A New Framework for Privacy of RFID Path Authentication

  • Shaoying Cai
  • Robert H. Deng
  • Yingjiu Li
  • Yunlei Zhao
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7341)


RFID-based path authentication enables supply chain managers to verify the exact path that a tag has taken. In this paper, we introduce a new oracle Move that models a tag’s movement along a designed or an arbitrary path in a supply chain. With this oracle, we refine the existing security and privacy notions for RFID-based path authentication. In addition, we propose a new privacy notion, called path privacy, for RFID-based path authentication. Our privacy notion captures the privacy of both tag identity and path information in a single game. Compared to existing two-game based privacy notions, it is more rigorous, powerful, and concise. We also construct a new path authentication scheme. Our scheme does not require the entities in a supply chain to have any connection with each other except in the initial stage. It requires only 480 bits storage and no computational ability on each tag; thus it can be deployed on the standard EPCglobal Class 1 Generation 2 tags in the market.


Supply Chain Learning Phase Supply Chain System Pseudorandom Function Common Step 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Arbit, A., Oren, Y., Wool, A.: Toward Practical Public Key Anti-Counterfeiting for Low-Cost EPC Tags. In: IEEE RFID 2011, Orlando, FL, pp. 184–191 (April 2011)Google Scholar
  3. 3.
    Blass, E.O., Elkhiyaoui, K., Molva, R.: Tracker: Security and Privacy for RFID-Based Supply Chains. Cryptology ePrint Archive, Report 2010/219 (2010)Google Scholar
  4. 4.
    Blass, E.O., Elkhiyaoui, K., Molva, R.: Tracker: Security and Privacy for RFID-Based Supply Chains. In: NDSS 2011, San Diego, California, USA, pp. 455–472 (2011)Google Scholar
  5. 5.
    Cai, S., Li, Y., Li, T., Deng, R.H.: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions. In: WiSec 2009, Zurich, Switzerland, pp. 51–58 (2009)Google Scholar
  6. 6.
    Cai, S., Li, Y., Zhao, Y.: Distributed Path Authentication for Dynamic RFID-Enabled Supply Chains. In: IFIP SEC 2012, Crete, Greece (2012)Google Scholar
  7. 7.
    Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal Re-encryption for Mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Li, Y., Ding, X.: Protecting RFID Communications in Supply Chains. In: ASIACCS 2007, New York, NY, USA, pp. 234–241 (2007)Google Scholar
  9. 9.
    Molnar, D., Wagner, D.: Privacy and Security in Library RFID: Issues, Practices, and Architectures. In: CCS 2004, New York, NY, USA, pp. 210–219 (2004)Google Scholar
  10. 10.
    Peris-Lopez, P., Hernandez-Castro, J.C., Tapiador, J.M.E., Li, T., Li, Y.: Vulnerability Analysis of RFID Protocols for Tag Ownership Transfer. Computer Networks 54(9), 1502–1508 (2010)zbMATHCrossRefGoogle Scholar
  11. 11.
    Piramuthu, S.: RFID Mutual Authentication Protocols. Decision Support Systems (2010),
  12. 12.
    Rizomiliotis, P., Rekleitis, E., Gritzalis, S.: Security Analysis of the Song-Mitchell Authentication Protocol for Low-Cost RFID Tags. IEEE Communications Letters 13(4), 274–276 (2009)CrossRefGoogle Scholar
  13. 13.
    Song, B., Mitchell, C.J.: RFID Authentication Protocol for Low-Cost Tags. In: WiSec 2008, Alexandria, Virginia, USA, pp. 140–147 (2008)Google Scholar
  14. 14.
    Wang, H., Li, Y., Zhang, Z., Cao, Z.: Two-Level Path Authentication in EPCglobal Network. In: IEEE RFID 2012, Orlando, Florida, pp. 24–31 (2012)Google Scholar
  15. 15.
    Yao, A.C., Yung, M., Zhao, Y.: Adaptive Concurrent Non-Malleability with Bare Public-Keys. CoRR, abs/0910.3282 (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Shaoying Cai
    • 1
  • Robert H. Deng
    • 1
  • Yingjiu Li
    • 1
  • Yunlei Zhao
    • 2
  1. 1.Singapore Management UniversitySingapore
  2. 2.Fudan UniversityShanghaiChina

Personalised recommendations