Abstract
In this paper we show how to break the most recent version of EC-RAC with respect to privacy. We show that both the ID-Transfer and ID&PWD-Transfer schemes from EC-RAC do not provide the claimed privacy levels by using a man-in-the-middle attack. The existence of these attacks voids the presented privacy proofs for EC-RAC.
This work was supported in part by K.U. Leuven-BOF (OT/06/40), by the IAP Programme P6/26 BCRYPT of the Belgian State (Belgian Science Policy), by FWO project G.0300.07, by the European Commission through the ICT programme under contract ICT-2007-216676 ECRYPT II.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bringer, J., Chabanne, H., Icart, T.: Cryptanalysis of EC-RAC, a RFID identification protocol. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 149–161. Springer, Heidelberg (2008)
Lee, Y.K., Batina, L., Singelée, D., Verbauwhede, I.: Low-Cost Untraceable Authentication Protocols for RFID. In: Proceedings of the 3rd ACM conference on Wireless network security (WiSec 2010), Hoboken, NJ, USA, ACM Press, New York (2010)
Lee, Y.K., Batina, L., Verbauwhede, I.: EC-RAC (ECDLP Based Randomized Access Control): Provably Secure RFID authentication protocol. In: IEEE International Conference on RFID 2008, Las Vegas, NA, USA, pp. 97–104. IEEE Computer Society Press, Los Alamitos (2008)
Lee, Y.K., Batina, L., Verbauwhede, I.: Untraceable RFID Authentication Protocols: Revision of EC-RAC. In: IEEE International Conference on RFID 2009, Orlando, FL, USA, pp. 178–185. IEEE Computer Society Press, Los Alamitos (2009)
Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993)
Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)
van Deursen, T., Radomirovic, S.: Attacks on RFID protocols. Cryptology ePrint Archive, Report 2008/310 (2008), http://eprint.iacr.org/
van Deursen, T., Radomirovic, S.: Untraceable RFID protocols are not trivially composable: Attacks on the revision of EC-RAC. Cryptology ePrint Archive, Report 2009/332 (2009), http://eprint.iacr.org/
Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fan, J., Hermans, J., Vercauteren, F. (2010). On the Claimed Privacy of EC-RAC III. In: Ors Yalcin, S.B. (eds) Radio Frequency Identification: Security and Privacy Issues. RFIDSec 2010. Lecture Notes in Computer Science, vol 6370. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16822-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-16822-2_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16821-5
Online ISBN: 978-3-642-16822-2
eBook Packages: Computer ScienceComputer Science (R0)