Skip to main content

Anonymous Authentication for RFID Systems

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 6370)

Abstract

In this paper, we present an anonymous authentication scheme that allows RFID tags to authenticate to readers without disclosing the tag identity or any other information that allows tags to be traced. The properties of our scheme are very useful for a variety of access control systems, where it is sufficient or mandatory to verify the authenticity of a tag without inferring its identity.

Our scheme is based on the recently proposed anoymizer-approach, where additional devices (called anonymizers) frequently interact with the tags to ensure anonymity and unlinkability of tags. This allows using cost-effective RFID tags that cannot perform public-key cryptography in an efficient and scalable way. Our solution provides (i) anonymity and untracability of tags against readers, (ii) secure tag authentication even against collusions of malicious readers and anonymizers, and (iii) security against denial-of-service attacks.

Keywords

  • RFID
  • Privacy
  • Anonymity
  • Authentication

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-16822-2_14
  • Chapter length: 18 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   69.99
Price excludes VAT (USA)
  • ISBN: 978-3-642-16822-2
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   89.99
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Atmel Corporation: Innovative IDIC solutions (2007), http://www.atmel.com/dyn/resources/prod_documents/doc4602.pdf

  2. NXP Semiconductors: MIFARE Smartcard ICs (September 2008), http://www.mifare.net/products/smartcardics/

  3. Sadeghi, A.R., Visconti, I., Wachsmann, C.: User privacy in transport systems based on RFID e-tickets. International Workshop on Privacy in Location-Based Applications (PiLBA), Malaga, Spain (October 9, 2008)

    Google Scholar 

  4. Organization, I.C.A.: Machine Readable Travel Documents, Doc 9303, Part 1 Machine Readable Passports, 5 (edn.) (2003)

    Google Scholar 

  5. Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 50–59. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  6. Juels, A.: RFID security and privacy: A research survey. Journal of Selected Areas in Communication 24(2), 381–395 (2006)

    CrossRef  MathSciNet  Google Scholar 

  7. Sadeghi, A.R., Visconti, I., Wachsmann, C.: Location privacy in RFID applications. In: Bettini, C., Jajodia, S., Samarati, P., Wang, X.S. (eds.) Privacy in Location-Based Applications. LNCS, vol. 5599, pp. 127–150. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  8. Sadeghi, A.R., Visconti, I., Wachsmann, C.: On RFID privacy with mutual authentication and tag corruption. In: Zhou, J. (ed.) ACNS 2010. LNCS, vol. 6123, pp. 493–510. Springer, Heidelberg (2010)

    Google Scholar 

  9. Avoine, G.: RFID Lounge (April 2010), http://www.avoine.net/rfid/

  10. Heydt-Benjamin, T.S., Chae, H.J., Defend, B., Fu, K.: Privacy for Public Transportation. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 1–19. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  11. Blass, E.O., Kurmus, A., Molva, R., Strufe, T.: PSP: Private and secure payment with RFID. Cryptology ePrint Archive, Report 2009/181 (2009)

    Google Scholar 

  12. Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard Java Card. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 600–610. ACM Press, New York (2009)

    Google Scholar 

  13. Avoine, G., Lauradoux, C., Martin, T.: When compromised readers meet RFID. In: RFIDSec 2009 (2009)

    Google Scholar 

  14. Garcia, F.D., van Rossum, P.: Modeling privacy for off-line RFID systems. In: RFIDSec 2009 (2009)

    Google Scholar 

  15. Nithyanand, R., Tsudik, G., Uzun, E.: Readers behaving badly: Reader revocation in PKI-based RFID systems. Cryptology ePrint Archive, Report 2009/465 (2009)

    Google Scholar 

  16. Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  17. Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)

    Google Scholar 

  18. Chen, L., Morrissey, P., Smart, N.P.: DAA: Fixing the pairing based protocols. Cryptology ePrint Archive, Report 2009/198 (2009)

    Google Scholar 

  19. Spirtech: CALYPSO functional specification: Card application, version 1.3. (October 2005), http://calypso.spirtech.net/

  20. Juels, A., Pappu, R.: Squealing Euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  21. Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal re-encryption for mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  22. Saito, J., Ryou, J.C., Sakurai, K.: Enhancing privacy of universal re-encryption scheme for RFID tags. In: Yang, L.T., Guo, M., Gao, G.R., Jha, N.K. (eds.) EUC 2004. LNCS, vol. 3207, pp. 879–890. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  23. Ateniese, G., Camenisch, J., de Medeiros, B.: Untraceable RFID tags via insubvertible encryption. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 92–101. ACM Press, New York (2005)

    CrossRef  Google Scholar 

  24. Sadeghi, A.R., Visconti, I., Wachsmann, C.: Anonymizer-enabled security and privacy for RFID. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 134–153. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  25. Avoine, G.: Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049 (2005)

    Google Scholar 

  26. Juels, A., Weis, S.A.: Defining strong privacy for RFID. Cryptology ePrint Archive, Report 2006/137 (2006)

    Google Scholar 

  27. Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  28. Burmester, M., Le, T.V., Medeiros, B.D., Tsudik, G.: Universally composable RFID identification and authentication protocols. ACM Transactions on Information and System Security (TISSEC) 12(4) (2009)

    Google Scholar 

  29. Liu, J.K., Baek, J., Zhou, J., Yang, Y., Wong, J.W.: Efficient online/offline identity-based signature for wireless sensor network. Cryptology ePrint Archive, Report 2010/003 (2010)

    Google Scholar 

  30. Atmel Corporation: Secure RFID: CryptoRF (July 2009), http://www.atmel.com/products/SecureRF

  31. NXP Semiconductors: MiFare SmartMX (July 2009), http://www.mifare.net/products/smartcardics/smartmx.asp

  32. Tuyls, P., Batina, L.: RFID-tags for anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  33. Bolotnyy, L., Robins, G.: Physically unclonable function-based security and privacy in RFID systems. In: Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications, pp. 211–220. IEEE Computer Society, Los Alamitos (2007)

    CrossRef  Google Scholar 

  34. Devadas, S., Suh, E., Paral, S., Sowell, R., Ziola, T., Khandelwal, V.: Design and implementation of PUF-based unclonable RFID ICs for anti-counterfeiting and security applications. In: IEEE International Conference on RFID 2008, Las Vegas, NV, USA, April 16–17, pp. 58–64. IEEE Computer Society, Los Alamitos (2008)

    CrossRef  Google Scholar 

  35. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  36. Smart, N.: D.SPA.7 ECRYPT2 yearly report on algorithms and keysizes (2008-2009), http://www.ecrypt.eu.org/documents/D.SPA.7.pdf (August 2008)

  37. Chen, L., Page, D., Smart, N.: On the design and implementation of an efficient DAA scheme. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 223–237. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  38. Bellare, M., Desai, A., Jokipii, E., Rogawayy, P.: A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation. In: Proceedings of the 38th Symposium on Foundations of Computer Science. IEEE, Los Alamitos (1997)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Armknecht, F., Chen, L., Sadeghi, AR., Wachsmann, C. (2010). Anonymous Authentication for RFID Systems. In: Ors Yalcin, S.B. (eds) Radio Frequency Identification: Security and Privacy Issues. RFIDSec 2010. Lecture Notes in Computer Science, vol 6370. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16822-2_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16822-2_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16821-5

  • Online ISBN: 978-3-642-16822-2

  • eBook Packages: Computer ScienceComputer Science (R0)