Anonymous Authentication for RFID Systems

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6370)


In this paper, we present an anonymous authentication scheme that allows RFID tags to authenticate to readers without disclosing the tag identity or any other information that allows tags to be traced. The properties of our scheme are very useful for a variety of access control systems, where it is sufficient or mandatory to verify the authenticity of a tag without inferring its identity.

Our scheme is based on the recently proposed anoymizer-approach, where additional devices (called anonymizers) frequently interact with the tags to ensure anonymity and unlinkability of tags. This allows using cost-effective RFID tags that cannot perform public-key cryptography in an efficient and scalable way. Our solution provides (i) anonymity and untracability of tags against readers, (ii) secure tag authentication even against collusions of malicious readers and anonymizers, and (iii) security against denial-of-service attacks.


RFID Privacy Anonymity Authentication 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Atmel Corporation: Innovative IDIC solutions (2007),
  2. 2.
    NXP Semiconductors: MIFARE Smartcard ICs (September 2008),
  3. 3.
    Sadeghi, A.R., Visconti, I., Wachsmann, C.: User privacy in transport systems based on RFID e-tickets. International Workshop on Privacy in Location-Based Applications (PiLBA), Malaga, Spain (October 9, 2008)Google Scholar
  4. 4.
    Organization, I.C.A.: Machine Readable Travel Documents, Doc 9303, Part 1 Machine Readable Passports, 5 (edn.) (2003)Google Scholar
  5. 5.
    Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 50–59. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Juels, A.: RFID security and privacy: A research survey. Journal of Selected Areas in Communication 24(2), 381–395 (2006)CrossRefMathSciNetGoogle Scholar
  7. 7.
    Sadeghi, A.R., Visconti, I., Wachsmann, C.: Location privacy in RFID applications. In: Bettini, C., Jajodia, S., Samarati, P., Wang, X.S. (eds.) Privacy in Location-Based Applications. LNCS, vol. 5599, pp. 127–150. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Sadeghi, A.R., Visconti, I., Wachsmann, C.: On RFID privacy with mutual authentication and tag corruption. In: Zhou, J. (ed.) ACNS 2010. LNCS, vol. 6123, pp. 493–510. Springer, Heidelberg (2010)Google Scholar
  9. 9.
    Avoine, G.: RFID Lounge (April 2010),
  10. 10.
    Heydt-Benjamin, T.S., Chae, H.J., Defend, B., Fu, K.: Privacy for Public Transportation. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 1–19. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Blass, E.O., Kurmus, A., Molva, R., Strufe, T.: PSP: Private and secure payment with RFID. Cryptology ePrint Archive, Report 2009/181 (2009)Google Scholar
  12. 12.
    Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard Java Card. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 600–610. ACM Press, New York (2009)Google Scholar
  13. 13.
    Avoine, G., Lauradoux, C., Martin, T.: When compromised readers meet RFID. In: RFIDSec 2009 (2009)Google Scholar
  14. 14.
    Garcia, F.D., van Rossum, P.: Modeling privacy for off-line RFID systems. In: RFIDSec 2009 (2009)Google Scholar
  15. 15.
    Nithyanand, R., Tsudik, G., Uzun, E.: Readers behaving badly: Reader revocation in PKI-based RFID systems. Cryptology ePrint Archive, Report 2009/465 (2009)Google Scholar
  16. 16.
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)Google Scholar
  18. 18.
    Chen, L., Morrissey, P., Smart, N.P.: DAA: Fixing the pairing based protocols. Cryptology ePrint Archive, Report 2009/198 (2009)Google Scholar
  19. 19.
    Spirtech: CALYPSO functional specification: Card application, version 1.3. (October 2005),
  20. 20.
    Juels, A., Pappu, R.: Squealing Euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal re-encryption for mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Saito, J., Ryou, J.C., Sakurai, K.: Enhancing privacy of universal re-encryption scheme for RFID tags. In: Yang, L.T., Guo, M., Gao, G.R., Jha, N.K. (eds.) EUC 2004. LNCS, vol. 3207, pp. 879–890. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  23. 23.
    Ateniese, G., Camenisch, J., de Medeiros, B.: Untraceable RFID tags via insubvertible encryption. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 92–101. ACM Press, New York (2005)CrossRefGoogle Scholar
  24. 24.
    Sadeghi, A.R., Visconti, I., Wachsmann, C.: Anonymizer-enabled security and privacy for RFID. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 134–153. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Avoine, G.: Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049 (2005)Google Scholar
  26. 26.
    Juels, A., Weis, S.A.: Defining strong privacy for RFID. Cryptology ePrint Archive, Report 2006/137 (2006)Google Scholar
  27. 27.
    Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  28. 28.
    Burmester, M., Le, T.V., Medeiros, B.D., Tsudik, G.: Universally composable RFID identification and authentication protocols. ACM Transactions on Information and System Security (TISSEC) 12(4) (2009)Google Scholar
  29. 29.
    Liu, J.K., Baek, J., Zhou, J., Yang, Y., Wong, J.W.: Efficient online/offline identity-based signature for wireless sensor network. Cryptology ePrint Archive, Report 2010/003 (2010)Google Scholar
  30. 30.
    Atmel Corporation: Secure RFID: CryptoRF (July 2009),
  31. 31.
    NXP Semiconductors: MiFare SmartMX (July 2009),
  32. 32.
    Tuyls, P., Batina, L.: RFID-tags for anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  33. 33.
    Bolotnyy, L., Robins, G.: Physically unclonable function-based security and privacy in RFID systems. In: Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications, pp. 211–220. IEEE Computer Society, Los Alamitos (2007)CrossRefGoogle Scholar
  34. 34.
    Devadas, S., Suh, E., Paral, S., Sowell, R., Ziola, T., Khandelwal, V.: Design and implementation of PUF-based unclonable RFID ICs for anti-counterfeiting and security applications. In: IEEE International Conference on RFID 2008, Las Vegas, NV, USA, April 16–17, pp. 58–64. IEEE Computer Society, Los Alamitos (2008)CrossRefGoogle Scholar
  35. 35.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  36. 36.
    Smart, N.: D.SPA.7 ECRYPT2 yearly report on algorithms and keysizes (2008-2009), (August 2008)
  37. 37.
    Chen, L., Page, D., Smart, N.: On the design and implementation of an efficient DAA scheme. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 223–237. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  38. 38.
    Bellare, M., Desai, A., Jokipii, E., Rogawayy, P.: A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation. In: Proceedings of the 38th Symposium on Foundations of Computer Science. IEEE, Los Alamitos (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  1. 1.University of MannheimGermany
  2. 2.Hewlett Packard LabsBristolUK
  3. 3.Horst Görtz Institute for IT-Security (HGI)Ruhr-University BochumGermany

Personalised recommendations