Abstract
In this paper, we introduce several new mechanisms that are cheap to implement or integrate into RFID tags and that at the same time enhance their security and privacy properties. Our aim is to provide solutions that make use of existing (or expected) functionality on the tag or that are inherently cheap and thus, enhance the privacy friendliness of the technology “almost” for free. Our proposals, for example, make use of environmental information (presence of light temperature, humidity, etc.) to disable or enable the RFID tag. A second possibility that we explore is the use of delays in revealing a secret key used to later establish a secure communication channel. We also introduce the idea of a “sticky tag,” which can be used to re-enable a disabled (or killed) tag whenever the user considers it to be safe. We discuss the security and describe usage scenarios for all solutions. Finally, we review previous works that use physical principles to provide security and privacy in RFID systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Staake, T., Thiesse, F., Fleisch, E.: Extending the EPC Network — The Potential of RFID in Anti-Counterfeiting. In: Haddad, H., Liebrock, L.M., Wainwright, A.O. (eds.) SAC 2005, March 13-17, 2005, ACM Press, New York (2005)
Juels, A.: Minimalist Cryptography for Low-Cost RFID Tags. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)
Juels, A., Weis, S.: Authenticating Pervasive Devices with Human Protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)
Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems Using the AES Algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)
Dominikus, S., Oswald, E., Feldhofer, M.: Symmetric Authentication for RFID Systems in Practice. Printed handout of Workshop on RFID and Light-Weight Crypto, pp. 25–31. ECRYPT Network of Excellence (July 13-15, 2005)
Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) SPC 2003. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)
Tuyls, P., Batina, L.: RFID-tags for Anti-Counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)
Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I.: Public-Key Cryptography for RFID-Tags. In: PerCom 2007 Workshops. IEEE Conference on Pervasive Computing and Communications Workshops, New York, March 19-23, 2007, IEEE Computer Society, Los Alamitos (2007)
Juels, A., Rivest, R.L., Szydlo, M.: The blocker tag: selective blocking of RFID tags for consumer privacy. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) CCS 2003. ACM Conference on Computer and Communications Security, October 27-30, 2003, pp. 103–111. ACM Press, New York (2003)
Juels, A., Brainard, J.G.: Soft blocking: flexible blocker tags on the cheap. In: Atluri, V., Syverson, P.F., di Vimercati, S.D.C. (eds.) WPES 2004. ACM Workshop on Privacy in the Electronic Society, October 28, 2004, pp. 1–7. ACM Press, New York (2004)
Floerkemeier, C., Schneider, R., Langheinrich, M.: Scanning with a purpose – supporting the fair information principles in RFID protocols. In: Murakami, H., Nakashima, H., Tokuda, H., Yasumura, M. (eds.) UCS 2004. LNCS, vol. 3598, pp. 214–231. Springer, Heidelberg (2005)
Rieback, M., Crispo, B., Tanenbaum, A.: RFID guardian: A battery-powered mobile device for RFID privacy management. In: Boyd, C., González Nieto, J.M. (eds.) Information Security and Privacy. LNCS, vol. 3574, pp. 184–194. Springer, Heidelberg (2005)
Karjoth, G., Moskowitz, P.: Disabling RFID tags with visible confirmation: Clipped tags are silenced. In: WPES. Workshop on Privacy in the Electronic Society, Alexandria, Virginia, November 2005, ACM Press, New York (2005)
Munilla, J., Ortiz, A., Peinado, A.: Distance bounding protocols with void-challenges for RFID. Printed handout of Workshop on RFID Security – RFIDSec 06, pp. 15–26. ECRYPT Network of Excellence (July 2006)
Castelluccia, C., Avoine, G.: Noisy tags: A pretty good key exchange protocol for RFID tags. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 289–299. Springer, Heidelberg (2006)
Chabanne, H., Fumaroli, G.: Noisy Cryptographic Protocols for Low-Cost RFID Tags. IEEE Transactions on Information Theory 52(8), 3562–3566 (2006)
Juels, A.: RFID Security and Privacy: A Research Survey. IEEE Journal on Selected Areas in Communications 24(2), 381–394 (2006), extended version available from http://www.rsasecurity.com/rsalabs/node.asp?id=2029
Philipose, M., Smith, J., Jiang, B., Mamishev, A.: Battery-Free Wireless Identification and Sensing. IEEE Pervasive Computing 4(1), 37–45 (2005)
Opasjumruskit, K., Thanthipwan, T., Sathusen, O., Sirinamarattana, P., Gadmanee, P., Pootarapan, E., Wongkomet, N., Thanachayanont, A., Thamsirianunt, M.: Self-powered wireless temperature sensors exploit RFID technology. IEEE Pervasive Computing 5(1), 54–61 (2006)
Kitayoshi, H., Sawaya, K.: Long range passive rfid-tag for sensor networks. In: IEEE 62nd Vehicular Technology Conference — VTC-2005, September 25-28, 2005, pp. 2696–2700. IEEE Computer Society, Los Alamitos (2005)
Weis, S.: Security and privacy in radio-frequency identification devices. Master thesis, May 2003, Massachusetts Institute of Technology (MIT), Cambridge, Massachusetts (2003)
Swedberg, C.: DHL Expects to Launch Sensor Tag Service by Midyear. RFID Journal (January 19th, 2007), available at http://www.rfidjournal.com/article/articleprint/2986/-1/1/
Radovanovic, S., Annema, A., Nauta, B.: High-speed lateral polysilicon photodiode in standard CMOS technology. In: ESSDERC 2003. 33rd European Solid-State Circuits Conference, September 16-18, 2003, IEEE Computer Society, Los Alamitos (2003)
Juels, A., Pappu, R.: Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. In: Wright, R.N. (ed.) Financial Cryptography. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)
Batista, E.: Step Back’ for Wireless ID Tech? Wired News (April 8th, 2003), available at http://www.wired.com/news/wireless/0,1382,58385,00.html
Karygiannis, T., Eydt, B., Barber, G., Bunn, L., Phillips, T.: Draft Special Publication 800-98, Guidance for Securing Radio Frequency Identification (RFID) Systems. National Institute for Standards and Technology, Gaithersburg, MD, USA. (September 2006), available for download at http://csrc.nist.gov/
Chan, Y., Meng, M.Q.H., Wu, K.L., Wang, X.: Experimental Study of Radiation Efficiency from an Ingested Source inside a Human Body Model. In: IEEE Annual International Conference of the Engineering in Medicine and Bilogy Society — IEEE-EMBS (September 1st-4th, 2005), pp. 7754–7757 (2005)
KU Information & Telecommunication Technology Center. The University of Kansas: UHF KU-RFID Tag (2006), available at http://www.rfidalliancelab.org/publications/ittc_press_release.shtml
Sarma, S.: Some issues related to rfid and security. Introductory Talk – RFIDSec 06 (July 2006), available at http://events.iaik.tugraz.at/RFIDSec06/Program/index.htm
Stajano, F., Anderson, R.J.: The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In: Malcolm, J.A., Christianson, B., Crispo, B., Roe, M. (eds.) Security Protocols. LNCS, vol. 1796, pp. 19–21. Springer, Heidelberg (2000)
May, T.C.: Timed-release crypto. Posting to the Cypherpunks Mailing List (February 10th, 1993), available at http://cypherpunks.venona.com/date/1993/02/msg00129.html
Juels, A., Syverson, P., Bailey, D.: High-Power Proxies for Enhancing RFID Privacy and Utility. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 210–226. Springer, Heidelberg (2006)
Soppera, A., Burbridge, T.: Off by default - RAT: RFID acceptor tag. Printed handout of Workshop on RFID Security – RFIDSec 06, pp. 151–166. ECRYPT Network of Excellence (July 2006)
Haselsteiner, E., Breitfuss, K.: Security in near field communication (NFC). Printed handout of Workshop on RFID Security – RFIDSec 06, pp. 151–166. ECRYPT Network of Excellence (July 2006)
Brands, S., Chaum, D.: Distance-bounding protocols (extended abstract). In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)
Fishkin, K.P., Roy, S., Jiang, B.: Some Methods for Privacy in RFID Communication. In: Castelluccia, C., Hartenstein, H., Paar, C., Westhoff, D. (eds.) ESAS 2004. LNCS, vol. 3313, pp. 42–53. Springer, Heidelberg (2005)
Hancke, G., Kuhn, M.: An RFID distance bounding protocol. In: Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm 2005, September 2005, pp. 67–73. IEEE Computer Society, Los Alamitos (2005)
Inoue, S., Yasuura, H.: RFID privacy using user-controllable uniqueness. RFID Privacy Workshop (November 2003)
Bolotnyy, L., Robins, G.: Multi-tag radio frequency identification systems. In: Workshop on Automatic Identification Advanced Technologies — AutoID, 345 E. 47th St, New York, October, 2005, NY 10017, pp. 83–88 (2005)
Rivest, R.L.: Chaffing and Winnowing: Confidentiality without Encryption. CryptoBytes 4(1), 12–17 (1998)
Zou, C.C.: PCB: Physically Changeable Bit for Preserving Privacy in Low-End RFID Tags. RFID White Paper Library, RFID Journal (May 2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bird, N. et al. (2007). ALGSICS — Combining Physics and Cryptography to Enhance Security and Privacy in RFID Systems. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds) Security and Privacy in Ad-hoc and Sensor Networks. ESAS 2007. Lecture Notes in Computer Science, vol 4572. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73275-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-73275-4_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73274-7
Online ISBN: 978-3-540-73275-4
eBook Packages: Computer ScienceComputer Science (R0)