Skip to main content
SpringerLink
Log in

Addressing Insecurities and Violations of Privacy

  • Chapter
Networked RFID Systems and Lightweight Cryptography

Abstract

RFID systems, and indeed other forms of wireless technologies, are now a pervasive form of computing. In the context of security and privacy, the most threatening (to privacy) and vulnerable (to insecurity) are the ‘low cost RFID systems’. The problems are further aggravated by the fact that it is this form of RFID that is set to proliferate through various consumer goods supply chains throughout the world. This is occurring through the actions of multinational companies like Wal-Mart, Tesco, Metro UPS and of powerful government organizations such as the United States DOD (Department Of Defence) and FDA (Food and Drug Administration). This paper examines the vulnerabilities of current low cost RFID systems and explores the security and privacy threats posed as a result of those vulnerabilities. The paper will also formulate a framework for defining the problem space constructed around low cost RFID systems, and consider the challenges faced in engineering solutions to overcome the defencelessness of low cost RFID systems. Security issues beyond and including interrogators will not be considered as such concerns may be easily resolved using existing technology and knowledge, and because interrogators are powerful devices where complex encryption and decryption operations may be performed using either the embedded systems, DSPs, or using hardware implementation of encryption engines on a FPGA device onboard a reader.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Verichip corporation home page. Available from:http://www.4verichip.com/ (06.2006)

    Google Scholar 

  2. Sarma, S.: Towards The 5c Tag. In: Technical Report MIT-AUTOID-WH-006 (2001). Available from: http://www.autoidcenter.org/research/ MIT-AUTOID-WH-006.pdf

    Google Scholar 

  3. EM Micro Readies New RFID Chip. In: RFID Journal news article, March (2003). Available from: http://www.rfidjournal.com/article/articleview/350/1/1 (06.2006)

    Google Scholar 

  4. Takaragi, T., Usami, M., Imura, R., Itsuki, R., Satoh, T.: An Ultra small individual recognition security chip. In: IEEE Micro, November-December (2001)

    Google Scholar 

  5. EPCglobal Inc.: Specification for RFID air interface (2007). Available from: http://www.epcglobalinc.org/standards_technology/EPCglobal2UHFRFIDProtocolV 109122005.pdf.

    Google Scholar 

  6. ITU, International Telecommunication Union. Available from: http://www.itu.int/ home/index.html (06/2006)

    Google Scholar 

  7. FCC Regulations, Title 47, Telecommunications, Paper 1, Part 15, Radio frequency devices, http://www.fcc.gov (2005)

    Google Scholar 

  8. ETSI, European Telecommunications Standards Institute, ETSI EN 302 208–1 V1.1.1 (2004–09), http://www.etsi.org/ (2006)

    Google Scholar 

  9. Cole, P.H., Ranasinghe, D. C., Jamali, B.: Coupling relations in RFID systems. In: Auto-ID Center white paper, June (2003)

    Google Scholar 

  10. Cole, P.H.: A study of factors affecting the design of EPC antennas and readers for supermarket shelves. In: Auto-ID Center workshop, October (2003)

    Google Scholar 

  11. Finkenzeller, K.: RFID Handbook: Radio Frequency Identification Fundamentals and Applications. John Wiley & Sons, New York (1999)

    Google Scholar 

  12. RFID Privacy and corporate data. In: RFID Journal, 2 June (2003). Available from: http://www.rfidjournal.com (08.2005)

    Google Scholar 

  13. Ranasinghe, D.C.: New directions in advanced RFID systems. In: PhD Thesis submitted to the University of Adelaide, School of Electrical and Electronic Engineering (2007)

    Google Scholar 

  14. A. Juels, “RFID Security and Privacy: A research Survey”, RSA Laboratories, September 2005

    Google Scholar 

  15. Bono, S., Green, M., Stubblefield, A., Juels, A., Rubin A., Szydlo, M.: Security analysis of a cryptographically-enabled RFID Device. In: Proceedings of 14th USENIX Security Symposium (2005) 1–16

    Google Scholar 

  16. Westhues, J.: Hacking the prox card. In: RFID: Applications, Security and Privacy, Addison-Wesley (2005) 291–300

    Google Scholar 

  17. Albrecht, K.: Chipping workers poses huge security risks, February (2006). Available from: http://www.freemarketnews.com/Analysis/139/3812/ 2006–02–15.asp?wid = 139&nid = 3812 (06.2006)

    Google Scholar 

  18. Ker, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard systems. In: Proceedings IEEE/CreateNet SecureComm (2005) 47–58

    Google Scholar 

  19. Rieback, M. R., Crispo, R., Tanenbaum, A. S.: Is your cat infected with a computer virus? In: Fourth IEEE International Conference on Pervasive Computing and Communications (percom) (2006) 169–179

    Google Scholar 

  20. Oren, Z., Shamir, A.: Power analysis of RFID tags (2006). Available from: http://www.wisdom.weizmann.ac.il/~yossio/rfid/ (03.2006)

    Google Scholar 

  21. Avoine, G, Oeschlin, P.: RFID traceability: a multilayer problem. In: Financial Cryptography (2005)

    Google Scholar 

  22. Weigart, S.H.: Physical security devices for computer subsystems: a survey of attacks and defences. In: Workshop on Cryptographic Hardware and Embedded Systems, LNCS, Vol. 1965. Springer-Verlag, Berlin Heidelberg New York (2000) 302–317

    Google Scholar 

  23. Anderson, R., Kuhn, M.: Low cost attacks on tamper resistant devices. In: International Workshop on Security Protocols, LNCS. Springer-Verlag, Berlin Heidelberg New York (1997)

    Google Scholar 

  24. Bovenlander, E.: Invited talk on smartcard security. In: Eurocrypt 97 (1997)

    Google Scholar 

  25. Boycott Benetton web site. Available from: http:/www.boycottbenetton.com (12.2005)

    Google Scholar 

  26. Benetton, M.: Benetton explains RFID privacy flap. In: RFID Journal, 23 June (2004). Available from: http://www.rfidjournal.com/article/articleview/471/1/1/ (06.2006)

    Google Scholar 

  27. Roberti, M.: Analysis: RFID and Wal-Mart. News article, September (2003). Available from: http://www.cioinsight.com/article2/0,1540,1455103,00.asp(06.2005)

    Google Scholar 

  28. Jha, A.: Tesco tests spy chip technology. In: The guardian, 19 July (2003). Available from: http://www.guardian.co.uk/uk_news/story/0,3604,1001211,00.html (06.2005)

    Google Scholar 

  29. Spychips web site. Available from: http://www.spychips.com (12.2005)

    Google Scholar 

  30. J Collins. Marks & Spencer expands RFID retail trial. In: RFID Journal, 10 February (2004)

    Google Scholar 

  31. Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practice, and architectures. In: Pfitzmann, B., McDaniel, P. (eds.): ACM Conference on Communications Security, ACM Press (2004) 210–219

    Google Scholar 

  32. RFID Upgrades Gets Goods to Iraq. In: RFID Journal, 23 July (2004)

    Google Scholar 

  33. Menezes, A., Van Oorchot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, New York (1996)

    Book  Google Scholar 

  34. Stajano, F., Anderson, R.: The resurrecting duckling: security issues for ad-hoc wireless networks. In: International Workshop on Security Protocols, LNCS, Vol. 1796. Springer-Verlag, Berlin Heidelberg New York (1999) 172–194

    Google Scholar 

  35. Clarke, R.: Introduction to data surveillance and information privacy and definition of terms, August (1997). Available from: http://www.anu.edu.au/people/ Roger.Clarke/DV/ Intro.html#Id (01.2006)

    Google Scholar 

  36. Subirana, B., Bain, M.: Towards Legal Programming of Software Agents. Research Monograph, Kluwer (2004)

    Google Scholar 

  37. Commonwealth Freedom of information Act 1982, Australia (1982)

    Google Scholar 

  38. Commonwealth Privacy Act 1988, Australia (1998)

    Google Scholar 

  39. Electronic Privacy Information Centre, EPIC web site. Available from: http://www.epic.org (03.2004)

    Google Scholar 

  40. Beresford, A., Stajano, F.: Location privacy in pervasive computing. In: Pervasive computing, January-March (2003)

    Google Scholar 

  41. Schnier, B.: Applied Cryptography Protocols: Algorithms, and Source Code in C. John Wiley & Sons, Inc., New York (1994)

    Google Scholar 

  42. Stinson, D.R.: Cryptography Theory and Practice. CRC Press, New York (1995)

    MATH  Google Scholar 

  43. Juels, A., Pappu, R.: Squealing euros: privacy protection in RFID Enabled banknotes. Financial Cryptography (2002)

    Google Scholar 

  44. Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Security in PervasiveComputing (2003)

    Google Scholar 

  45. Rabaey, J.M., Chandrakasan A., Nikolic, B.: Digital integrated circuits - A design perspective. 2nd edn., Prentice Hall, New Jersey (2003)

    Google Scholar 

  46. Rabaey, J., Pedram, M.: Low-Power Design Methodologies. Kulwer Academic Publishers, (1996)

    Google Scholar 

  47. Juels, A., Weis, S.A.: Defining strong privacy for RFID. In: RSA Laboratories (2006)

    Google Scholar 

  48. Avoine, G.: Adversary model for radio frequency identification. In: Technical Report, Security and Cryptography Laboratory, Swiss Federal Institute of Technology; Lausanne; (2005)

    Google Scholar 

  49. Nohara, Y., Inoue, S., Baba, K., Yasuura, H.: Quantitative evaluation of unlinkable ID matching schemes. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society. ACM Press (2005) 55–60

    Google Scholar 

  50. Aigner, M.: Crypto implementations for RFID tags, presentation, Graz University of Technology (2006)

    Google Scholar 

  51. Wolfram, S.: A New Kind of Science. 2nd edn., Wolfram Media (2002)

    Google Scholar 

  52. Wolfram, S.: Cryptography with cellular automata. In: Advances in Cryptology: Crypto ”85 Proceedings, LNCS, Vol. 218. Springer-Verlag, Berlin Heidelberg New York (1986) 429–432

    Google Scholar 

  53. Daemen, J., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Advances in Cryptology, LNCS. Springer-Verlag, Berlin Heidelberg New York (1991)

    Google Scholar 

  54. Sen, A., Shaw, C., Chowdhuri, D.R., Ganguly, N., Chaudhuri, P.P.: Cellular automata based cryptosystem (CAC). LNCS, Vol. 2513. Springer-Verlag, Berlin Heidelberg New York (2003) 303–314

    Google Scholar 

  55. Blackburn, S.R., Murphy, S., Paterson, K.G.: Comments on “theory and applications of cellular automata in cryptography”. In: IEEE Transactions on Computers, Vol. 46 (5) (1997) 637–638

    Article  MathSciNet  Google Scholar 

  56. Bardell, P.H.: Analysis of cellular automata used as pseudorandom pattern generators. In: Proceedings of 1990 International Text Conference, (1990) 762–768

    Google Scholar 

  57. Meyer, C.H., Tuchman, W.L.: Pseudo-random codes can be cracked. In: Electronic Design, Vol. 23 (1972)

    Google Scholar 

  58. Meyer, C.H., Tuchman, W.L.: Design considerations of cryptography. In: Proceedings of the NCC, Vol. 42. Montvale, N.J. AFIPS Press (1972) 594–597

    Google Scholar 

  59. Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A ring-based public key cryptosystem. In: Proceedings of ANTS III, Portland, June (1998)

    Google Scholar 

  60. Micciancio, D.: The hardness of the closest vector problem with pre-processing. In: IEEE Transactions on Information Theory, Vol. 47(3) March (2001) 1212–1215

    Article  MathSciNet  MATH  Google Scholar 

  61. Goldreich, O., Goldwasser, S., Halvei, S.: Public-key cryptosystems from lattice reductions problems. In: MIT LCS (1996)

    Google Scholar 

  62. McEliece, R.J.: A public key cryptosystem based on algebraic coding theory. In: JPL Pasadena, (1978)

    Google Scholar 

  63. NTRU web site. Available from: http:www.ntru.com/products/genuid.html (08.2003)

    Google Scholar 

  64. Wheeler, D., Needham, R.: TEA, a Tiny Encryption Algorithm. Computer Laboratory, Cambridge University, England (1994). Available from: http://www.ftp.cl.cam.uk/ftp/papers/djw-rmn/djw-rmn-tea.html (07.1995)

    Google Scholar 

  65. Stnadaert, F., Piret, G., Gershenfeld, N., Quisquater, J.: SEA: A scalable encryption algorithm for small embedded applications. In: CARDIS 2006. LNCS, Vol. 3928, Springer-Verlag, Berlin Heidelberg New York (2006) 222–236

    Google Scholar 

  66. Aigner, M., Feldhofer, M.: Secure symmetric authentication for RFID tags. In: Telecommunications and Mobile Computing TCMC2005, March 8th-9th (2005)

    Google Scholar 

  67. Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems. LNCS, Vol. 3156. Springer- Verlag, Berlin Heidelberg New York (2004) 357–370

    Google Scholar 

  68. Wolkerstorfer, J.: Is elliptic-curve cryptography suitable to secure RFID tags? In: Workshop on RFID and Light-Weight Cryptography, Graz, Austria (2005)

    Google Scholar 

  69. Martin, F., Manfred, A., Sandra, D.: An application of RFID tags using secure symmetric authentication. In: Proceedings of 1st International Workshop on Privacy and Trust in Pervasive and Ubiquitous Computing, Santorini Island, Greece, July 14 (2005) 43–49

    Google Scholar 

  70. Tillich, S., Großschädl, J.: Accelerating AES using instruction set extensions for elliptic curve cryptography. In: Proceedings of Computational Science and Its Applications. LNCS, Vol. 3481. Springer-Verlag, Berlin Heidelberg New York (2005) 665–675

    Google Scholar 

  71. Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I.: An Elliptic Curve Processor Suitable For RFID-Tags. In: Cryptology ePrint Archive, Report 2006/227, (2006). Available from: http://eprint.iacr.org/ (09.2006)

    Google Scholar 

  72. Hopper, N.J., Blum, M.: Secure human identification protocols. In: LNCS, Vol 2248. Springer-Verlag, Berlin Heidelberg New York (2001) 52

    Google Scholar 

  73. Juels, A., Weis., S.: Authenticating pervasive devices with human protocols. In: Advances in Cryptology, Crypto 2005. LNCS, Vol. 3621. Springer-Verlag, Berlin Heidelberg New York (2005) 293–308

    Google Scholar 

  74. Katz, J., Shin, J.S.: Parallel and Concurrent Security of the HB and HB + Protocols. In: Eurocrypt 2006 (2006)

    Google Scholar 

  75. Dimitriou, T.: A Lightweight RFID Protocol to Protect Against Traceability and Cloning Attacks. In: Proceedings of IEEE Conference on Security and Privacy for Emerging Areas in Communication Networks – SECURECOMM (2005)

    Google Scholar 

  76. Pramuthu, S.: HB and related lightweight authentication protocols for secure RFID tag/reader authentication. In: CollECTeR Europe Conference, Basel, Switzerland

    Google Scholar 

  77. Bringer, J., Chabanne, H., Dottax, E.: HB + + : A lightweight authentication protocol secure against some attacks. In: Security, Privacy and Trust in Pervasive and Ubiquitous Computing, June (2006)

    Google Scholar 

  78. Gilbert, H. Rodshaw, M., Sibert, H.: An active attack against HB + - a provabaly secure lightweight authentication protocol. In: IEE Electronic Letters, Vol 41 (21) (2005) 1169–1170

    Article  Google Scholar 

  79. Ranasinghe, D.C., Engels, D.W., Cole, P.H.: Security and privacy solutions for low cost RFID systems. In: Proc. of the 2004 Intelligent Sensors, Sensor Networks & Information Processing Conference, Melbourne, Australia (2004) 337–342

    Google Scholar 

  80. Juels, A.: Minimalist cryptography for low cost RFID tags. LNCS, Vol. 3352. Springer-Verlag, Berlin Heidelberg New York (2001) 149–164

    Google Scholar 

  81. Szewczykowski: United States Patent, Patent number 5818021,Date of patent Oct. 6 (1998)

    Google Scholar 

  82. Cole, P. H.: Secure Data Tagging Systems. In: International Patent Application, Applicant TagSys Australia Pty. Ltd, Patent number PCT/AU02/01671, 10 Feb. (2003)

    Google Scholar 

  83. Chabanne, H., Avoine, G.: Noisy cryptographic protocols for low RFID tags. In: Workshop on RFID lightweight Crypto (2005)

    Google Scholar 

  84. Castelluccia, C., Avoine, G.: Noisy tags: a pretty good key exchange protocol for RFID tags. In: International Conference on Smart Card Research and Advanced Applications (CARDIS”06), Spain, April (2006)

    Google Scholar 

  85. Juels, A., Rivest, R.L., Mszydlo: The blocker tag: selective blocking of RFID tags for consumer privacy. In: Atluri, V. (ed.): 8th ACM conference on Computer and Communications Security. ACM Press (2003) 103–111

    Google Scholar 

  86. Jules, R., Daniels, T., Mina, M., Russell, S.: A small fingerprinting paradigm for physical layer security in conventional and sensor networks. In: IEEE/CreateNet Secure Comm, (2005)

    Google Scholar 

  87. Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: IEEE SecureComm, Athens (2005)

    Google Scholar 

  88. Tsudik, G.: YA-TRAP: Yet another trivial RFID authentication protocol. In: International Conference on Pervasive Computing and Communications – PerCom, Pisa, Italy, March (2006)

    Google Scholar 

  89. Herzberg, A., Krawczyk, H., Tsudik, G.: On traveling incognito. In: IEEE Workshop on Mobile Systems and Applications, December (1994)

    Google Scholar 

  90. Chatmon, C., Le, T.V., Burmester, M.: Secure anonymous RFID authentication protocols. Technical Report TR-060112, Florida State University, Department of Computer Science, Tallahassee, Florida, USA (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Electrical and Electronic Engineering, University of Adelaide, 5005, Adelaide, Australia

    Damith C. Ranasinghe & Peter H. Cole

Authors
  1. Damith C. Ranasinghe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peter H. Cole
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Electrical and Electronic Engineering, University of Adelaide, 5005, Adelaide, Australia

    Peter H. Cole  & Damith C. Ranasinghe  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Ranasinghe, D., Cole, P. (2008). Addressing Insecurities and Violations of Privacy. In: Cole, P., Ranasinghe, D. (eds) Networked RFID Systems and Lightweight Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71641-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-71641-9_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-71640-2

  • Online ISBN: 978-3-540-71641-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation