Abstract
Privacy is one of the most important security concerns in radio frequency identification. The publication of hundred RFID-based authentication protocols during the last decade raised the need of designing a dedicated privacy model. An important step has been done with the model of Vaudenay that combines early models into a unified and powerful one. In particular, this model addresses the case where an adversary is able to know whether or not the protocol execution succeeded. This modelizes the fact that the adversary may get information from a side channel about the termination of the protocol, e.g., she notices that the access is granted to the RFID-tag holder. We go one step forward in this paper and stress that the adversary may also have access to a side channel that leaks the computational time of the reader. This modelizes an adversary who measures how long it takes to grant the access. Although this channel could be seen as an implementation flaw, we consider that it is always risky to require the implementation to solve what the design should deal with. This new channel enables to demonstrate that many key-reference protocols are not as privacy-friendly as they claim to be, e.g., WSRE, OSK, C2, O-FRAP, O-FRAKE,...We then introduce the TIMEFUL oracle in the model of Vaudenay, which allows to analyze the resistance of the protocols to time-based attacks as soon as the design phase. Finally, we suggest some methods that make RFID-based authentication protocols immune to such attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Alomair, B., Clark, A., Cuellar, J., Poovendran, R.: Scalable RFID Systems: a Privacy-Preserving Protocol with Constant-Time Identification. In: 40th Annual IEEE/IFIP International Conference on Dependable Systems and Network, DSN 2010, Chicago, IL, USA, 2010. IEEE Computer Society Press, Los Alamitos (2010)
Avoine, G.: Adversary Model for Radio Frequency Identification. Technical Report LASEC-REPORT-2005-001, Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC), Lausanne, Switzerland (2005)
Avoine, G., Dysli, E., Oechslin, P.: Reducing Time Complexity in RFID Systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006)
Avoine, G., Oechslin, P.: A Scalable and Provably Secure Hash Based RFID Protocol. In: International Workshop on Pervasive Computing and Communication Security, PerSec 2005, Kauai Island, HI, USA, pp. 110–114. IEEE Computer Society Press, Los Alamitos (2005)
Bringer, J., Chabanne, H., Icart, T.: Efficient Zero-Knowledge Identification Schemes which respect Privacy. In: ACM Symposium on Information, Computer and Communication Security, ASIACCS 2009, Sydney, Australia. ACM Press, New York (2009)
Burmester, M., de Medeiros, B., Motta, R.: Robust, Anonymous RFID Authentication with Constant Key-Lookup. Cryptology ePrint, Report 2007/402 (2007)
Burmester, M., de Medeiros, B., Motta, R.: Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries. Journal of Applied Cryptography 1(2), 79–90 (2008)
Burmester, M., Van Le, T., De Medeiros, B.: Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols. In: Conference on Security and Privacy for Emerging Areas in Communication Networks, SecureComm, Baltimore, MD, USA, 2006, IEEE Computer Society Press, Los Alamitos (2006)
Canard, S., Coisel, I.: Data Synchronization in Privacy-Preserving RFID Authentication Schemes. In: RFIDSec 2008, Budapest, Hungary (2008)
Canard, S., Coisel, I., Etrog, J.: Lighten Encryption Schemes for Secure and Private RFID Systems. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Mitet, J.M., Sako, K., Sebé, F. (eds.) FC 2010 Workshops. LNCS, vol. 6054, pp. 19–33. IFCA/Springer, Heidelberg (2010)
Coisel, I.: Authentification et Anonymat à Bas-Coût: Modélisations et Protocoles, Thèse, Université de Caen (2009)
Dimitriou, T.: A Lightweight RFID Protocol to protect against Traceability and Cloning attacks. In: Conference on Security and Privacy for Emerging Areas in Communication Networks, SecureComm, Athens, Greece. IEEE Computer Society Press, Los Alamitos (2005)
Girault, M., Juniot, L., Robshaw, M.: The feasibility of on-the-tag public key cryptography. In: RFIDSec 2007, Malaga, Spain (2007)
Instruments, T.: Animal Tracking, http://www.ti.com/rfid/shtml/apps-anim-tracking.shtml
Juels, A., Weis, S.: Defining Strong Privacy for RFID. In: International Conference on Pervasive Computing and Communications, PerCom 2007, New York City, NY, USA, pp. 342–347. IEEE Computer Society Press, Los Alamitos (2007)
Le, T.V., Burmester, M., de Medeiros, B.: Universally Composable and Forward-secure RFID Authentication and Authenticated Key Exchange. In: ACM Symposium on Information, Computer and Communications Security, ASIACCS 2007, Singapore, pp. 242–252. ACM, New York (2007)
Molnar, D., Wagner, D.: Privacy and Security in Library RFID: Issues, Practices, and Architectures. In: Pfitzmann, B., Liu, P. (eds.) Conference on Computer and Communications Security, ACM CCS, Washington, DC, USA, 2004, pp. 210–219. ACM Press, New York (2004)
Oechslin, P.: Making a faster cryptanalytic time-memory trade-off. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 617–630. Springer, Heidelberg (2003)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic Approach to Privacy-Friendly Tags. In: RFID Privacy Workshop, MIT, MA, USA (2003)
Oren, Y., Feldhofer, M.: WIPR - a Public Key Implementation on Two Grains of Sand. In: RFIDSec 2008, Budapest, Hungary (2008)
Oren, Y., Feldhofer, M.: A Low-Resource Public-Key Identification Scheme for RFID Tags and Sensor Nodes. In: Second ACM Conference on Wireless Network Security, WiSec 2009, Zurich, Switzerland. ACM Press, New York (2009)
Organization, I.C.A.: Machine Readable Travel Documents, Doc 9303, Part1, Machine Readable Passports, 5 (edn.) (2003)
Semiconductors, N.: MIFARE Smartcards ICs, http://www.nxp.com/products/identification/card_ics/mifare
van Deursen, T., Mauw, S., Radomirović, S.: Untraceability of RFID Protocols. In: Onieva, J.A., Sauveron, D., Chaumette, S., Gollmann, D., Markantonakis, K. (eds.) WISTP 2008. LNCS, vol. 5019, pp. 1–15. Springer, Heidelberg (2008)
Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Verayo. Anti-Counterfeiting Solution for Pharma, Liquor, Cigarettes, Food, Luxury Products, http://www.verayo.com/solution/anti-counterfeiting.html
Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 454–469. Springer, Heidelberg (2004)
Wu, J., Stinson, D.: How to Improve Security and Reduce Hardware Demands of the WIPR RFID Protocol. In: IEEE International Conference on RFID – RFID 2009, Orlando, FL, USA (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Avoine, G., Coisel, I., Martin, T. (2010). Time Measurement Threatens Privacy-Friendly RFID Authentication Protocols. In: Ors Yalcin, S.B. (eds) Radio Frequency Identification: Security and Privacy Issues. RFIDSec 2010. Lecture Notes in Computer Science, vol 6370. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16822-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-16822-2_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16821-5
Online ISBN: 978-3-642-16822-2
eBook Packages: Computer ScienceComputer Science (R0)