Advertisement

Provably Secure Grouping-Proofs for RFID Tags

  • Mike Burmester
  • Breno de Medeiros
  • Rossana Motta
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5189)

Abstract

We investigate an application of RFIDs referred to in the literature as group scanning, in which several tags are “simultaneously” scanned by a reader device. Our goal is to study the group scanning problem in strong adversarial models. We present a security model for this application and give a formal description of the attending security requirements, focusing on the privacy (anonymity) of the grouped tags, and/ or forward-security properties. Our model is based on the Universal Composability framework and supports re-usability (through modularity of security guarantees). We introduce novel protocols that realize the security models, focusing on efficient solutions based on off-the-shelf components, such as highly optimized pseudo-random function designs that require fewer than 2000 Gate-Equivalents.

Keywords

Random Oracle Pervasive Computing Replay Attack Universal Composability Group Pseudonym 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Ateniese, G., Camenisch, J., de Medeiros, B.: Untraceable RFID tags via insubvertible encryption. In: Atluri, V., Meadows, C., Juels, A. (eds.) Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, Alexandria, VA, USA, November 7-11, 2005, pp. 92–101. ACM, New York (2005)Google Scholar
  2. 2.
    Avoine, G., Oechslin, P.: A Scalable and Provably Secure Hash-Based RFID Protocol. In: 3rd IEEE Conference on Pervasive Computing and Communications Workshops (PerCom 2005 Workshops), pp. 110–114. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  3. 3.
    Bellare, M., Rogawa, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
  4. 4.
    Bolotnyy, L., Rose, G.: Generalized Yoking-Proofs for a group of Radio Frequency Identification Tags. In: International Conference on Mobile and Ubiquitous Systems, MOBIQUITOUS 2006, San Jose, CA (2006)Google Scholar
  5. 5.
    Bono, S.C., Green, M., Stubblefield, A., Juels, A., Rubin, A.D., Szydlo, M.: Security analysis of a cryptographically-enabled RFID device. In: Proc. USENIX Security Symposium (USENIX Security 2005), pp. 1–16. USENIX (2005)Google Scholar
  6. 6.
    Burmester, M., van Le, T., de Medeiros, B.: Provably secure ubiquitous systems: Universally composable RFID authentication protocols. In: Proceedings of the 2nd IEEE/CreateNet International Conference on Security and Privacy in Communication Networks (SECURECOMM 2006), IEEE Press, Los Alamitos (2006)Google Scholar
  7. 7.
    Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Proc. IEEE Intern. Conf. on Security and Privacy in Communication Networks (SECURECOMM 2005). IEEE Press, Los Alamitos (2005)Google Scholar
  8. 8.
    Dimitriou, T.: A secure and efficient RFID protocol that can make big brother obsolete. In: Proc. Intern. Conf. on Pervasive Computing and Communications (PerCom 2006). IEEE Press, Los Alamitos (2006)Google Scholar
  9. 9.
    Engberg, S.J., Harning, M.B., Jensen, C.D.: Zero-knowledge device authentication: Privacy & security enhanced rfid preserving business value and consumer convenience. In: Proceedings of Second Annual Conference on Privacy, Security and Trust (PST 2004), October 13-15, 2004, pp. 89–101. Wu Centre, University of New Brunswick, Fredericton (2004)Google Scholar
  10. 10.
  11. 11.
  12. 12.
    Juels, A.: Yoking-Proofs for RFID tags. In: PERCOMW 2004: Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, pp. 138–142. IEEE Computer Society, Washington (2004)CrossRefGoogle Scholar
  13. 13.
    Van Le, T., Burmester, M., de Medeiros, B.: Universally composable and forward-secure RFID authentication and authenticated key exchange. In: Bao, F., Miller, S. (eds.) Proceedings of the 2007 ACM Symposium on Information, Computer and Communications Security (ASIACCS 2007), Singapore, March 20-22, 2007, pp. 242–252. ACM, New York (2007)Google Scholar
  14. 14.
    Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Oren, Y., Shamir, A.: Power analysis of RFID tags. In: RSA Conference, Cryptographer’s Track (RSA-CT 2006) (2006), http://www.wisdom.weizmann.ac.il/~yossio/rfid
  16. 16.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: Solving the simultaneous scanning problem anonymously: clumping proofs for RFID tags. In: Third International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, SecPerl 2007, Istambul, Turkey, IEEE Computer Society Press, Los Alamitos (2007)Google Scholar
  17. 17.
    Piramuthu, S.: On existence proofs for multiple RFID tags. In: IEEE International Conference on Pervasive Services, Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing – SecPerU 2006, Lyon, France, June 2006. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  18. 18.
    Saito, J., Sakurai, K.: Grouping Proof for RFID Tags. In: 19th International Conference on Advanced Information Networking and Applications (AINA 2005), Taipei, Taiwan, 28-30 March 2005, pp. 621–624. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  19. 19.
    Sarma, S.E., Weis, S.A., Engels, D.W.: RFID systems and security and privacy implications. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13-15, 2002. LNCS, vol. 2523, pp. 454–469. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Tan, C.C., Sheng, B., Li, Q.: Severless Search and Authentication Protocols for RFID. In: Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom 2007), White Plains, New York, USA, 19-23 March 2007, pp. 3–12. IEEE Computer Society, Los Alamitos (2007)CrossRefGoogle Scholar
  21. 21.
    Tsudik, G.: YA-TRAP: Yet Another Trivial RFID Authentication Protocol. In: 4th IEEE Conference on Pervasive Computing and Communications Workshops (PerCom 2006 Workshops), Pisa, Italy, 13-17 March 2006, pp. 640–643. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  22. 22.
    Vajda, I., Buttyan, L.: Lightweight authentication protocols for low-cost RFID tags. In: Proc. Workshop on Security in Ubiquitous Computing (UBICOMP 2003) (2003)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Mike Burmester
    • 1
  • Breno de Medeiros
    • 2
  • Rossana Motta
    • 1
  1. 1.Florida State UniversityTallahasseeUSA
  2. 2.Google Inc.USA

Personalised recommendations