Advertisement

Enhancing RFID Security and Privacy by Physically Unclonable Functions

  • Ahmad-Reza Sadeghi
  • Ivan Visconti
  • Christian WachsmannEmail author
Chapter
Part of the Information Security and Cryptography book series (ISC)

Abstract

Radio frequency identification (RFID) is a technology that enables RFID readers to perform fully automatic wireless identification of objects that are labeled with RFID tags. Initially, this technology was mainly used for electronic labeling of pallets, cartons, and products to enable seamless supervision of supply chains. Today, RFID technology is widely deployed to many other applications as well, including animal and product identification [2, 42], access control [2, 47], electronic tickets [47] and passports [27], and even human implantation [30].

Keywords

Authentication Protocol Auxiliary Information Pseudorandom Function Physically Unclonable Function Privacy Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgments

We wish to thank Frederik Armknecht, Paolo D’Arco, and Alessandra Scafuro for several useful discussions about RFID privacy notions. This work has been supported in part by the European Commission through the FP7 programme under contract 216646 ECRYPT II, 238811 UNIQUE, and 215270 FRONTS, in part by the Ateneo Italo-Tedesco under Program Vigoni and by the MIUR Project PRIN 2008 “PEPPER: Privacy E Protezione di dati PERsonali” (prot. 2008SY2PH4).

References

  1. 1.
    G. Ateniese, J. Camenisch, B. de Medeiros, in Untraceable RFID Tags via Insubvertible Encryption. Proceedings of the 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 7–11 Nov 2005 (ACM Press, 2005), pp. 92–101Google Scholar
  2. 2.
    Atmel Corporation. Innovative IDIC solutions. http://www.atmel.com/dyn/resources/ prod_documents/doc4602.pdf, 2007
  3. 3.
    Gildas Avoine. Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049, 2005.Google Scholar
  4. 4.
    G. Avoine, E. Dysli, P. Oechslin, in Reducing Time Complexity in RFID systems. 12th International Workshop on Selected Areas in Cryptography (SAC), Kingston, ON, Canada, 11–12 Aug 2005. Lecture Notes in Computer Science, vol. 3897 (Springer, Berlin, 2005), pp. 291–306Google Scholar
  5. 5.
    G. Avoine, C. Lauradoux, T. Martin in When Compromised Readers Meet RFID. The 5th Workshop on RFID Security 2009, Leuven, Belgium, 30 June–2 July, 2009Google Scholar
  6. 6.
    L. Bolotnyy, G. Robins, in Physically Unclonable Function-Based Security and Privacy in RFID systems. Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications, White Plains, NY, USA, 19–23 Mar 2007 (IEEE Computer Society, Washington, DC, 2007)Google Scholar
  7. 7.
    M. Burmester, T. van Le, B. de Medeiros, Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols. Proceedings of Second International Conference on Security and Privacy in Communication Networks (SecureComm), Baltimore, MD, USA, 28 Aug–1 Sept 2006 (IEEE Computer Society, Washington, DC, 2006), pp. 1–9Google Scholar
  8. 8.
    I. Damgård, M. Østergaard, RFID Security: Tradeoffs Between Security and Efficiency. Cryptology ePrint Archive, Report 2006/234, 2006Google Scholar
  9. 9.
    P. D’Arco, A. Scafuro, I. Visconti, in Revisiting DoS Attacks and Privacy in RFID-Enabled Networks. Proceedings of ALGOSENSORS, Rhodes, Greece, 10–11 July 2009. Lecture Notes in Computer Science (Springer, July 2009)Google Scholar
  10. 10.
    P. D’Arco, A. Scafuro, I. Visconti, in Semi-Destructive Privacy in DoS-Enabled RFID Systems. Proceedings of RFIDSec, Leuven, Belgium, 30 June-2 July 2009, July 2009Google Scholar
  11. 11.
    S. Devadas, E. Suh, S. Paral, R. Sowell, T. Ziola, V. Khandelwal, in Design and Implementation of PUF-Based Unclonable RFID ICs for Anti-counterfeiting and Security Applications. IEEE International Conference on RFID 2008, Las Vegas, NV, USA, 16–17 April, 2008 (IEEE Computer Society, 2008), pp. 58–64Google Scholar
  12. 12.
    T. Dimitriou, in A Lightweight RFID Protocol to Protect Against Traceability and Cloning Attacks. Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm) Athens, Greece, 5–9 Sept 2005 (IEEE Computer Society, 2005), pp. 59–66Google Scholar
  13. 13.
    Y. Dodis, L. Reyzin, A. Smith, Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2–6 May, 2004, Proceedings. Lecture Notes in Computer Science, vol. 3027 (Springer, 2004), pp. 523–540Google Scholar
  14. 14.
    Y. Dodis, L. Reyzin, A. Smith, in Security with Noisy Data, chapter Fuzzy Extractors, (Springer, 2007), pp. 79–99Google Scholar
  15. 15.
    EPCglobal Inc. Object Naming Service (ONS), version 1.0, October 2005Google Scholar
  16. 16.
    EPCglobal Inc. Web site of EPCglobal Inc http://www.epcglobalinc.org/, April 2008
  17. 17.
    K. Finkenzeller, RFID-Handbook 2nd edn. (Carl Hanser Verlag, Munich, Germany, Apr 2003). Translated from the 3rd German edition by Rachel Waddington, Swadlincote, UKCrossRefGoogle Scholar
  18. 18.
    D. Frumkin, A. Shamir, Un-Trusted-HB: Security Vulnerabilities of Trusted-HB. Cryptology ePrint Archive, Report 2009/044, 2009Google Scholar
  19. 19.
    B. Gassend, D. Clarke, M. van Dijk, S. Devadas, in Controlled Physical Random Functions. Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, NV, USA, 9–13 Dec 2002 (IEEE Computer Society, 2002), pp. 149–160Google Scholar
  20. 20.
    H. Gilbert, M. Robshaw, H. Silbert, An Active Attack Against HB+ — A Provable Secure Leightweight Authentication Protocol. Cryptology ePrint Archive, Report 2007/237, 2007Google Scholar
  21. 21.
    H. Gilbert, M.J.B. Robshaw, Y. Seurin, in Good Variants of HB+ Are Hard to Find. in G. Tsudik. Financial Cryptography and Data Security, 12th International Conference, FC 2008, Cozumel, Mexico, 28–31 Jan 2008, Revised Selected Papers. Lecture Notes in Computer Science, (Springer, 2008), pp. 156–170Google Scholar
  22. 22.
    P. Golle, M. Jakobsson, A. Juels, P. Syverson, in Universal Re-encryption for Mixnets. The Cryptographers’ Track at the RSA Conference 2004, Proceedings. Lecture Notes in Computer Science, San Francisco, CA, USA, 23–27 Feb 2004 (Springer, 2004), pp. 163–178.Google Scholar
  23. 23.
    J.H. Ha, S.J. Moon, J. Zhou, J.C. Ha, A new formal proof model for RFID location privacy. In Jajodia and Lopez (28), pp. 267–281Google Scholar
  24. 24.
    D. Henrici, P. Müller, in Hash-Based Enhancement of Location Privacy for Radio-Frequency Identification Devices Using Varying Identifiers. Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, Orlando, FL, USA, 14–17 Mar 2004 (IEEE Computer Society, 2004), pp. 149–153Google Scholar
  25. 25.
    D.E. Holcomb, W.P. Burleson, K. Fu, Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags. Conference on RFID Security 2007, Malaga, Spain, 11–13 July 2007Google Scholar
  26. 26.
    M. Hutter, J.-M. Schmidt, T. Plos, RFID and Its Vulnerability to Faults. 10th International Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2008, Washington, DC, USA, 10–13 Aug 2008, Proceedings. Lecture Notes in Computer Science, vol. 5154 (Springer, 2008), pp. 363–379Google Scholar
  27. 27.
    I.C.A. Organization. Machine Readable Travel Documents, Doc 9303, Part 1 Machine Readable Passports, 5th edn., 2003Google Scholar
  28. 28.
    S. Jajodia, J. Lopez (eds.), Computer Security — ESORICS 2008. Lecture Notes in Computer Science, Malaga, Spain, 6–8 Oct 2008, vol. 5283 (Springer, 2008)Google Scholar
  29. 29.
    A. Juels, in Minimalist Cryptography for Low-Cost RFID Tags (Extended Abstract). 4th International Conference on Security in Communication Networks (SCN) 2004, Revised Selected Papers. Lecture Notes in Computer Science, Amalfi, Italy, 8–10 Sep 2004, vol. 3352 (Springer, 2004), pp. 149–164Google Scholar
  30. 30.
    A. Juels, in RFID Security and Privacy: A Research Survey. J. Select. Areas Commun. 24(2), 381–395 (Feb 2006)MathSciNetCrossRefGoogle Scholar
  31. 31.
    A. Juels, R. Pappu, in Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. 7th International Conference on Financial Cryptography (FC) 2003, Revised Papers. Lecture Notes in Computer Science, Gosier, Guadeloupe, FWI, 27–30 Jan 2003, vol. 2742 (Springer, 2003), pp. 103–121Google Scholar
  32. 32.
    A. Juels, S.A. Weis, Authenticating pervasive devices with human protocols. in Advances in Cryptology — CRYPTO 2005, ed. by V. Shoup. 25th Annual International Cryptology Conference, Santa Barbara, CA, USA, 14–18 Aug 2005, Proceedings. Lecture Notes in Computer Science, vol. 3621 (Springer, 2005), pp. 293–308Google Scholar
  33. 33.
    A. Juels, S.A. Weis, Defining Strong Privacy for RFID. Cryptology ePrint Archive, Report 2006/137, 2006Google Scholar
  34. 34.
    J. Katz, in Efficient Cryptographic Protocols Based on the Hardness of Learning Parity with Noise. in S.D. Galbraith. Cryptography and Coding, 11th IMA International Conference, Cirencester, UK, 18–20 Dec 2007, Proceedings. Lecture Notes in Computer Science, vol. 4887 (Springer, 2007), pp. 1–15Google Scholar
  35. 35.
    J. Katz, J.S. Shin, Parallel and concurrent security of the HB and HB+ protocols. in Advances in Cryptology — EUROCRYPT 2006, ed. by S. Vaudenay. 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, St. Petersburg, Russia, 28 May –1 June 2006, Proceedings. Lecture Notes in Computer Science, vol. 4004 (Springer, 2006), pp. 73–87Google Scholar
  36. 36.
    J. Katz, A, Smith, Analyzing the HB and HB+ Protocols in the “Large Error” Case. Cryptology ePrint Archive, Report 2006/326, 2006Google Scholar
  37. 37.
    I. Kirschenbaum, A. Wool, How to Build a Low-Cost, Extended-Range RFID Skimmer. Cryptology ePrint Archive, Report 2006/054, 2006Google Scholar
  38. 38.
    O. Kömmerling, M.G. Kuhn, in Design Principles for Tamper-Resistant Smartcard Processors. Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, Chicago, IL, 10–11 May 1999Google Scholar
  39. 39.
    P.C. Kocher, in Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. 16th Annual International Cryptology Conference, Santa Barbara, CA, USA, Proceedings, 18–22 Aug 1996. Lecture Notes in Computer Science, vol. 1109 (Springer, 1996), pp. 104–113Google Scholar
  40. 40.
    C.H. Lim, T. Kwon, in Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer. 8th International Conference on Information and Communications Security (ICICS), Raleigh, NC, USA, 4–7 Dec 2006. Lecture Notes in Computer Science, vol. 4307 (Springer, 2006), pp. 1–20Google Scholar
  41. 41.
    S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks Revealing the Secrets of Smart Cards. (Springer, Berlin, 2007)zbMATHGoogle Scholar
  42. 42.
    D. Molnar, D. Wagner, in Privacy and Security in Library RFID: Issues, Practices, and Architectures. Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington, DC, USA, 25–29 Oct 2004 (ACM Press, 2004), pp. 210–219Google Scholar
  43. 43.
    M. Neve, E. Peeters, D. Samyde, J.-J. Quisquater, in Memories: A Survey of Their Secure Uses in Smart Cards. Proceedings of the Second IEEE International Security in Storage Workshop, Washington, DC, USA, 31 Oct 2003 (IEEE Computer Society, 2003), pp. 62–72Google Scholar
  44. 44.
    C.Y. Ng, W. Susilo, Y. Mu, R. Safavi-Naini, in New Privacy Results on Synchronized RFID Authentication Protocols Against Tag Tracing. Proceedings of ESORICS, Saint Malo, France, 21–25 Sept 2009. Lecture Notes in Computer Science, vol. 5789 (Springer, 2009), pp. 321–336Google Scholar
  45. 45.
    C.Y. Ng, W. Susilo, Y. Mu, R. Safavi-Naini, RFID privacy models revisited. In Jajodia and Lopez (28), pp. 251–256Google Scholar
  46. 46.
    NXP Semiconductors. MIFARE Application Directory (MAD) — List of Registered Applications. http://www.nxp.com/acrobat/other/identification/mad_overview_042008. pdf, Apr 2008
  47. 47.
    NXP Semiconductors. MIFARE Smartcard ICs. http://www.mifare.net/products/ smartcardics/, Sept 2008
  48. 48.
    Octopus Holdings. Web site of Octopus Holdings. http://www.octopus.com.hk/en/, June 2008
  49. 49.
    S. Micali, O. Goldreich, S. Goldwasser, How to construct random functions. J. ACM 33(4), 792–807 (1986)MathSciNetCrossRefGoogle Scholar
  50. 50.
    M. Ohkubo, K. Suzuki, S. Kinoshita, in Cryptographic Approach to “Privacy-Friendly” Tags. Presented at the RFID Privacy Workshop (MIT, Cambridge, MA, 15 Nov 2003); rfidprivacy.ex.com/2003/agenda.phpGoogle Scholar
  51. 51.
    M. Ohkubo, K. Suzuki, S. Kinoshita, in Efficient Hash-Chain Based RFID Privacy Protection Scheme. International Conference on Ubiquitous Computing (UbiComp), Workshop Privacy: Current Status and Future Directions, Tokyo, Japan, 11–14 Sept 2005Google Scholar
  52. 52.
    K. Ouafi, R. Overbeck, S. Vaudenay, On the security of HB# against a man-in-the-middle attack. in Advances in Cryptology — ASIACRYPT 2008, ed. by J. Pieprzyk. 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, 7–11 Dec 2008, Proceedings. Lecture Notes in Computer Science, vol. 5350 (Springer, 2008), pp. 108–124Google Scholar
  53. 53.
    R.-I. Paise, S. Vaudenay, in Mutual Authentication in RFID: Security and Privacy. ASIACCS’08: Proceedings of the 2008 ACM Symposium on Information, Alexandria, VA, USA, 27–31 Oct 2008, Computer and Communications Security (ACM Press, 2008), pp. 292–299Google Scholar
  54. 54.
    D.C. Ranasinghe, D.W. Engels, P.H. Cole, in Security and Privacy: Modest Proposals for Low-Cost RFID Systems. Auto-ID Labs Research Workshop, Zurich, Switzerland, 23–24 Sept 2004Google Scholar
  55. 55.
    É. Levieil, P.-A. Fouque, in An Improved LPN Algorithm. Security and Cryptography for Networks, 5th International Conference, SCN 2006, Maiori, Italy, 6–8 Sept 2006, Proceedings. Lecture Notes in Computer Science, (Springer, 2006), pp. 348–359Google Scholar
  56. 56.
    A.-R. Sadeghi, I. Visconti, C. Wachsmann, in User Privacy in Transport Systems Based on RFID E-tickets. International Workshop on Privacy in Location-Based Applications (PiLBA), Malaga, Spain, 9 Oct 2008Google Scholar
  57. 57.
    A.-R. Sadeghi, I. Visconti, C. Wachsmann, in Anonymizer-Enabled Security and Privacy for RFID. The 8th International Conference in Cryptography and Network Security, 12–14 Dec 2009, Kanazawa, Ishikawa, Japan. Lecture Notes in Computer Science (Springer, 2009)Google Scholar
  58. 58.
    A.-R. Sadeghi, I. Visconti, C. Wachsmann, in Location Privacy in RFID Applications. Privacy in Location-Based Applications — Research Issues and Emerging Trends. Lecture Notes in Computer Science, vol. 5599 (Springer, Aug 2009), pp. 127–150Google Scholar
  59. 59.
    J. Saito, J.-C. Ryou, K. Sakurai, in Enhancing Privacy of Universal Re-encryption Scheme for RFID Tags. International Conference on Embedded and Ubiquitous Computing (EUC), Aizu-Wakamatsu City, Japan, Aug 2004, Proceedings. Lecture Notes in Computer Science, vol. 3207 (Springer, 2004), pp. 879–890Google Scholar
  60. 60.
    S.P. Skorobogatov, R.J. Anderson, in Optical Fault Induction Attacks. 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002), Redwood Shores, CA, USA, 13–15 Aug 2002, Revised Papers. Lecture Notes in Computer Science, vol. 2523 (Springer Verlag, 2002), pp. 31–48Google Scholar
  61. 61.
    B. Song, C.J. Mitchell, RFID Authentication Protocol for Low-Cost Tags. Proceedings of the First ACM Conference on Wireless Network Security, Alexandria, VA, USA, 31 Mar-2 Apr 2008 (ACM Press, 2008), pp. 140–147Google Scholar
  62. 62.
    Sony Global. Web site of Sony FeliCa. http://www.sony.net/Products/felica/, June 2008
  63. 63.
    Spirtech. CALYPSO functional specification: Card application, version 1.3. http://calypso.spirtech.net/, Oct 2005
  64. 64.
    G. Tsudik, in YA-TRAP: Yet Another Trivial RFID Authentication Protocol. Proceedings of the 4th Annual IEEE International Conference on Pervasive Computing and Communications Workshops, Pisa, Italy, 13–17 Mar 2006 . Lecture Notes in Computer Science, vol. 2802 (IEEE Computer Society, 2006), pp. 640–643Google Scholar
  65. 65.
    P. Tuyls, L. Batina, in RFID-Tags for Anti-counterfeiting. The Cryptographers’ Track at the RSA Conference, San Jose, CA, USA, 13–17 Feb 2006, Proceedings. Lecture Notes on Computer Science, vol. 3860 (Springer, 2006), pp. 115–131Google Scholar
  66. 66.
    P. Tuyls, B. Škoriç, Tom Kevenaar (eds.), Security with Noisy Data — On Private Biometrics, Secure Key Storage, and Anti-Counterfeiting (Springer, New York, NY, 2007).Google Scholar
  67. 67.
    S. Vaudenay, in On Privacy Models for RFID. 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Sarawak, Malaysia, 2–6 Dec 2007 Proceedings. Lecture Notes in Computer Science, vol. 4833 (Springer, 2007), pp. 68–87Google Scholar
  68. 68.
    S.A. Weis, S.E. Sarma, R.L. Rivest, D.W. Engels, in Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. 1st International Conference on Security in Pervasive Computing, Boppard, Germany, 12–14 Mar 2003 Revised Papers. Lecture Notes in Computer Science, vol. 2802 (Springer, 2003), pp. 50–59Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Ahmad-Reza Sadeghi
    • 1
  • Ivan Visconti
    • 2
  • Christian Wachsmann
    • 3
    Email author
  1. 1.Horst Görtz Institute for IT SecurityRuhr-University BochumBochumGermany
  2. 2.Dipartimento di Informatica ed ApplicazioniUniversity of SalernoSalernoItaly
  3. 3.Horst Görtz Institute for IT-Security (HGI)Ruhr-University BochumBochumGermany

Personalised recommendations