Abstract
Many RFID authentication protocols with randomized tag response have been proposed to avoid simple tag tracing. These protocols are symmetric in common due to the lack of computational power to perform expensive asymmetric cryptography calculations in low-cost tags. Protocols with constantly changing tag key have also been proposed to avoid more advanced tag tracing attacks. With both the symmetric and constant-changing properties, tag and reader re-synchronization is unavoidable as the key of a tag can be made desynchronized with the reader due to offline attacks or incomplete protocol runs. In this paper, our contribution is to classify these synchronized RFID authentication protocols into different types and then examine their highest achievable levels of privacy protections using the privacy model proposed by Vaudenay in Asiacrypt 2007 and later extended by Ng et al. in ESORICS 2008. Our new privacy results show the separation between weak privacy and narrow-forward privacy in these protocols, which effectively fills the missing relationship of these two privacy levels in Vaudenay’s paper and answer the question raised by Paise and Vaudenay in ASIACCS 2008 on why they cannot find a candidate protocol that can achieve both privacy levels at the same time. We also show that forward privacy is impossible with these synchronized protocols.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Avoine, G.: Privacy Issues in RFID Banknote Protection Schemes. In: CARDIS, pp. 34–38. Kluwer Academic Publishers, Dordrecht (2004)
Avoine, G.: Adversarial Model for Radio Frequency Identification (2005), http://citeseer.ist.psu.edu/729798.html
Avoine, G., Oechslin, P.: A Scalable and Provably Secure Hash-Based RFID Protocol. In: PerSec, pp. 110–114. IEEE Computer Society Press, Los Alamitos (2005)
Avoine, G., Oechslin, P.: RFID Traceability: A Multilayer Problem. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)
Chien, H.-Y., Huang, C.-W.: A Lightweight RFID Protocol Using Substring. In: EUC, pp. 422–431 (2007)
Dimitriou, T.: A Lightweight RFID Protocol to Protect Against Traceability and Cloning Attacks. In: SecureComm (2005)
Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal Re-Encryption for Mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)
Ha, J., Moon, S.-J., Nieto, J.M.G., Boyd, C.: Low-cost and Strong-security RFID Authentication Protocol. In: EUC Workshops, pp. 795–807 (2007)
Henrici, D., Muller, P.: Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers. In: PerSec, pp. 149–153. IEEE Computer Society Press, Los Alamitos (2004)
Juels, A.: RFID Security and Privacy: A Research Survey. IEEE Journal on Selected Areas in Communications 24(2), 381–394 (2006)
Juels, A., Weis, S.A.: Defining Strong Privacy for RFID (2006), http://citeseer.ist.psu.edu/741336.html
Kang, J., Nyang, D.: RFID Authentication Protocol with Strong Resistance Against Traceability and Denial of Service Attacks. In: Molva, R., Tsudik, G., Westhoff, D. (eds.) ESAS 2005. LNCS, vol. 3813, pp. 164–175. Springer, Heidelberg (2005)
Kim, I.J., Choi, E.Y., Lee, D.H.: Secure Mobile RFID System Against Privacy and Security Problems. In: SecPerU (2007)
Kim, K.H., Choi, E.Y., Lee, S.-M., Lee, D.H.: Secure EPCglobal Class-1 Gen-2 RFID System Against Security and Privacy Problems. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 362–371. Springer, Heidelberg (2006)
Lee, J., Yeom, Y.: Efficient RFID Authentication Protocols Based on Pseudorandom Sequence Generators (2008), http://eprint.iacr.org/2008/343.pdf
Lee, S., Asano, T., Kim, K.: RFID Mutual Authentication Scheme Based on Synchronized Secret Information. In: Symposium on Cryptography and Information Security (2006)
Lee, S.M., Hwang, Y.J., Lee, D.-H., Lim, J.-I.: Efficient authentication for low-cost RFID systems. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3480, pp. 619–627. Springer, Heidelberg (2005)
Li, Y., Ding, X.: Protecting RFID Communications in Supply Chains. In: ASIACCS, pp. 234–241. ACM Press, New York (2007)
Lo, N.W., Yeh, K.-H.: An Efficient Mutual Authentication Scheme for EPCglobal Class-1 Generation-2 RFID System. In: TRUST - EUC Workshops, pp. 43–56 (2007)
Lo, N.W., Yeh, K.-H.: Hash-based Mutual Authentication Protocol for Mobile RFID Systems with Robust Reader-side Privacy Protection. In: SenseID - ACM SenSys Workshops (2007)
Lo, N.W., Yeh, K.-H.: Novel RFID Authentication Schemes for Security Enhancement and System Efficiency. In: VLDB - Secure Data Management Workshops, pp. 203–212 (2007)
Molnar, D., Wagner, D.: Privacy and Security in Library RFID: Issues, Practices, and Architectures. In: ACM CCS, pp. 210–219 (2004)
Ng, C.Y., Susilo, W., Mu, Y., Safavi-Naini, R.: RFID Privacy Models Revisited. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 251–266. Springer, Heidelberg (2008)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic Approach to “Privacy-Friendly” Tags. In: RFID Privacy Workshop (2003)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient hash-chain based RFID privacy protection scheme. In: UbiComp Workshop, Ubicomp Privacy: Current Status and Future Directions (2004)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Hash-Chain Based Forward-Secure Privacy Protection Scheme for Low-Cost RFID. In: SCIS (2004)
Ohkubo, M., Suzuki, K., Kinoshita, S.: RFID Privacy Issues and Technical Challenges. Communications of the ACM 48(9), 66–71 (2005)
Osaka, K., Takagi, T., Yamazaki, K., Takahashi, O.: An efficient and secure RFID security method with ownership transfer. In: Wang, Y., Cheung, Y.-m., Liu, H. (eds.) CIS 2006. LNCS (LNAI), vol. 4456, pp. 778–787. Springer, Heidelberg (2007)
Paise, R.-l., Vaudenay, S.: Mutual Authentication in RFID. In: ASIACCS, pp. 292–299. ACM Press, New York (2008)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: RFID Systems: A Survey on Security Threats and Proposed Solutions. In: Cuenca, P., Orozco-Barbosa, L. (eds.) PWC 2006. LNCS, vol. 4217, pp. 159–170. Springer, Heidelberg (2006)
Di Pietro, R., Molva, R.: Information Confinement, Privacy, and Security in RFID Systems. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 187–202. Springer, Heidelberg (2007)
Seo, Y., Lee, H., Kim, K.: A Scalable and Untraceable Authentication Protocol for RFID. In: EUC Workshops, pp. 252–261 (2006)
Tsudik, G.: A Family of Dunces: Trivial RFID Identification and Authentication Protocols. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 45–61. Springer, Heidelberg (2007)
van Deursen, T., Radomirović, S.: Attacks on RFID Protocols (2008), http://eprint.iacr.org/2008/310.pdf
Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)
Yang, J., Park, J., Lee, H., Ren, K., Kim, K.: Mutual Authentication Protocol for Low-cost RFID. In: Handout of the Ecrypt Workshop on RFID and Lightweight Crypto (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ng, C.Y., Susilo, W., Mu, Y., Safavi-Naini, R. (2009). New Privacy Results on Synchronized RFID Authentication Protocols against Tag Tracing. In: Backes, M., Ning, P. (eds) Computer Security – ESORICS 2009. ESORICS 2009. Lecture Notes in Computer Science, vol 5789. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04444-1_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-04444-1_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04443-4
Online ISBN: 978-3-642-04444-1
eBook Packages: Computer ScienceComputer Science (R0)