Abstract
One of the main challenges in RFIDs is the design of privacy-preserving authentication protocols. Indeed, such protocols should not only allow legitimate readers to authenticate tags but also protect these latter from privacy-violating attacks, ensuring their anonymity and untraceability: an adversary should not be able to get any information that would reveal the identity of a tag or would be used for tracing it. In this paper, we analyze some recently proposed RFID authentication protocols that came with provable security flavours. Our results are the first known privacy cryptanalysis of the protocols.
Chapter PDF
Similar content being viewed by others
References
Albertsons Announces Mandate, RFID Journal, 5 March (2004), http://www.rfidjournal.com/article/articleview/819/1/1/
Avoine, G.: Adversarial Model for Radio Frequency Identification. Cryptology ePrint Archive, report 2005/049, 20, Available at IACR ePrint Archive (February 2005), http://eprint.iacr.org/2005/049
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: Proc. IEEE FOCS 2001, pp. 136–145 (2001) Full version available at IACR ePrint Archive (last revised, 13 December 2005), http://eprint.iacr.org/2000/067
Carluccio, D., Lemke, K., Paar, C.: E-Passport: The Global Traceability or How to Feel Like a UPS Package. In: Lee, J.K., Yi, O., Yung, M. (eds.) WISA 2006. LNCS, vol. 4298, pp. 391–404. Springer, Heidelberg (2007)
CASPIAN, Boycott Benetton (accessed 19, September 2007), http://www.boycottbenetton.com
Choo, K.-K.R.: Refuting Security Proofs for Tripartite Key Exchange with Model Checker in Planning Problem Setting. In: Proceedings of IEEE CSFW 2006, pp. 297–308 (2006)
Choo, K.-K.R., Hitchcock, Y.: Security Requirements for Key Establishment Proof Models: Revisiting Bellare-Rogaway and Jeong-Katz-Lee Protocols. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 429–442. Springer, Heidelberg (2005)
Choo, K.-K.R., Boyd, C., Hitchcock, Y.: On Session Key Construction in Provably-Secure Key Establishment Protocols. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 116–131. Springer, Heidelberg (2005)
Choo, K.-K.R., Boyd, C., Hitchcock, Y.: Examining Indistinguishability-based Proof Models for Key Establishment Protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 585–604. Springer, Heidelberg (2005)
Choo, K.-K.R., Boyd, C., Hitchcock, Y.: Errors in Computational Complexity Proofs for Protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 624–643. Springer, Heidelberg (2005)
Choo, K.-K.R., Boyd, C., Hitchcock, Y., Maitland, G.: On Session Identifiers in Provably Secure Protocols. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 351–366. Springer, Heidelberg (2005)
Heydt-Benjamin, T.S., Bailey, D.V., Fu, K., Juels, A., O’Hare, T.: Vulnerabilities in First-Generation RFID-enabled Credit Cards. In: Proceedings of Financial Cryptography 2007. LNCS, vol. 4886, pp. 2–14. Springer, Heidelberg (2008)
Hoepman, J.-H., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.W.: Crossing Borders: Security and Privacy Issues of the European e-Passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S.-i. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006)
Juels, A., Molnar, D., Wagner, D.: Security and Privacy Issues in E-Passports. In: Proceedings of SecureComm 2005, pp. 74–88 (2007) Full version available at IACR ePrint Archive (last revised 18 September 2007), http://eprint.iacr.org/2005/095
Juels, A., Weis, S.A.: Defining Strong Privacy for RFID. In: Proceedings of PerCom 2007, April 7, 2006, pp. 342–347 (2007) Full version available at IACR ePrint Archive http://eprint.iacr.org/2006/137
Kosta, E., Meints, M., Hensen, M., Gasson, M.: An Analysis of Security and Privacy Issues Relating to RFID Enabled ePassports. In: Proceedings of IFIP SEC 2007, IFIP 232, pp. 467–472 (2007)
Le, T.V., Burmester, M., de Medeiros, B.: Universally Composable and Forward-Secure RFID Authentication and Authenticated Key Exchange. In: Proceedings of ASIACCS 2007, February 14, 2007, pp. 242–252 (2007); Full version titled Forward-Secure RFID Authentication and Key Exchange, IACR ePrint Archive, http://eprint.iacr.org/2007/051 ,
Lim, C.H., Kwon, T.: Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)
Michelin Embeds RFID Tags in Tires, RFID Journal (January 17, 2003), http://www.rfidjournal.com/article/articleview/269/1/1/
Mitsubishi Electric Asia Switches on RFID, RFID Journal (September 11, 2006), http://www.rfidjournal.com/article/articleview/2644/
Monnerat, J., Vaudenay, S., Vuagnoux, M.: About Machine-Readable Travel Documents: Privacy Enhancement using (Weakly) Non-Transferable Data Authentication. In: Proceedings of RFIDSec 2007, pp. 15–28 (2007)
Naor, M., Yung, M.: Public-Key Cryptosystems Provably Secure against Chosen Ciphertext Attacks. In: Proceedings of STOC 1990, pp. 427–437 (1990)
Ohkubo, M., Suzuki, K., Kinoshita, S.: RFID Privacy Issues and Technical Challenges. Communications of the ACM 48(9), 66–71 (2005)
Ouafi, K., Phan, R.C.-W.: Privacy of Recent RFID Authentication Protocols. In: Proceedings of ISPEC 2008. LNCS, vol. 4991, pp. 263–277. Springer, Heidelberg (2008)
Paise, R.I., Vaudenay, S.: Mutual Authentication in RFID. In: Proceedings of AsiaCCS 2008 (to appear, 2008)
Phan, R.C.-W., Goi, B.-M.: Cryptanalysis of the N-Party Encrypted Diffie-Hellman Key Exchange using Different Passwords. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 226–238. Springer, Heidelberg (2006)
Phan, R.C.-W., Goi, B.-M.: Cryptanalysis of Two Provably Secure Cross-Realm C2C-PAKE Protocols. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 104–117. Springer, Heidelberg (2006)
Rackoff, C., Simon, D.R.: Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 434–444. Springer, Heidelberg (1992)
Rogaway, P.: On the Role Definitions in and Beyond Cryptography. In: Maher, M.J. (ed.) ASIAN 2004. LNCS, vol. 3321, pp. 13–32. Springer, Heidelberg (2004)
Schnorr, C.P.: Efficient signature generation by smart cards. Journal of Cryptology 4(3), 161–174 (1991)
Target, Wal-Mart Share EPC Data, RFID Journal (October 17, 2005), http://www.rfidjournal.com/article/articleview/642/1/1/
Tsudik, G.: YA-TRAP: Yet Another Trivial RFID Authentication Protocol. In: Proceedings of PerCom 2006, pp. 640–643 (2006)
Vaudenay, S.: RFID Privacy based on Public-Key Cryptography. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 1–6. Springer, Heidelberg (2006)
Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ouafi, K., Phan, R.C.W. (2008). Traceable Privacy of Recent Provably-Secure RFID Protocols. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds) Applied Cryptography and Network Security. ACNS 2008. Lecture Notes in Computer Science, vol 5037. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68914-0_29
Download citation
DOI: https://doi.org/10.1007/978-3-540-68914-0_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68913-3
Online ISBN: 978-3-540-68914-0
eBook Packages: Computer ScienceComputer Science (R0)