Abstract
Proper privacy protection in RFID systems is important. However, many of the schemes known are impractical, either because they use hash functions instead of the more hardware efficient symmetric encryption schemes as a efficient cryptographic primitive, or because they incur a rather costly key search time penalty at the reader. Moreover, they do not allow for dynamic, fine-grained access control to the tag that cater for more complex usage scenarios.
In this paper we propose a model and corresponding privacy friendly protocols for efficient and fine-grained management of access permissions to tags. In particular we propose an efficient mutual authentication protocol between a tag and a reader that achieves a reasonable level of privacy, using only symmetric key cryptography on the tag, while not requiring a costly key-search algorithm at the reader side. Moreover, our protocol is able to recover from stolen readers.
Chapter PDF
Similar content being viewed by others
Keywords
- Authentication Protocol
- Mutual Authentication
- Practical Scheme
- Message Authentication Code
- Access Permission
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Anderson, R.J., Bezuidenhoudt, S.J.: On the reliability of electronic payment systems. IEEE Trans. on Softw. Eng. 22(5), 294–301 (1996)
Avoine, G.: Privacy ussues in RFID banknotes protection schemes. In: 6th CARDIS, Toulouse, France, September 2004, pp. 43–48 (2004)
Avoine, G., Dysli, E., Oechslin, P.: Reducing time complexity in rfid systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006)
Avoine, G., Lauradoux, C., Martin, T.: When compromised readers meet RFID. In: Workshop on RFID Security (RFIDsec), Leuven, Belgium, June 30–July 2, pp. 32–48 (2009)
Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)
Black, J., Rogaway, P.: CBC MACs for arbitrary-length messages: The three-key constructions. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 197–215. Springer, Heidelberg (2000)
BSI. Advanced security mechanisms for machine readable travel documents – extended access control (eac). Tech. Rep. TR-03110, BSI, Bonn, Germany (2006)
Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: IEEE International Conference on Security and Privacy for Emerging Areas in Communication Networks, SECURECOMM 2005 (2005)
Engberg, S.J., Harning, M.B., Jensen, C.D.: Zero-knowledge device authentication: Privacy & security enhanced RFID preserving business value and consumer convenience. In: 2nd Ann. Conf. on Privacy, Security and Trust, Fredericton, New Brunswick, Canada, October 13–15, pp. 89–101 (2004)
Gamal, T.E.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. on Inf. Theory 31(4), 469–472 (1985)
Garfinkel, S.L., Juels, A., Pappu, R.: RFID privacy: An overview of problems and proposed solutions. IEEE Security & Privacy, 34–43 (May 2005)
Golle, P., Jakobsson, M., Juels, A., Syverson, P.F.: Universal re-encryption for mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)
Hoepman, J.-H., Hubbers, E., Jacobs, B., Oostdijk, M., Wichers Schreur, R.: Crossing borders: Security and privacy issues of the european e-passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S.-i. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006)
Hoepman, J.-H., Joosten, R.: Practical schemes for privacy & security enhanced RFID, CoRRÂ abs/0909.1257 (2009)
ISO 7816. ISO/IEC 7816 Identification cards – Integrated circuit(s) cards with contacts. Tech. rep., ISO International Organisation for Standardisation (ISO) JTC 1/SC 17
ISO 9798-2. ISO/IEC 9798 Information technology – Security techniques – Entity authentication – Part 2: Mechanisms using symmetric encipherment algorithms. Tech. rep., ISO JTC 1/SC 27
Juels, A.: RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communications 24(2), 381–394 (2006)
Juels, A., Pappu, R.: Squealing euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)
Juels, A., Weis, S.: Defining strong privacy for RFID. In: 5th Ann. IEEE Int. Cont. on Pervasive Computing and Communications Workshops – Pervasive RFID/NFC Technology and Applications (PerTec), pp. 342–347 (2007)
Molnar, D., Wagner, D.: Privacy and security in library RFID: issues, practices, and architectures. In: Atluri, V., Pfitzmann, B., McDaniel, P.D. (eds.) ACM Conference on Computer and Communications Security, Washington D.C., USA, October 25–29, pp. 210–219. ACM, New York (2004)
NIST 800-38B. Recommendation for block cipher modes of operation: The CMAC mode for authentication. Tech. Rep. NIST Special Publication 800-38B, National Institute of Standards and Technology, U.S. Department of Commerce (May 2005)
Oswald, E.: Suggested algorithms for light-weight cryptography. Tech. rep., ECRYPT (September 2006)
Rieback, M.R., Gaydadjiev, G., Crispo, B., Hofman, R.F.H., Tanenbaum, A.S.: A platform for RFID security and privacy administration. In: LISA, pp. 89–102. USENIX (2006)
Sarma, S.E., Weis, S.A., Engels, D.W.: RFID systems, security & privacy implications (white paper). Tech. Rep. MIT-AUTOID-WH-014, Auto-ID Center. MIT, Cambridge, MA, USA (2002)
Spiekermann, S., Evdokimov, S.: Critical RFID privacy-enhancing technologies. IEEE Security & Privacy 11(2), 56–62 (2009)
Stajano, F.: The resurrecting duckling - what next? In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 204–214. Springer, Heidelberg (2001)
Stajano, F., Anderson, R.: The resurrecting duckling: Security issues for ad-hoc wireless networks. In: Christianson, B., Crispo, B., Roe, M. (eds.) 7th Int. Workshop on Security Procotols. LNCS, pp. 172–194 (1999)
Tsiounis, Y., Yung, M.: On the security of elgamal based encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998)
Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hoepman, JH., Joosten, R. (2010). Practical Schemes for Privacy and Security Enhanced RFID . In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds) Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. WISTP 2010. Lecture Notes in Computer Science, vol 6033. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12368-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-12368-9_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12367-2
Online ISBN: 978-3-642-12368-9
eBook Packages: Computer ScienceComputer Science (R0)