Abstract
The search efficiency of radio frequency identification (RFID) protocols remains a challenging issue. There are many proposals that address the security and privacy issues of RFID, but most of them require reader work that is linear with the number of tags. Some proposals use a tree-based approach to solve the search efficiency problem. The tree-based approach reduces the search complexity from \({\mathcal {O}}(N)\) to \({\mathcal {O}}(\log N)\). However, tree-based protocols are vulnerable to tag compromising attacks due to the lack of a key-updating mechanism. Therefore, tree-based protocols are weak private in Vaudenay’s privacy model. In this paper, we propose a privacy-preserving RFID authentication protocol that does not require lookup. Our solution is based on the use of physically unclonable functions (PUFs) and is destructive-private in the Vaudenay-Model. It provides resistance against tag compromising attack by using PUFs as a secure storage mechanism to preserve the privacy of the tag.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Akgün, M. & Çaglayan, M. U. (2011). PUF based scalable private RFID authentication. In: Sixth international conference on availability, reliability and security, ARES 2011, Vienna, 22–26 August 2011, pp. 473–478.
Akgün, M., Çaglayan, M. U., & Anarim, E. (2009). Secure RFID authentication with efficient key-lookup. In Proceedings of the global communications conference, 2009. GLOBECOM 2009. Honolulu, Hawaii, 30 November–4 December 2009, pp. 1–8.
Alomair, B., Clark, A., Cuéllar, J., & Poovendran, R. (2012). Scalable RFID systems: A privacy-preserving protocol with constant-time identification. IEEE Transactions Parallel Distributed Systems, 23(8), 1536–1550.
Alomair, B., & Poovendran, R. (2010). Review: Privacy versus scalability in radio frequency identification systems. Computer Communications, 33(18), 2155–2163.
Avoine, G., Coisel, I., & Martin, T. (2010). Time measurement threatens privacy-friendly RFID authentication protocols. In Radio frequency identification: Security and privacy issues - 6th international workshop, RFIDSec 2010. Istanbul, 8–9 June 2010, Revised Selected Papers, pp. 138–157.
Avoine, G., Dysli, E., & Oechslin, P. (2005) Reducing time complexity in RFID systems. In Selected areas in cryptography, 12th international workshop, SAC 2005. Kingston, ON, 11–12 August 2005, Revised Selected Papers, pp. 291–306
Bolotnyy, L., & Robins, G. (2007). Physically unclonable function-based security and privacy in RFID systems. In Fifth Annual IEEE international conference on pervasive computing and communications (PerCom. (2007). 19–23 March 2007, White Plains: NY, pp. 211–220.
Bringer, J., Chabanne, H., & Icart, T. (2008). Improved privacy of the tree-based hash protocols using physically unclonable function. In Proceedings of security and cryptography for networks, 6th international conference, SCN 2008. Amalfi, 10–12 September 2008, pp. 77–91.
Busch, H., Katzenbeisser, S., & Baecher, P. (2009). PUF-based authentication protocols - revisited. In Information security applications, 10th international workshop, WISA 2009, Busan, 25–27 August 2009, Revised Selected Papers, pp. 296–308.
Devadas, S., Suh, E., Paral, S., Sowell, R., Ziola, T., & Khandelwal, V. (2008). Design and implementation of PUF-based “unclonable” RFID ICs for anti-counterfeiting and security applications. In RFID, 2008 IEEE International conference on, pp. 58–64. doi:10.1109/RFID.2008.4519377
Halderman, J. A., Schoen, S. D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J. A., et al. (2009). Lest we remember: Cold-boot attacks on encryption keys. Communications of the ACM, 52(5), 91–98.
Henrici, D., & Müller, P. (2004). Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In 2nd IEEE conference on pervasive computing and communications workshops (PerCom,. (2004). Workshops), 14–17 March 2004, Orlando, pp. 149–153.
Holcomb, D.E., Burleson, W.P., & Fu, K. (2007). Initial sram state as a fingerprint and source of true random numbers for rfid tags. In In Proceedings of the conference on RFID security
Kardas, S., Celik, S., Yildiz, M., & Levi, A. (2012). PUF-enhanced offline RFID security and privacy. Journal Network and Computer Applications, 35(6), 2059–2067.
Kardas, S., Kiraz, M.S., Bingöl, M.A., & Demirci, H. (2011). A novel RFID distance bounding protocol based on physically unclonable functions. In RFID. Security and Privacy - 7th international workshop, RFIDSec 2011, Amherst, USA, 26–28 June 2011, Revised Selected Papers
Kulseng, L., Yu, Z., Wei, Y., & Guan, Y. (2010). Lightweight mutual authentication and ownership transfer for RFID systems. In INFOCOM 2010. 29th IEEE international conference on computer communications, joint conference of the IEEE computer and communications societies, 15–19 March 2010. San Diego, pp. 251–255.
Lu, L., Han, J., Hu, L., Liu, Y., & Ni, L.M. (2007). Dynamic key-updating: Privacy-preserving authentication for RFID systems. In Fifth Annual IEEE international conference on pervasive computing and communications (PerCom 2007). 19–23 March 2007, White Plains, pp. 13–22.
Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: issues, practices, and architectures. In Proceedings of the 11th ACM conference on computer and communications security, CCS 2004, Washington, 25–29 October 2004, pp. 210–219.
Ohkubo, M., Suzuki, K., & Kinoshita, S. (2003). Cryptographic Approach to “privacy-friendly” tags. In RFID Privacy Workshop. MIT, Massachusetts, USA
Paise, R., & Vaudenay, S. (2008). Mutual authentication in RFID: security and privacy. In Proceedings of the 2008 ACM symposium on information, computer and communications security, ASIACCS 2008, Tokyo, 18–20 March 2008, pp. 292–299.
Sadeghi, A.R., Visconti, I., & Wachsmann, C. (2010). PUF-Enhanced RFID Security and Privacy. In Secure Component and System Identification – SECSI’10. Cologne, Germany
Tuyls, P., & Batina, L. (2006). Rfid-tags for anti-counterfeiting. In Proceedings of topics in cryptology - CT-RSA 2006, the cryptographers’ track at the RSA conference 2006, San Jose 13–17 February 2006, pp. 115–131.
Tuyls, P., Skoric, B., & Kevenaar, T. (2007). Security with noisy data: Private biometrics,secure key storage and anti-counterfeiting. Secaucus, NJ, USA: Springer-New York Inc.
Vaudenay, S. (2007). On privacy models for RFID. In Proceedings of advances in cryptology - ASIACRYPT 2007, 13th International conference on the theory and application of cryptology and information security. Kuching, 2–6 December 2007, pp. 68–87.
Wang, W., Li, Y., Hu, L., & Lu, L. (2007). Storage-awareness: RFID private authentication based on sparse tree. In Third international workshop on security, privacy and trust in pervasive and ubiquitous computing, SECPerU 2007, Istanbul 19 July 2007, pp. 61–66.
Weis, S.A., Sarma, S.E., Rivest, R.L. & Engels, D.W. (2003). Security and privacy aspects of low-cost radio frequency identification systems. In: Security in pervasive computing, first international conference, Boppard, 12–14 March 2003, Revised Papers, pp. 201–212.
Wu, J., & Stinson, D.R. (2009) A highly scalable RFID authentication protocol. In Proceedings of information security and privacy, 14th australasian conference, ACISP 2009, Brisbane. 1–3 July 2009, pp. 360–376.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Akgün, M., Çaǧlayan, M.U. Towards Scalable Identification in RFID Systems. Wireless Pers Commun 86, 403–421 (2016). https://doi.org/10.1007/s11277-015-2936-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-015-2936-7