Article

On privacy models for RFID

Author:

Serge VaudenayAuthors Info & Claims

ASIACRYPT'07: Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security

Pages 68 - 87

Published: 02 December 2007 Publication History

Abstract

We provide a formal model for identification schemes. Under this model, we give strong definitions for security and privacy. Our model captures the notion of a powerful adversary who can monitor all communications, trace tags within a limited period of time, corrupt tags, and get side channel information on the reader output. Adversaries who do not have access to this side channel are called narrow adversaries. Depending on restrictions on corruption, adversaries are called strong, destructive, forward, or weak adversaries. We derive some separation results: strong privacy is impossible. Narrow-strong privacy implies key agreement. We also prove some constructions: narrow-strong and forward privacy based on a public-key cryptosystem, narrow-destructive privacy based on a random oracle, and weak privacy based on a pseudorandom function.

References

[1]

Aumasson, J.-Ph., Finiasz, M., Meier, W., Vaudenay, S.: TCHo: a Hardware-Oriented Trapdoor Cipher. In: Information Security and Privacy (ACISP 2007), Townsville, Australia. LNCS, vol. 4586, pp. 184-199. Springer, Heidelberg (2007).

Digital Library

[2]

Avoine, G.: Cryptography in Radio Frequency Identification and Fair Exchange Protocols. PhD Thesis no. 3407, EPFL (2005), http://library.epfl.ch/ theses/?nr=3407

[3]

Avoine, G., Dysli, E., Oechslin, P.: Reducing Time Complexity in RFID Systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291-306. Springer, Heidelberg (2006).

Digital Library

[4]

Avoine, G., Oechslin, P.: RFID Traceability: A Multilayer Problem. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125-140. Springer, Heidelberg (2005).

Digital Library

[5]

Batina, L., Mentens, N., Sakiyama, K., Preneel, B., Verbauwhede, I.: Security and Privacy in Ad-Hoc and Sensor Networks. In: Buttyán, L., Gligor, V., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, Springer, Heidelberg (2006).

[6]

Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations Among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, Springer, Heidelberg (1998).

Digital Library

[7]

Bocchetti, S.: Security and Privacy in RFID Protocols. Master Thesis (2006).

[8]

Burmester, M., van Le, T., de Medeiros, B.: Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols. In: SecureComm 2006. Conference on Security and Privacy for Emerging Areas in Communication Networks, Baltimore, MA, USA, IEEE, Los Alamitos (2006).

[9]

Calmels, B., Canard, S., Girault, M., Sibert, H.: Low-Cost Cryptography for Privacy in RFID Systems. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 237-251. Springer, Heidelberg (2006).

Digital Library

[10]

Damgård, I., Østergaard, M.: RFID Security: Tradeoffs between Security and Efficiency. Technical report 2006/234, IACR (2006), http://eprint.iacr. org/2006/234

[11]

Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22, 644-654 (1976).

[12]

Dimitriou, T.: A Lightweight RFID Protocol to Protect against Traceability and Cloning Attacks. In: SecureComm 2005. Conference on Security and Privacy for Emerging Areas in Communication Networks, Athens, Greece, IEEE, Los Alamitos (2005), http://ieeexplore.ieee.org/iel5/10695/33755/ 01607559.pdf?arnumber=1607559

Digital Library

[13]

Dolev, D., Dwork, C., Naor, M.: Non-Malleable Cryptography. In: Proceedings of the 23rd ACM Symposium on Theory of Computing, New Orleans, Louisiana, U.S.A, pp. 542-552. ACM Press, New York (1991).

Digital Library

[14]

Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems using the AES Algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357-370. Springer, Heidelberg (2004).

[15]

Feldhofer, M., Rechberger, C.: A Case against Currently used Hash Functions in RFID Protocols. In: Meersman, R., Tari, Z., Herrero, P. (eds.) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. LNCS, vol. 4277, pp. 372-381. Springer, Heidelberg (2006).

Digital Library

[16]

Finiasz, M., Vaudenay, S.: When Stream Cipher Analysis Meets Public-Key Cryptography (Invited Talk.). In: Proceedings of SAC 2006. LNCS, Springer, Heidelberg (2006).

Digital Library

[17]

Gilbert, H., Robshaw, M., Sibert, H.: An Active Attack Against HB+: A Provably Secure Lightweight Authentication Protocol. IEE Electronic Letters 41, 1169-1170 (2005).

[18]

Girault, M., Lefranc, D.: Public Key Authentication with One (Online) Single Addition. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 413-427. Springer, Heidelberg (2004).

[19]

Girault, M., Poupard, G., Stern, J.: On the Fly Authentication and Signature Schemes Based on Groups of Unknown Order. Journal of Cryptology 19, 463-487 (2006).

[20]

Goldwasser, S., Micali, S.: Probabilistic Encryption. Journal of Computer and System Sciences 28(2), 270-299 (1984).

[21]

Hall, J., Barbeau, M., Kranakis, E.: Detecting Rogue Devices in Bluetooth Networks using Radio Frequency Fingerprinting. In: Proceedings of the Third IASTED International Conference on Communications and Computer Networks (CCN 2006), Lima, Peru, pp. 108-113. IASTED/ACTA Press (2006).

[22]

ISO/IEC 14443-3. Identification Cards -- Contactless Integrated Circuit(s) Cards -- Proximity Cards. Part 3: Initialization and Anticollision. ISO (2001).

[23]

Juels, A., Weis, S.: Authenticating Pervasive Devices with human Protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293-308. Springer, Heidelberg (2005).

Digital Library

[24]

Juels, A., Weis, S.: Defining Strong Privacy for RFID. Technical report 2006/137, IACR (2006), http://eprint.iacr.org/2006/137

[25]

Katz, J., Shin, J.S.: Parallel and Concurrent Security of the HB and HB+ Protocols. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 73-87. Springer, Heidelberg (2006).

Digital Library

[26]

van Le, T., Burmester, M., de Medeiros, B.: Universally Composable and Forward Secure RFID Authentication and Authenticated Key Exchange. In: ASIACCS 2007. Proceedings of the 2007 ACM Symposium on Information, Computer and Communications Security, Singapore, pp. 242-252. ACM, New York (2007).

Digital Library

[27]

Lim, C.H., Kwon, T.: Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1-20. Springer, Heidelberg (2006).

Digital Library

[28]

Molnar, D., Wagner, D.: Privacy and Security in Library RFID: Issues, Practices, and Architectures. In: 11th ACM Conference on Computer and Communications Security, Washington, DC, USA, pp. 210-219. ACM Press, New York (2004).

Digital Library

[29]

Naor, M., Yung, M.: Public-Key Cryptosystems Provably Secure against Chosen Ciphertext Attacks. In: Proceedings of the 22nd ACM Symposium on Theory of Computing, Baltimore, Maryland, U.S.A, pp. 427-437. ACM Press, New York (1990).

Digital Library

[30]

Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic Approach to a Privacy Friendly Tag. In: Presented at the RFID Privacy Workshop, MIT, USA (2003).

[31]

Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient Hash-Chain based RFID Privacy Protection Scheme. In: Davies, N., Mynatt, E.D., Siio, I. (eds.) UbiComp 2004. LNCS, vol. 3205, Springer, Heidelberg (2004).

[32]

Ohkubo, M., Suzuki, K.: RFID Privacy Issues and Technical Challenges. Communications of the ACM 48, 66-71 (2005).

Digital Library

[33]

Paise, R.I.: A Privacy Model for Mutual Authentication in Radio Frequency Systems. Master Thesis (2007).

[34]

Rackoff, C., Simon, D.: Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, Springer, Heidelberg (1992).

Digital Library

[35]

Robshaw, M.J.B.: Searching for Compact Algorithms: CGEN. In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 37-49. Springer, Heidelberg (2006).

Digital Library

[36]

Rudich, S.: The Use of Interaction in Public Cryptosystems. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 242-251. Springer, Heidelberg (1992).

Digital Library

[37]

Shoup, V.: Sequences of Games: A Tool for Taming Complexity in Security Proofs. Technical report 2004/332, IACR (2004), http://eprint.iacr.org/2004/332

[38]

Vaudenay, S.: RFID Privacy based on Public-Key Cryptography (Invited Talk). In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 1-6. Springer, Heidelberg (2006).

Digital Library

[39]

Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 454-469. Springer, Heidelberg (2004).

Cited By

Aditia MAltaf FSingh MBurra MMaurya CSahoo SMaity SHansdah RKrishnaswamy DVaidya N(2019)Optimized CL-PKE with lightweight encryption for resource constrained devicesProceedings of the 20th International Conference on Distributed Computing and Networking10.1145/3288599.3296014(427-432)Online publication date: 4-Jan-2019
https://dl.acm.org/doi/10.1145/3288599.3296014
Baghery KAbdolmaleki BKhazaei SAref M(2019)Breaking anonymity of some recent lightweight RFID authentication protocolsWireless Networks10.1007/s11276-018-1717-025:3(1235-1252)Online publication date: 1-Apr-2019
https://dl.acm.org/doi/10.1007/s11276-018-1717-0
Ray BAbawajy JChowdhury MAlelaiwi A(2018)Universal and secure object ownership transfer protocol for the Internet of ThingsFuture Generation Computer Systems10.1016/j.future.2017.02.02078:P2(838-849)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1016/j.future.2017.02.020
Show More Cited By

On privacy models for RFID

Recommendations

Impossibility results for RFID privacy notions
Transactions on computational science XI

RFID systems have become increasingly popular and are already used in many real-life applications. Although very useful, RFIDs introduce privacy risks since they carry identifying information that can be traced. Hence, several RFID privacy models have ...
RFID privacy: relation between two notions, minimal condition, and efficient construction
CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the ...
Revisiting unpredictability-based RFID privacy models
ACNS'10: Proceedings of the 8th international conference on Applied cryptography and network security

Recently, there have been several attempts in establishing formal RFID privacy models in the literature. These models mainly fall into two categories: one based on the notion of indistinguishability of two RFID tags, denoted as ind-privacy, and the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

ASIACRYPT'07: Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security

December 2007

582 pages

ISBN:3540768998

Editor:
Kaoru Kurosawa
Ibaraki University, Department of Computer and Information Sciences, Hitachi, Ibaraki, Japan

Sponsors

IACR: International Association for Cryptologic Research

In-Cooperation

Information Security Research Lab
Swinburne University of Technology
Sarawak Development Institute

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 02 December 2007

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

88
Total Citations
View Citations
27
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Aditia MAltaf FSingh MBurra MMaurya CSahoo SMaity SHansdah RKrishnaswamy DVaidya N(2019)Optimized CL-PKE with lightweight encryption for resource constrained devicesProceedings of the 20th International Conference on Distributed Computing and Networking10.1145/3288599.3296014(427-432)Online publication date: 4-Jan-2019
https://dl.acm.org/doi/10.1145/3288599.3296014
Baghery KAbdolmaleki BKhazaei SAref M(2019)Breaking anonymity of some recent lightweight RFID authentication protocolsWireless Networks10.1007/s11276-018-1717-025:3(1235-1252)Online publication date: 1-Apr-2019
https://dl.acm.org/doi/10.1007/s11276-018-1717-0
Ray BAbawajy JChowdhury MAlelaiwi A(2018)Universal and secure object ownership transfer protocol for the Internet of ThingsFuture Generation Computer Systems10.1016/j.future.2017.02.02078:P2(838-849)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1016/j.future.2017.02.020
Maurya PBagchi S(2018)A Secure PUF-Based Unilateral Authentication Scheme for RFID SystemWireless Personal Communications: An International Journal10.1007/s11277-018-5875-2103:2(1699-1712)Online publication date: 1-Nov-2018
https://dl.acm.org/doi/10.1007/s11277-018-5875-2
Kardaş SGenç Z(2018)Security Attacks and Enhancements to Chaotic Map-Based RFID Authentication ProtocolsWireless Personal Communications: An International Journal10.1007/s11277-017-4912-x98:1(1135-1154)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1007/s11277-017-4912-x
Avoine GBultel XGambs SGérault DLafourcade POnete CRobert JKarri RSinanoglu OSadeghi AYi X(2017)A Terrorist-fraud Resistant and Extractor-free Anonymous Distance-bounding ProtocolProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security10.1145/3052973.3053000(800-814)Online publication date: 2-Apr-2017
https://dl.acm.org/doi/10.1145/3052973.3053000
Cheng SVaradharajan VMu YSusilo W(2017)An efficient and provably secure RFID grouping proof protocolProceedings of the Australasian Computer Science Week Multiconference10.1145/3014812.3014885(1-7)Online publication date: 30-Jan-2017
https://dl.acm.org/doi/10.1145/3014812.3014885
Guo FMu YSusilo WHsing HWong DVaradharajan V(2017)Optimized Identity-Based Encryption from Bilinear Pairing for Lightweight DevicesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2015.244576014:2(211-220)Online publication date: 1-Mar-2017
https://dl.acm.org/doi/10.1109/TDSC.2015.2445760
Su CSantoso BLi YDeng RHuang X(2017)Universally Composable RFID Mutual AuthenticationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2015.243437614:1(83-94)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1109/TDSC.2015.2434376
Chen XCao TDoss RZhai J(2017)Attacks on and Countermeasures for Two RFID ProtocolsWireless Personal Communications: An International Journal10.1007/s11277-017-4449-z96:4(5825-5848)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s11277-017-4449-z
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents