On RFID Privacy with Mutual Authentication and Tag Corruption

  • Frederik Armknecht
  • Ahmad-Reza Sadeghi
  • Ivan Visconti
  • Christian Wachsmann
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6123)


RFID systems have become increasingly popular and are already used in many real-life applications. Although very useful, RFIDs also introduce privacy risks since they carry identifying information that can be traced. Hence, several RFID privacy models have been proposed. However, they are often incomparable and in part do not reflect the capabilities of real-world adversaries. Recently, Paise and Vaudenay presented a general RFID security and privacy model that abstracts and unifies most previous approaches. This model defines mutual authentication (between the RFID tag and reader) and several privacy notions that capture adversaries with different tag corruption behavior and capabilities.

In this paper, we revisit the model proposed by Paise and Vaudenay and investigate some subtle issues such as tag corruption aspects. We show that in their formal definitions tag corruption discloses the temporary memory of tags and leads to the impossibility of achieving both mutual authentication and any reasonable notion of RFID privacy in their model. Moreover, we show that the strongest privacy notion (narrow-strong privacy) cannot be achieved simultaneously with reader authentication even if the adversary is not capable of corrupting a tag during the protocol execution.

Although our results are shown on the privacy definition by Paise and Vaudenay, they give insight to the difficulties of setting up a mature security and privacy model for RFID systems that aims at fulfilling the sophisticated requirements of real-life applications.


RFID Security Model Privacy Mutual Authentication 


  1. 1.
    Atmel Corporation: Innovative IDIC solutions (2007),
  2. 2.
    NXP Semiconductors: MIFARE smartcard ICs (September 2008),
  3. 3.
    Sadeghi, A.R., Visconti, I., Wachsmann, C.: User privacy in transport systems based on RFID e-tickets. In: International Workshop on Privacy in Location-Based Applications, PiLBA (2008)Google Scholar
  4. 4.
    I.C.A. Organization: Machine Readable Travel Documents, Doc 9303, Part 1 Machine Readable Passports, 5th Edn. (2003)Google Scholar
  5. 5.
    Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 50–59. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Juels, A.: RFID security and privacy: A research survey. Journal of Selected Areas in Communication 24(2), 381–395 (2006)CrossRefMathSciNetGoogle Scholar
  7. 7.
    Sadeghi, A.R., Visconti, I., Wachsmann, C.: Location privacy in RFID applications. In: Bettini, C., Jajodia, S., Samarati, P., Wang, X.S. (eds.) Privacy in Location-Based Applications. LNCS, vol. 5599, pp. 127–150. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Avoine, G.: Adversarial model for radio frequency identification. ePrint, Report 2005/049 (2005)Google Scholar
  9. 9.
    Juels, A., Weis, S.A.: Defining strong privacy for RFID. In: Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW ’07), pp. 342–347. ACM Press, New York (2007)Google Scholar
  10. 10.
    Burmester, M., van Le, T., de Medeiros, B.: Universally composable and forward-secure RFID authentication and authenticated key exchange. In: Proc. of ASIACCS, pp. 242–252. ACM Press, New York (2007)Google Scholar
  11. 11.
    Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Paise, R.I., Vaudenay, S.: Mutual authentication in RFID: Security and privacy. In: Proc. of ASIACCS, pp. 292–299. ACM Press, New York (2008)CrossRefGoogle Scholar
  13. 13.
    Deng, R.H., Li, Y., Yao, A.C., Yung, M., Zhao, Y.: A new framework for RFID privacy. ePrint, Report 2010/059 (2010)Google Scholar
  14. 14.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  15. 15.
    Hutter, M., Schmidt, J.M., Plos, T.: RFID and its vulnerability to faults. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 363–379. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. 16.
    Kasper, T., Oswald, D., Paar, C.: New methods for cost-effective side-channel attacks on cryptographic RFIDs. In: Workshop on RFID Security, RFIDSec (2009)Google Scholar
  17. 17.
    D’Arco, P., Scafuro, A., Visconti, I.: Semi-destructive privacy in DoS-enabled RFID systems. In: Workshop on RFID Security, RFIDSec (2009)Google Scholar
  18. 18.
    D’Arco, P., Scafuro, A., Visconti, I.: Revisiting DoS Attacks and Privacy in RFIDEnabled Networks. In: Dolev, S. (ed.) ALGOSENSORS 2009. LNCS, vol. 5804, pp. 76–87. Springer, Heidelberg (2009)Google Scholar
  19. 19.
    Ng, C.Y., Susilo, W., Mu, Y., Safavi-Naini, R.: RFID privacy models revisited. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 251–266. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Ng, C.Y., Susilo, W., Mu, Y., Safavi-Naini, R.: New privacy results on synchronized RFID authentication protocols against tag tracing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 321–336. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    Bringer, J., Chabanne, H., Icart, T.: Efficient zero-knowledge identification schemes which respect privacy. In: Proceedings of ASIACCS ’09, pp. 195–205. ACM Press, New York (2009)Google Scholar
  22. 22.
    Sadeghi, A.R., Visconti, I., Wachsmann, C.: Efficient RFID security and privacy with anonymizers. In: Workshop on RFID Security, RFIDSec (2009)Google Scholar
  23. 23.
    Sadeghi, A.R., Visconti, I., Wachsmann, C.: Anonymizer-enabled security and privacy for RFID. In: Miyaji, A., Echizen, I., Okamoto, T. (eds.) CANS 2009. LNCS, vol. 5888, pp. 134–153. Springer, Heidelberg (2009)Google Scholar
  24. 24.
    Goldreich, O., Micali, S., Wigderson, A.: How to Play any Mental Game—A Completeness Theorem for Protocols with Honest Majority. In: Proc. of ACMSTOC, pp. 218–229 (1987)Google Scholar
  25. 25.
    Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof-Systems. SIAM J. on Computing 18(6), 186–208 (1989)Google Scholar
  26. 26.
    Sadeghi, A.R., Visconti, I., Wachsmann, C.: PUF-enhanced RFID security and privacy. In: Workshop on Secure Component and System Identification (SECSI) (2010)Google Scholar
  27. 27.
    Kirschenbaum, I., Wool, A.: How to build a low-cost, extended-range RFID skimmer. ePrint, Report 2006/054 (2006)Google Scholar
  28. 28.
    Avoine, G., Lauradoux, C., Martin, T.: When compromised readers meet RFID. In: Workshop on RFID Security (RFIDSec) (2009)Google Scholar
  29. 29.
    Garcia, F.D., van Rossum, P.: Modeling privacy for off-line RFID systems. In: Workshop on RFID Security (RFIDSec) (2009)Google Scholar
  30. 30.
    Nithyanand, R., Tsudik, G., Uzun, E.: Readers behaving badly: Reader revocation in PKI-based RFID systems. Cryptology ePrint Archive, Report 2009/465 (2009)Google Scholar
  31. 31.
    Sadeghi, A.R., Visconti, I., Wachsmann, C.: On rfid privacy with mutual authentication and tag corruption — Extended Version. ePrint (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Frederik Armknecht
    • 1
  • Ahmad-Reza Sadeghi
    • 2
  • Ivan Visconti
    • 3
  • Christian Wachsmann
    • 2
  1. 1.University of MannheimGermany
  2. 2.Horst Görtz Institute for IT-Security (HGI)Ruhr-University BochumGermany
  3. 3.Dipartimento di Informatica ed ApplicazioniUniversity of SalernoItaly

Personalised recommendations