S. Jajodia, J. Lopez (eds.), Computer Security — ESORICS 2008. Lecture Notes in Computer Science, Malaga, Spain, 6–8 Oct 2008, vol. 5283 (Springer, 2008)

    Google Scholar 

  29. A. Juels, in Minimalist Cryptography for Low-Cost RFID Tags (Extended Abstract). 4th International Conference on Security in Communication Networks (SCN) 2004, Revised Selected Papers. Lecture Notes in Computer Science, Amalfi, Italy, 8–10 Sep 2004, vol. 3352 (Springer, 2004), pp. 149–164

    Google Scholar 

  30. A. Juels, in RFID Security and Privacy: A Research Survey. J. Select. Areas Commun. 24(2), 381–395 (Feb 2006)

    Article  MathSciNet  Google Scholar 

  31. A. Juels, R. Pappu, in Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. 7th International Conference on Financial Cryptography (FC) 2003, Revised Papers. Lecture Notes in Computer Science, Gosier, Guadeloupe, FWI, 27–30 Jan 2003, vol. 2742 (Springer, 2003), pp. 103–121

    Google Scholar 

  32. A. Juels, S.A. Weis, Authenticating pervasive devices with human protocols. in Advances in Cryptology — CRYPTO 2005, ed. by V. Shoup. 25th Annual International Cryptology Conference, Santa Barbara, CA, USA, 14–18 Aug 2005, Proceedings. Lecture Notes in Computer Science, vol. 3621 (Springer, 2005), pp. 293–308

    Google Scholar 

  33. A. Juels, S.A. Weis, Defining Strong Privacy for RFID. Cryptology ePrint Archive, Report 2006/137, 2006

    Google Scholar 

  34. J. Katz, in Efficient Cryptographic Protocols Based on the Hardness of Learning Parity with Noise. in S.D. Galbraith. Cryptography and Coding, 11th IMA International Conference, Cirencester, UK, 18–20 Dec 2007, Proceedings. Lecture Notes in Computer Science, vol. 4887 (Springer, 2007), pp. 1–15

    Google Scholar 

  35. J. Katz, J.S. Shin, Parallel and concurrent security of the HB and HB+ protocols. in Advances in Cryptology — EUROCRYPT 2006, ed. by S. Vaudenay. 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, St. Petersburg, Russia, 28 May –1 June 2006, Proceedings. Lecture Notes in Computer Science, vol. 4004 (Springer, 2006), pp. 73–87

    Google Scholar 

  36. J. Katz, A, Smith, Analyzing the HB and HB+ Protocols in the “Large Error” Case. Cryptology ePrint Archive, Report 2006/326, 2006

    Google Scholar 

  37. I. Kirschenbaum, A. Wool, How to Build a Low-Cost, Extended-Range RFID Skimmer. Cryptology ePrint Archive, Report 2006/054, 2006

    Google Scholar 

  38. O. Kömmerling, M.G. Kuhn, in Design Principles for Tamper-Resistant Smartcard Processors. Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, Chicago, IL, 10–11 May 1999

    Google Scholar 

  39. P.C. Kocher, in Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. 16th Annual International Cryptology Conference, Santa Barbara, CA, USA, Proceedings, 18–22 Aug 1996. Lecture Notes in Computer Science, vol. 1109 (Springer, 1996), pp. 104–113

    Google Scholar 

  40. C.H. Lim, T. Kwon, in Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer. 8th International Conference on Information and Communications Security (ICICS), Raleigh, NC, USA, 4–7 Dec 2006. Lecture Notes in Computer Science, vol. 4307 (Springer, 2006), pp. 1–20

    Google Scholar 

  41. S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks Revealing the Secrets of Smart Cards. (Springer, Berlin, 2007)

    MATH  Google Scholar 

  42. D. Molnar, D. Wagner, in Privacy and Security in Library RFID: Issues, Practices, and Architectures. Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington, DC, USA, 25–29 Oct 2004 (ACM Press, 2004), pp. 210–219

    Google Scholar 

  43. M. Neve, E. Peeters, D. Samyde, J.-J. Quisquater, in Memories: A Survey of Their Secure Uses in Smart Cards. Proceedings of the Second IEEE International Security in Storage Workshop, Washington, DC, USA, 31 Oct 2003 (IEEE Computer Society, 2003), pp. 62–72

    Google Scholar 

  44. C.Y. Ng, W. Susilo, Y. Mu, R. Safavi-Naini, in New Privacy Results on Synchronized RFID Authentication Protocols Against Tag Tracing. Proceedings of ESORICS, Saint Malo, France, 21–25 Sept 2009. Lecture Notes in Computer Science, vol. 5789 (Springer, 2009), pp. 321–336

    Google Scholar 

  45. C.Y. Ng, W. Susilo, Y. Mu, R. Safavi-Naini, RFID privacy models revisited. In Jajodia and Lopez (28), pp. 251–256

    Google Scholar 

  46. NXP Semiconductors. MIFARE Application Directory (MAD) — List of Registered Applications. http://www.nxp.com/acrobat/other/identification/mad_overview_042008. pdf, Apr 2008

  47. NXP Semiconductors. MIFARE Smartcard ICs. http://www.mifare.net/products/ smartcardics/, Sept 2008

  48. Octopus Holdings. Web site of Octopus Holdings. http://www.octopus.com.hk/en/, June 2008

  49. S. Micali, O. Goldreich, S. Goldwasser, How to construct random functions. J. ACM 33(4), 792–807 (1986)

    Article  MathSciNet  Google Scholar 

  50. M. Ohkubo, K. Suzuki, S. Kinoshita, in Cryptographic Approach to “Privacy-Friendly” Tags. Presented at the RFID Privacy Workshop (MIT, Cambridge, MA, 15 Nov 2003); rfidprivacy.ex.com/2003/agenda.php

    Google Scholar 

  51. M. Ohkubo, K. Suzuki, S. Kinoshita, in Efficient Hash-Chain Based RFID Privacy Protection Scheme. International Conference on Ubiquitous Computing (UbiComp), Workshop Privacy: Current Status and Future Directions, Tokyo, Japan, 11–14 Sept 2005

    Google Scholar 

  52. K. Ouafi, R. Overbeck, S. Vaudenay, On the security of HB# against a man-in-the-middle attack. in Advances in Cryptology — ASIACRYPT 2008, ed. by J. Pieprzyk. 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, 7–11 Dec 2008, Proceedings. Lecture Notes in Computer Science, vol. 5350 (Springer, 2008), pp. 108–124

    Google Scholar 

  53. R.-I. Paise, S. Vaudenay, in Mutual Authentication in RFID: Security and Privacy. ASIACCS’08: Proceedings of the 2008 ACM Symposium on Information, Alexandria, VA, USA, 27–31 Oct 2008, Computer and Communications Security (ACM Press, 2008), pp. 292–299

    Google Scholar 

  54. D.C. Ranasinghe, D.W. Engels, P.H. Cole, in Security and Privacy: Modest Proposals for Low-Cost RFID Systems. Auto-ID Labs Research Workshop, Zurich, Switzerland, 23–24 Sept 2004

    Google Scholar 

  55. É. Levieil, P.-A. Fouque, in An Improved LPN Algorithm. Security and Cryptography for Networks, 5th International Conference, SCN 2006, Maiori, Italy, 6–8 Sept 2006, Proceedings. Lecture Notes in Computer Science, (Springer, 2006), pp. 348–359

    Google Scholar 

  56. A.-R. Sadeghi, I. Visconti, C. Wachsmann, in User Privacy in Transport Systems Based on RFID E-tickets. International Workshop on Privacy in Location-Based Applications (PiLBA), Malaga, Spain, 9 Oct 2008

    Google Scholar 

  57. A.-R. Sadeghi, I. Visconti, C. Wachsmann, in Anonymizer-Enabled Security and Privacy for RFID. The 8th International Conference in Cryptography and Network Security, 12–14 Dec 2009, Kanazawa, Ishikawa, Japan. Lecture Notes in Computer Science (Springer, 2009)

    Google Scholar 

  58. A.-R. Sadeghi, I. Visconti, C. Wachsmann, in Location Privacy in RFID Applications. Privacy in Location-Based Applications — Research Issues and Emerging Trends. Lecture Notes in Computer Science, vol. 5599 (Springer, Aug 2009), pp. 127–150

    Google Scholar 

  59. J. Saito, J.-C. Ryou, K. Sakurai, in Enhancing Privacy of Universal Re-encryption Scheme for RFID Tags. International Conference on Embedded and Ubiquitous Computing (EUC), Aizu-Wakamatsu City, Japan, Aug 2004, Proceedings. Lecture Notes in Computer Science, vol. 3207 (Springer, 2004), pp. 879–890

    Google Scholar 

  60. S.P. Skorobogatov, R.J. Anderson, in Optical Fault Induction Attacks. 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002), Redwood Shores, CA, USA, 13–15 Aug 2002, Revised Papers. Lecture Notes in Computer Science, vol. 2523 (Springer Verlag, 2002), pp. 31–48

    Google Scholar 

  61. B. Song, C.J. Mitchell, RFID Authentication Protocol for Low-Cost Tags. Proceedings of the First ACM Conference on Wireless Network Security, Alexandria, VA, USA, 31 Mar-2 Apr 2008 (ACM Press, 2008), pp. 140–147

    Google Scholar 

  62. Sony Global. Web site of Sony FeliCa. http://www.sony.net/Products/felica/, June 2008

  63. Spirtech. CALYPSO functional specification: Card application, version 1.3. http://calypso.spirtech.net/, Oct 2005

  64. G. Tsudik, in YA-TRAP: Yet Another Trivial RFID Authentication Protocol. Proceedings of the 4th Annual IEEE International Conference on Pervasive Computing and Communications Workshops, Pisa, Italy, 13–17 Mar 2006 . Lecture Notes in Computer Science, vol. 2802 (IEEE Computer Society, 2006), pp. 640–643

    Google Scholar 

  65. P. Tuyls, L. Batina, in RFID-Tags for Anti-counterfeiting. The Cryptographers’ Track at the RSA Conference, San Jose, CA, USA, 13–17 Feb 2006, Proceedings. Lecture Notes on Computer Science, vol. 3860 (Springer, 2006), pp. 115–131

    Google Scholar 

  66. P. Tuyls, B. Škoriç, Tom Kevenaar (eds.), Security with Noisy Data — On Private Biometrics, Secure Key Storage, and Anti-Counterfeiting (Springer, New York, NY, 2007).

    Google Scholar 

  67. S. Vaudenay, in On Privacy Models for RFID. 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Sarawak, Malaysia, 2–6 Dec 2007 Proceedings. Lecture Notes in Computer Science, vol. 4833 (Springer, 2007), pp. 68–87

    Google Scholar 

  68. S.A. Weis, S.E. Sarma, R.L. Rivest, D.W. Engels, in Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. 1st International Conference on Security in Pervasive Computing, Boppard, Germany, 12–14 Mar 2003 Revised Papers. Lecture Notes in Computer Science, vol. 2802 (Springer, 2003), pp. 50–59

    Google Scholar 

Download references

Acknowledgments

We wish to thank Frederik Armknecht, Paolo D’Arco, and Alessandra Scafuro for several useful discussions about RFID privacy notions. This work has been supported in part by the European Commission through the FP7 programme under contract 216646 ECRYPT II, 238811 UNIQUE, and 215270 FRONTS, in part by the Ateneo Italo-Tedesco under Program Vigoni and by the MIUR Project PRIN 2008 “PEPPER: Privacy E Protezione di dati PERsonali” (prot. 2008SY2PH4).

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT Security, Ruhr-University Bochum, Bochum, Germany

    Ahmad-Reza Sadeghi

  2. Dipartimento di Informatica ed Applicazioni, University of Salerno, Salerno, Italy

    Ivan Visconti

  3. Horst Görtz Institute for IT-Security (HGI), Ruhr-University Bochum, Bochum, Germany

    Christian Wachsmann

Authors
  1. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ivan Visconti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christian Wachsmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christian Wachsmann .

Editor information

Editors and Affiliations

  1. Horst Görtz Institut für, Sicherheit in der, Universität Bochum, Universitätsstr. 150, Bochum, 44780, Germany

    Ahmad-Reza Sadeghi

  2. Département d'informatique, Groupe de cryptographie, École normale supérieure, rue d'Ulm 45, Paris, 75230, France

    David Naccache

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Sadeghi, AR., Visconti, I., Wachsmann, C. (2010). Enhancing RFID Security and Privacy by Physically Unclonable Functions. In: Sadeghi, AR., Naccache, D. (eds) Towards Hardware-Intrinsic Security. Information Security and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14452-3_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14452-3_13

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14451-6

  • Online ISBN: 978-3-642-14452-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation