Skip to main content

Advertisement

SpringerLink
Log in

Privacy Analysis of Forward and Backward Untraceable RFID Authentication Schemes

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

In this paper, we analyze the first known provably secure Radio Frequency Identification (RFID) authentication schemes that are designed to provide forward untraceability and backward untraceability: the L-K and S-M schemes. We show how to trace tags in the L-K scheme without needing to corrupt tags. We also show that if a standard cryptographic pseudorandom bit generator (PRBG) is used in the S-M scheme, then the scheme may fail to provide forward untraceability and backward untraceability. To achieve the desired untraceability features, we show that the S-M scheme can use a robust PRBG which provides forward security and backward security. We also note that the backward security is stronger than necessary for the backward untraceability of the S-M scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Abdalla, M., & Bellare, M. (2000). Increasing the lifetime of a key: A comparative analysis of the security of re-keying techniques Advances in Cryptology – Asiacrypt ’00, LCNS 1976, 546–559.

  2. Avoine, G. (2005). Adversarial model for radio frequency identification. Cryptology ePrint Archive, report 2005/049. http://eprint.iacr.org/2005/049.

  3. Barak, B., & Halevi, S. (2005). A model and architecture for pseudo-random generation with applications to /dev/random. Proceedings of CCS ’05, ACM, 203–212.

  4. Barker, E., & Kelsey, J. (2007) Recommendation for random number generation using deterministic random bit generators (Revised). NIST Special Publication 800-90.

  5. Bellare, M., Pointcheval, D., & Rogaway, P. (2000). Authenticated key exchange secure against dictionary attacks. Advances in Cryptology – EUROCRYPT ’00, LNCS 1807, 139–155.

  6. Cai, S., Li, Y., Li, T., & Deng, R. H. (2009). Attacks and improvements to an RFID mutual authentication protocol and its extensions. Proceedings of WiSec ’09, ACM, 51–58.

  7. CASPIAN (2007). “Boycott Benetton”. http://www.boycottbenetton.com. Accessed 19 Sep 2007.

  8. Choo, K.-K. R. (2006). Refuting Security Proofs for Tripartite Key Exchange with Model Checker in Planning Problem Setting. Proceedings of IEEE CSFW ’06, 297–308.

  9. Choo, K.-K. R., Boyd, C., & Hitchcock, Y. (2005). Examining indistinguishability-based proof models for key establishment protocols. Advances in Cryptology – Asiacrypt ’05, LNCS 3788, 585–604.

  10. Choo, K. -K. R., Boyd, C., & Hitchcock, Y. (2005). Errors in computational complexity proofs for protocols. Advances in Cryptology – Asiacrypt ’05, LNCS 3788, 624–643.

  11. Damgård, I., & Østergaard, S. (2008). RFID security: Tradeoffs between security and efficiency. Topics in Cryptology – CT-RSA 2008, LNCS 4964, 318–332.

  12. Goldreich O., Goldwasser S., Micali S. (1986) How to construct random functions. Journal of the ACM 33(4): 792–807

    Article  MathSciNet  Google Scholar 

  13. Heydt-Benjamin, T. S., Bailey, D. V., Fu, K., Juels, A., & O’Hare, T. (2008). Vulnerabilities in first-generation RFID-enabled credit cards. Proceedings of Financial Cryptography ’07, LNCS 4886, 2–14.

  14. Hoepman, J.-H., Hubbers, E., Jacobs, B., Oostdijk, M., & Schreur, R. W. (2006). Crossing borders: Security and privacy issues of the European e-passport. Proceedings of IWSEC ’06, LNCS 4266, 152–167.

  15. Juels A. (2006) RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communications 24(2): 381–394

    Article  MathSciNet  Google Scholar 

  16. Juels, A., Molnar, D., & Wagner, D. (2005). Security and privacy issues in E-passports. Proceedings of SecureComm ’05, 74–88.

  17. Juels, A., & Weis, S. A. (2007). Defining strong privacy for RFID. Proceedings of PerCom ’07, 342–347. http://eprint.iacr.org/2006/137. Accessed 7 April 2006.

  18. Kosta, E., Meints, M., Hensen, M., & Gasson, M. (2007). An analysis of security and privacy issues relating to RFID enabled epassports. Proceedings of IFIP SEC ’07, IFIP 232, 467–472.

  19. Le, T. V., Burmester, M., & de Medeiros, B. (2007). Universally composable and forward-secure RFID authentication and authenticated key exchange. Proceedings of ASIACCS ’07, 242–252. Full version titled “Forward-Secure RFID Authentication and Key Exchange”. http://eprint.iacr.org/2007/051. Accessed 14 Feb 2007.

  20. Lim, C. H., & Kwon, T. (2006). Strong and robust RFID authentication enabling perfect ownership transfer. Proceedings of ICICS ’06, LNCS 4307, 1–20.

  21. Menezes A.J., van Oorschot P.C., Vanstone S.A. (1996) Handbook of applied cryptography. CRC Press, Boca Raton

    Book  Google Scholar 

  22. Ma, C., Li, Y., Deng, R. H., & Li, T. (2009). RFID privacy: Relation between two notions, minimal condition, and efficient construction. Proceedings of CCS ’09, ACM, 54–65.

  23. “Michelin Embeds RFID Tags in Tires”. RFID Journal. http://www.rfidjournal.com/article/articleview/269/1/1/. Accessed 17 Jan 2003

  24. Ohkubo, M., Suzuki, K., & Kinoshita, S. (2003). Cryptographic approach to “Privacy-friendly” tags. Proceedings of RFID Privacy Workshop, MIT.

  25. Ouafi, K., & Phan, R. C.-W. (2008). Traceable privacy of recent provably-secure RFID protocols. Proceedings of ACNS ’08, LNCS 5037, 479–489.

  26. Paise, R. I., & Vaudenay, S. (2008). Mutual authentication in RFID. Proceedings of AsiaCCS ’08, ACM, 292–299.

  27. Rizomiliotis P., Rekleitis E., Gritzalis S. (2009) Security analysis of the Song–Mitchell authentication protocol for low-cost RFID tags. IEEE Communications Letters 13(4): 274–276

    Article  Google Scholar 

  28. Rogaway, P. (2004). On the role definitions in and beyond cryptography. Proceedings of ASIAN ’04, LNCS 3321, 13–32.

  29. Song, B., & Mitchell, C. J. (2008). RFID authentication protocol for low-cost tags. Proceedings of WISEC ’08, ACM, 140–147.

  30. Stinson D. R. (2006) Cryptography: Theory and practice, 3rd edition. Chapman & Hall/CRC, Boca Raton

    MATH  Google Scholar 

  31. “Target, Wal-Mart Share EPC Data”. RFID Journal. http://www.rfidjournal.com/article/articleview/642/1/1/. Accessed 17 Oct 2005.

  32. Vaudenay, S. (2006). RFID privacy based on public-key cryptography. Proceedings of ICISC ’06, LNCS 4296, 1–6.

  33. Vaudenay, S. (2007). On privacy models for RFID. Advances in Cryptology – Asiacrypt ’07, LNCS 4833, 68–87.

  34. Yu, K. Y., Yiu, S. M., & Hui, L. C. K. (2009) RFID forward secure authentication protocol: Flaw and solution. Proceedings of CISIS ’09, IEEE, 627–632.

Download references

Author information

Authors and Affiliations

  1. Department of Electronic and Electrical Engineering, Loughborough University, Leicestershire, UK

    Raphael C.-W. Phan

  2. The Institute of Electronics, Communications and Information Technology, Queen’s University Belfast, Belfast, UK

    Jiang Wu

  3. Security and Cryptography Lab (LASEC), EPFL University, 1015, Lausanne, Switzerland

    Khaled Ouafi

  4. David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, Canada

    Douglas R. Stinson

Authors
  1. Raphael C.-W. Phan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiang Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Khaled Ouafi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Douglas R. Stinson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Raphael C.-W. Phan.

Additional information

Part of work done while Raphael C.-W. Phan was with LASEC, EPFL.

Research supported by an NSERC post-graduate scholarship. Work done while Jiang Wu was with David R. Cheriton School of Computer Science, University of Waterloo.

Research supported by NSERC discovery grant 203114-06.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Phan, R.CW., Wu, J., Ouafi, K. et al. Privacy Analysis of Forward and Backward Untraceable RFID Authentication Schemes. Wireless Pers Commun 61, 69–81 (2011). https://doi.org/10.1007/s11277-010-0001-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-010-0001-0

Keywords

Search

Navigation