Abstract
This paper establishes a novel model for RFID schemes where readers are not continuously connected to the back office, but only periodically. Furthermore, adversaries are not only capable of compromising tags, but also of compromising readers. This more properly models large scale deployment of RFID technology such as in public transport ticketing systems and supply-chain management systems. In this model we define notions of security (only legitimate tags can authenticate) and of privacy (no adversary is capable of tracking legitimate tags). We show that privacy is always lost at the moment that a reader is compromised and we develop notions of forward and backward privacy with respect to reader corruption. This models the property that tags cannot be traced, under mild additional assumptions, for the time slots before and after reader corruption. We exhibit two protocols that only use hashing that achieve these security and privacy notions and give proofs in the random oracle model.
The work described in this paper has been partially supported by the European Commission through the ICT program under contract ICT-2007-216676 ECRYPT II.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Avoine, G., Lauradoux, C., Martin, T.: When Compromised Readers Meet RFID. In: Youm, H.Y., Jang, J. (eds.) WISA 2009. LNCS, vol. 5932, pp. 36–50. Springer, Heidelberg (2009)
Avoine, G., Oechslin, P.: RFID Traceability: A Multilayer Problem. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)
Avoine, G.: Adversary Model for Radio Frequency Identification. Technical Report LASEC-REPORT-2005-001, Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC), Lausanne, Switzerland (September 2005)
Juels, A., Weis, S.: Defining Strong Privacy for RFID. In: International Conference on Pervasive Computing and Communications – PerCom 2007, New York City, New York, USA, pp. 342–347. IEEE Computer Society Press, Los Alamitos (2007)
Nohara, Y., Inoue, S., Baba, K., Yasuura, H.: Quantitative Evaluation of Unlinkable ID Matching Schemes. In: Workshop on Privacy in the Electronic Society – WPES, Alexandria, Virginia, USA, pp. 55–60. ACM Press, New York (2006)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic Approach to “Privacy-Friendly” Tags. In: RFID Privacy Workshop. MIT, Massachusetts (2003)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: An efficient authentication protocol for rfid systems resistant to active attacks. In: Denko, M.K., Shih, C.-s., Li, K.-C., Tsao, S.-L., Zeng, Q.-A., Park, S.H., Ko, Y.-B., Hung, S.-H., Park, J.-H. (eds.) EUC-WS 2007. LNCS, vol. 4809, pp. 781–794. Springer, Heidelberg (2007)
Shamir, A.: SQUASH - A New MAC With Provable Security Properties for Highly Constrained Devices Such as RFID Tags. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 144–157. Springer, Heidelberg (2008)
Tsudik, G.: YA-TRAP: Yet Another Trivial RFID Authentication Protocol. In: International Conference on Pervasive Computing and Communications – PerCom 2006, Pisa, Italy. IEEE Computer Society Press, Los Alamitos (March 2006)
Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Garcia, F.D., van Rossum, P. (2010). Modeling Privacy for Off-Line RFID Systems. In: Gollmann, D., Lanet, JL., Iguchi-Cartigny, J. (eds) Smart Card Research and Advanced Application. CARDIS 2010. Lecture Notes in Computer Science, vol 6035. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12510-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-12510-2_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12509-6
Online ISBN: 978-3-642-12510-2
eBook Packages: Computer ScienceComputer Science (R0)