Abstract
Radio frequency identification systems based on low-cost computing devices is the new plaything that every company would like to adopt. Its goal can be either to improve the productivity or to strengthen the security. Specific identification protocols based on symmetric challenge-response have been developed in order to assure the privacy of the device bearers. Although these protocols fit the devices’ constraints, they always suffer from a large time complexity. Existing protocols require O(n) cryptographic operations to identify one device among n.
Molnar and Wagner suggested a method to reduce this complexity to O(log n). We show that their technique could degrade the privacy if the attacker has the possibility to tamper with at least one device. Because low-cost devices are not tamper-resistant, such an attack could be feasible. We give a detailed analysis of their protocol and evaluate the threat. Next, we extend an approach based on time-memory trade-offs whose goal is to improve Ohkubo, Suzuki, and Kinoshita’s protocol. We show that in practice this approach reaches the same performances as Molnar and Wagner’s method, without degrading privacy.
Chapter PDF
Similar content being viewed by others
References
Avoine, G.: Security and privacy in RFID systems. Online bibliography, Available at: http://lasecwww.epfl.ch/~gavoine/rfid/
Avoine, G., Oechslin, P.: RFID traceability: A multilayer problem. In: Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)
Avoine, G., Oechslin, P.: A scalable and provably secure hash based RFID protocol. In: International Workshop on Pervasive Computing and Communication Security – PerSec 2005, Kauai Island, Hawaii, USA, pp. 110–114. IEEE Computer Society Press, Los Alamitos (2005)
Bono, S., Green, M., Stubblefield, A., Juels, A., Rubin, A., Szydlo, M.: Security analysis of a cryptographically-enabled RFID device. In: 14th USENIX Security Symposium, Baltimore, Maryland, USA, July-August 2005, pp. 1–16. USENIX (2005)
d’Hont, S. (ed.): International news letter of the TI RFID group. Electronic Newsletter (20) (November 2000)
Electronic Product Code Global Inc., http://www.epcglobalinc.org
Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)
Finkenzeller, K.: RFID Handbook, 2nd edn. Wiley, England (2003)
Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal re-encryption for mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)
Hellman, M.: A cryptanalytic time-memory trade off. IEEE Transactions on Information Theory IT- 26(4), 401–406 (1980)
Henrici, D., Müller, P.: Tackling security and privacy issues in radio frequency identification devices. In: Ferscha, A., Mattern, F. (eds.) PERVASIVE 2004. LNCS, vol. 3001, pp. 219–224. Springer, Heidelberg (2004)
International Organization for Standardization, http://www.iso.org
Juels, A.: Minimalist cryptography for low-cost RFID tags. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)
Juels, A., Pappu, R.: Squealing euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)
Juels, A., Rivest, R., Szydlo, M.: The blocker tag: Selective blocking of RFID tags for consumer privacy. In: Atluri, V. (ed.) Conference on Computer and Communications Security – CCS 2003, Washington, DC, USA, pp. 103–111. ACM Press, New York (2003)
Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Pfitzmann, B., Liu, P. (eds.) Conference on Computer and Communications Security – CCS 2004, Washington, DC, USA, pp. 210–219. ACM Press, New York (2004)
Oechslin, P.: Making a faster cryptanalytic time-memory trade-off. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 617–630. Springer, Heidelberg (2003)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In: RFID Privacy Workshop, MIT, Massachusetts, USA (November 2003)
Rhee, K., Kwak, J., Kim, S., Won, D.: Challenge-response based RFID authentication protocol for distributed database environment. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 70–84. Springer, Heidelberg (2005)
SafeTzone, http://www.safetzone.com
Stop RFID, http://www.stoprfid.org
Vajda, I., Buttyán, L.: Lightweight authentication protocols for lowcost RFID tags. In: Second Workshop on Security in Ubiquitous Computing – Ubicomp 2003, Seattle, Washington, USA (October 2003)
Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Avoine, G., Dysli, E., Oechslin, P. (2006). Reducing Time Complexity in RFID Systems. In: Preneel, B., Tavares, S. (eds) Selected Areas in Cryptography. SAC 2005. Lecture Notes in Computer Science, vol 3897. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11693383_20
Download citation
DOI: https://doi.org/10.1007/11693383_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33108-7
Online ISBN: 978-3-540-33109-4
eBook Packages: Computer ScienceComputer Science (R0)