Advertisement

Privacy Issues in RFID Banknote Protection Schemes

  • Gildas Avoine
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 153)

Abstract

Radio Frequency Identification systems are in the limelight for a few years and become pervasive in our daily lives. These smart devices are nowadays embedded in the consumer items and may come soon into our banknotes. At Financial Cryptography 2003, Juels and Pappu proposed a practical cryptographic banknote protection scheme based on both Optical and Radio Frequency Identification systems. We demonstrate however that it severely compromises the privacy of the banknotes’ bearers. We describe some threats and show that, due to the misuse of the secure integration method of Fujisaki and Okamoto, an attacker can access and modify the data stored in the smart device without optical access to the banknote. We prove also that despite what the authors claimed, an attacker can track the banknotes by using the access-key as a marker, circumventing the randomized encryption scheme that aims at thwarting such attacks.

Keywords

RFID Privacy Banknote Protection 

References

  1. [1]
    Auto-ID Center. 860MHz-960MHz class I radio frequency identification tag radio frequency & logical communication interface specification: Recommended standard, version 1.0.0. Technical report http://www.autoidcenter.org, Massachusetts Institute of Technology, MA, USA, November 2002.Google Scholar
  2. [2]
    Auto-ID Center. 13.56MHz ISM band class 1 radio frequency identification tag interface specification: Recommended standard, version 1.0.0. Technical report http://www.autoidcenter.org, Massachusetts Institute of Technology, MA, USA, February 2003.Google Scholar
  3. [3]
    Dan Boneh, Ben Lynn, and Hovav Shacham. Short signatures from the weil pairing. In Colin Boyd, editor, Advances in Cryptology-ASIACRYPT’01, volume 2248 of Lecture Notes in Computer Science, pages 514–532, Gold Coast, Australia, December 2001. IACR, Springer-Verlag.Google Scholar
  4. [4]
    Atmel Corporation. http://www.atmel.com.
  5. [5]
    Taher El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4):469–472, July 1985.Google Scholar
  6. [6]
    Eiichiro Fujisaki and Tatsuaki Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In Michael Wiener, editor, Advances in Cryptology-CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 537–554, Santa Barbara, California, USA, August 1999. IACR, Springer-Verlag.Google Scholar
  7. [7]
    RFID Journal. Michelin embeds RFID tags in tires. http://www.rfidjournal.com/article/view/269, January 2003.
  8. [8]
    Ari Juels and Ravikanth Pappu. Squealing euros: Privacy protection in RFIDenabled banknotes. In Rebecca N. Wright, editor, Financial Cryptography-FC’03, volume 2742 of Lecture Notes in Computer Science, pages 103–121, Le Gosier, Guadeloupe, French West Indies, January 2003. IFCA, Springer-Verlag.Google Scholar
  9. [9]
    Mark Roberti. The money trail-RFID journal. http://www.rfidjournal.com, August 2003.
  10. [10]
    Sanjay Sarma. Towards the five-cent tag. Technical Report MIT-AUTOID-WD-006, MIT auto ID center, Cambridge, MA, USA, November 2001.Google Scholar
  11. [11]
    Sanjay Sarma, Stephen Weis, and Daniel Engels. Radio-frequency identification: security risks and challenges. Cryptobytes, RSA Laboratories, 6(1):2–9, spring 2003.Google Scholar
  12. [12]
    Stephen Weis, Sanjay Sarma, Ronald Rivest, and Daniel Engels. Security and privacy aspects of low-cost radio frequency identification systems. In Dieter Hutter, Günter Müller, Werner Stephan, and Markus Ullmann, editors, First International Conference on Security in Pervasive Computing-SPC 2003, volume 2802 of Lecture Notes in Computer Science, pages 454–469, Boppard, Germany, March 2003. Springer-Verlag.Google Scholar
  13. [13]
    Junko Yoshida. Euro bank notes to embed RFID chips by 2005. http://www.eetimes.com/story/OEG20011219S0016, December 2001.

Copyright information

© Springer Science + Business Media, Inc. 2004

Authors and Affiliations

  • Gildas Avoine
    • 1
  1. 1.Security and Cryptography Laboratory (LASEC)Swiss Federal Institute of Technology (EPFL)LausanneSwitzerland

Personalised recommendations