Abstract
In 2004, Molnar and Wagner introduced a very appealing protocol dedicated to the identification of RFID tags. Their scheme relies on a binary tree of secrets which are shared – for all nodes except the leaves – amongst the tags. Hence the compromise of one tag also has implications on the other tags with whom it shares keys. We describe a new man-in-the-middle attack against this protocol which allows to break privacy even without opening tags. Moreover, it can be applied to some other RFID protocols which use correlated keys as the one described recently by Damgård and Pedersen at CT-RSA 2008.
We introduce a modification of the initial scheme to allow us to thwart this and to strengthen RFID tags by implementing secrets with Physical Obfuscated Keys (POKs). This doing, we augment tags and scheme privacy, particularly general resistance against physical threats.
This work was partially supported by the french ANR RNRT project T2TIT.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Auto-ID Center. Draft protocol specification for a 900 MHz Class 0 Radio Frequency Identification Tag (2003)
Avoine, G., Buttyán, L., Holczer, T., Vajda, I.: Group-based private authentication. In: Proceedings of the International Workshop on Trust, Security, and Privacy for Ubiquitous Computing (TSPUC 2007). IEEE, Los Alamitos (2007)
Bolotnyy, L., Robins, G.: Physically Unclonable Function-based security and privacy in RFID systems. In: International Conference on Pervasive Computing and Communications – PerCom 2007, New York, USA, March 2007, pp. 211–220. IEEE Computer Society Press, Los Alamitos (2007)
Buttyán, L., Holczer, T., Vajda, I.: Optimal key-trees for tree-based private authentication. In: Privacy Enhancing Technologies, pp. 332–350 (2006)
Damgård, I., Pedersen, M.Ø.: RFID security: Tradeoffs between security and efficiency. In: CT-RSA 2008 (2008)
Gassend, B.: Physical random functions. Master’s thesis, Computation Structures Group, Computer Science and Artificial Intelligence Laboratory, MIT (2003)
Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Atluri, V. (ed.) ACM Conference on Computer and Communications Security, pp. 148–160. ACM, New York (2002)
Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: FPGA Intrinsic PUFs and Their Use for IP Protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)
Juels, A., Weis, S.A.: Defining strong privacy for RFID. In: PERCOMW 2007, pp. 342–347. IEEE Computer Society Press, Washington (2007)
Molnar, D., Wagner, D.: Privacy and security in library RFID: issues, practices, and architectures. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 210–219 (2004)
Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 276–290. Springer, Heidelberg (2006)
Nohara, Y., Inoue, S., Baba, K., Yasuura, H.: Quantitative evaluation of unlinkable id matching systems. In: Workshop on Privacy in the Electronic Society (2006)
Nohl, K., Evans, D.: Quantifying information leakage in tree-based hash protocols (short paper). In: ICICS, pp. 228–237 (2006)
Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: DAC, pp. 9–14. IEEE, Los Alamitos (2007)
Tuyls, P., Batina, L.: RFID-tags for anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)
Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bringer, J., Chabanne, H., Icart, T. (2008). Improved Privacy of the Tree-Based Hash Protocols Using Physically Unclonable Function. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds) Security and Cryptography for Networks. SCN 2008. Lecture Notes in Computer Science, vol 5229. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85855-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-85855-3_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85854-6
Online ISBN: 978-3-540-85855-3
eBook Packages: Computer ScienceComputer Science (R0)