Article

RFID Privacy Models Revisited

Authors:

Rei Safavi-NainiAuthors Info & Claims

ESORICS '08: Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security

Pages 251 - 266

https://doi.org/10.1007/978-3-540-88313-5_17

Published: 06 October 2008 Publication History

Abstract

In Asiacrypt 2007, Vaudenay proposed a formal model addressing privacy in RFID, which separated privacy into eight classes. One important conclusion in the paper is the impossibility of achieving strong privacy in RFID. He also left an open question whether forward privacy without PKC is possible. In our paper, first we revisit the eight RFID privacy classes and simplify them into three classes that will address the same goal. Second, we show that strong privacy in RFID is achievable. Third, we answer the open question by pointing out the possibility to achieve forward privacy without PKC both within Vaudenay's model and in practice.

References

[1]

Juels, A.: RFID Security and Privacy: A Research Survey. IEEE Journal on Selected Areas in Communications 24(2), 381-394 (2006).

[2]

Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201-212. Springer, Heidelberg (2004).

[3]

Avoine, G.: Privacy Issues in RFID Banknote Protection Schemes. In: CARDIS, pp. 34-38. Kluwer, Dordrecht (2004).

[4]

Avoine, G.: Adversarial Model for Radio Frequency Identification (2005), http://citeseer.ist.psu.edu/729798.html

[5]

Avoine, G., Oechslin, P.: A Scalable and Provably Secure Hash-Based RFID Protocol. In: PerSec, pp. 110-114. IEEE Computer Society Press, Los Alamitos (2005).

[6]

Avoine, G., Oechslin, P.: RFID Traceability: A Multilayer Problem. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125-140. Springer, Heidelberg (2005).

[7]

Burmester, M., de Medeiros, B.: RFID Security: Attacks, Countermeasures and Challenges. In: The 5th RFID Academic Convocation, The RFID Journal Conference (2007).

[8]

Burmester, M., van Le, T., de Medeiros, B.: Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols. In: SecureComm. (2006).

[9]

Juels, A.: Minimalist Cryptography for Low-Cost RFID Tags. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149-164. Springer, Heidelberg (2005).

[10]

Juels, A., Molnar, D., Wagner, D.: Security and Privacy Issues in E-passports. In: SecureComm. (2005).

[11]

Juels, A., Weis, S.A.: Defining Strong Privacy for RFID (2006), http://citeseer.ist.psu.edu/741336.html

[12]

Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic Approach to "Privacy-Friendly" Tags. In: RFID Privacy Workshop (2003).

[13]

Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient hash-chain based RFID privacy protection scheme. In: UbiComp Workshop, Ubicomp Privacy: Current Status and Future Directions (2004).

[14]

Ohkubo, M., Suzuki, K., Kinoshita, S.: Hash-Chain Based Forward-Secure Privacy Protection Scheme for Low-Cost RFID. In: SCIS (2004).

[15]

Ohkubo, M., Suzuki, K., Kinoshita, S.: RFID Privacy Issues and Technical Challenges. Communications of the ACM 48(9), 66-71 (2005).

[16]

Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68-87. Springer, Heidelberg (2007).

[17]

Molnar, D., Soppera, A.,Wagner, D.: A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 276-290. Springer, Heidelberg (2006).

[18]

Damgård, I., Pedersen, M.Ø.: RFID Security: Tradeoffs between Security and Efficiency. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 318-332. Springer, Heidelberg (2008).

[19]

Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal Re-Encryption for Mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163-178. Springer, Heidelberg (2004).

[20]

Henrici, D., Muller, P.: Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers. In: PerSec, pp. 149-153. IEEE Computer Society Press, Los Alamitos (2004).

[21]

Burmester, M., de Medeiros, B., Motta, R.: Robust, Anonymous RFID Authentication with Constant Key-Lookup. In: ASIACCS, pp. 283-291. ACM, New York (2008).

Cited By

Mayrhofer RSigg S(2021)Adversary Models for Mobile Device AuthenticationACM Computing Surveys10.1145/347760154:9(1-35)Online publication date: 8-Oct-2021
https://dl.acm.org/doi/10.1145/3477601
Kılınç HVaudenay S(2017)Contactless Access Control Based on Distance BoundingInformation Security10.1007/978-3-319-69659-1_11(195-213)Online publication date: 22-Nov-2017
https://dl.acm.org/doi/10.1007/978-3-319-69659-1_11
Vaudenay S(2015)On Privacy for RFIDProceedings of the 9th International Conference on Provable Security - Volume 945110.1007/978-3-319-26059-4_1(3-20)Online publication date: 24-Nov-2015
https://dl.acm.org/doi/10.1007/978-3-319-26059-4_1
Show More Cited By

Recommendations

RFID privacy: relation between two notions, minimal condition, and efficient construction
CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the ...
Revisiting unpredictability-based RFID privacy models
ACNS'10: Proceedings of the 8th international conference on Applied cryptography and network security

Recently, there have been several attempts in establishing formal RFID privacy models in the literature. These models mainly fall into two categories: one based on the notion of indistinguishability of two RFID tags, denoted as ind-privacy, and the ...
Impossibility results for RFID privacy notions
Transactions on computational science XI

RFID systems have become increasingly popular and are already used in many real-life applications. Although very useful, RFIDs introduce privacy risks since they carry identifying information that can be traced. Hence, several RFID privacy models have ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

ESORICS '08: Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security

October 2008

599 pages

ISBN:9783540883128

Editors:
Sushil Jajodia
Center for Secure Information Systems, George Mason University, Fairfax, USA VA 22030
,
Javier Lopez
Department of Computer Science, University of Malaga, Málaga, Spain 29071

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 06 October 2008

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 18 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mayrhofer RSigg S(2021)Adversary Models for Mobile Device AuthenticationACM Computing Surveys10.1145/347760154:9(1-35)Online publication date: 8-Oct-2021
https://dl.acm.org/doi/10.1145/3477601
Kılınç HVaudenay S(2017)Contactless Access Control Based on Distance BoundingInformation Security10.1007/978-3-319-69659-1_11(195-213)Online publication date: 22-Nov-2017
https://dl.acm.org/doi/10.1007/978-3-319-69659-1_11
Vaudenay S(2015)On Privacy for RFIDProceedings of the 9th International Conference on Provable Security - Volume 945110.1007/978-3-319-26059-4_1(3-20)Online publication date: 24-Nov-2015
https://dl.acm.org/doi/10.1007/978-3-319-26059-4_1
Songhela RDas M(2014)Yet Another Strong Privacy-Preserving RFID Mutual Authentication ProtocolSecurity, Privacy, and Applied Cryptography Engineering10.1007/978-3-319-12060-7_12(171-182)Online publication date: 18-Oct-2014
https://dl.acm.org/doi/10.1007/978-3-319-12060-7_12
Deng RLi YYung MZhao Y(2011)A zero-knowledge based framework for RFID privacyJournal of Computer Security10.5555/2590708.259071219:6(1109-1146)Online publication date: 1-Nov-2011
https://dl.acm.org/doi/10.5555/2590708.2590712
Hermans JPashalidis AVercauteren FPreneel B(2011)A new RFID privacy modelProceedings of the 16th European conference on Research in computer security10.5555/2041225.2041266(568-587)Online publication date: 12-Sep-2011
https://dl.acm.org/doi/10.5555/2041225.2041266
Ng CSusilo WMu YSafavi-Naini R(2011)Practical RFID ownership transfer schemeJournal of Computer Security10.5555/2011009.201101519:2(319-341)Online publication date: 1-Apr-2011
https://dl.acm.org/doi/10.5555/2011009.2011015
Ng CSusilo WMu YSafavi-Naini R(2011)Practical RFID ownership transfer schemeJournal of Computer Security10.5555/1971859.197186519:2(319-341)Online publication date: 1-Apr-2011
https://dl.acm.org/doi/10.5555/1971859.1971865
Ahmed NJensen C(2011)Adaptable authentication modelProceedings of the Third international conference on Engineering secure software and systems10.5555/1946341.1946365(234-247)Online publication date: 9-Feb-2011
https://dl.acm.org/doi/10.5555/1946341.1946365
Batina LSeys SSingelée DVerbauwhede I(2011)Hierarchical ECC-Based RFID authentication protocolProceedings of the 7th international conference on RFID Security and Privacy10.1007/978-3-642-25286-0_12(183-201)Online publication date: 26-Jun-2011
https://dl.acm.org/doi/10.1007/978-3-642-25286-0_12
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents