research-article

On two RFID privacy notions and their relations

Authors:

Robert H. Deng,

Changshe MaAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 14, Issue 4

Article No.: 30, Pages 1 - 23

https://doi.org/10.1145/2043628.2043631

Published: 26 December 2008 Publication History

Abstract

Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions in the literature: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the unpredictability of the output of an RFID protocol, denoted as unp-privacy. In this article, we first revisit the existing unpredictability-based RFID privacy models and point out their limitations. We then propose a new RFID privacy model, denoted as unp^*-privacy, based on the indistinguishability of a real tag and a virtual tag. We formally clarify its relationship with the ind-privacy model. It is proven that ind-privacy is weaker than unp^*-privacy. Moreover, the minimal (necessary and sufficient) condition on RFID tags to achieve unp^*-privacy is determined. It is shown that if an RFID system is unp^*-private, then the computational power of an RFID tag can be used to construct a pseudorandom function family provided that the RFID system is complete and sound. On the other hand, if each tag is able to compute a pseudorandom function, then the tags can be used to construct an RFID system with unp^*-privacy. In this sense, a pseudorandom function family is the minimal requirement on an RFID tag's computational power for enforcing RFID system privacy. Finally, a new RFID mutual authentication protocol is proposed to satisfy the minimal requirement.

References

[1]

Ateniese, G., Camenisch, J., and de Medeiros, B. 2005. Untraceable RFID tags via insubvertible encryption. In Proceedings of the ACM Conference on Computer and Communications Security. 92--101.

Digital Library

[2]

Avoine, G. 2005. Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049. http://eprint.iacr.org/.

[3]

Avoine, G., Dysli, E., and Oechslin, P. 2005. Reducing time complexity in RFID systems. In Proceedings of the 12th Annual Workshop on Selected Areas in Cryptography. 291--306.

Digital Library

[4]

Bogdanov, A., Knudsen, L. R., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., Seurin, Y., and Vikkelsoe, C. 2007. PRESENT: An ultra-lightweight block cipher. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems. 450--466.

Digital Library

[5]

Chien, H.-Y. and Chen, C.-H. 2007. Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards. Comput. Stand. Interf. 29, 2, 254--259.

Digital Library

[6]

Damgärd, I. and Pedersen, M. O. 2008. RFID security: Tradeoffs between security and efficiency. In Proceedings of the Cryptographers' Track of the RSA Conference. 318--332.

Digital Library

[7]

Duc, D. N., Park, J., Lee, H., and Kim, K. 2006. Enhancing security of EPCglobal gen-2 RFID tag against traceability and cloning. In Proceedings of the Symposium on Cryptography and Information Security.

[8]

Eisenbarth, T., Kumar, S., Paar, C., Poschmann, A., and Uhsadel, L. 2007. A survey of lightweight-cryptography implementations. IEEE Des. Test. Comput. 24, 6, 522--533.

Digital Library

[9]

Feldhofer, M., Wolkerstorfer, J., and Rijmen, V. 2005. AES implementation on a grain of sand. IEE Proc. Inform. Sec. 152, 1, 13--20.

[10]

Garfinkel, S. L., Juels, A., and Pappu, R. 2005. RFID privacy: An overview of problems and proposed solutions.IEEE Sec. Priv. 3, 3, 34--43.

Digital Library

[11]

Goldreich, O., Goldwasser, S., and Micali, S. 1986. How to construct random functions. J. ACM 33, 4, 792--807.

Digital Library

[12]

Ha, J., Moon, S.-J., Zhou, J., and Ha, J. 2008. A new formal proof model for RFID location privacy. In Proceedings of the European Symposium on Research in Computer Security (ESORICS). 267--281.

Digital Library

[13]

Hopper, N. J. and BLUM, M. 2001. Secure human identification protocols. In Proceedings of the Annual Cryptology Conference (ASIACRYPT). 52--66.

Digital Library

[14]

Juels, A. 2004. Minimalist cryptography for low-cost RFID tags. In Proceedings of the Conference on Security in Communication Networks. 149--164.

Digital Library

[15]

Juels, A. 2006. RFID security and privacy: a research survey. IEEE J. Select. Areas Comm. 24, 2, 381--394.

Digital Library

[16]

Juels, A., Pappu, R., and Parno, B. 2008. Unidirectional key distribution across time and space with applications to RFID security. In Proceedings of the USENIX Security Symposium. 75--90.

Digital Library

[17]

Juels, A., Rivest, R. L., and Szydlo, M. 2003. The blocker tag: selective blocking of RFID tags for consumer privacy. In Proceedings of the ACM Conference on Computer and Communications Security. 103--111.

Digital Library

[18]

Juels, A. and Weis, S. A. 2005. Authenticating pervasive devices with human protocols. In Proceedings of the Annual Cryptology Conference (CRYPTO). 293--308.

Digital Library

[19]

Juels, A. and Weis, S. A. Defining strong privacy for RFID. In Proceedings of the IEEE Pervasive Computing and Communication Conference. 342--347.

Digital Library

[20]

Karthikeyan, S. and Nesterenko, M. 2005. RFID security without extensive cryptography. In Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks. 63--67.

Digital Library

[21]

Katz, J. and Shin, J. S. 2006. Parallel and concurrent security of the hb and hb+ protocols. In Proceedings of the Annual Cryptology Conference (EUROCRYPT).73--87.

Digital Library

[22]

Konidala, D. M., Kim, Z., and Kim, K. 2007. A simple and cost-effective RFID tag-reader mutual authentication scheme. In Proceedings of the Conference on RFID Security. 141--152.

[23]

Kumar, S. and Paar, C. 2006. Are standards compliant elliptic curve cryptosystems feasible on RFID&quest; In Proceedings of the Workshop on RFID Security.

[24]

Ma, C., Li, Y., Deng, R. H., and Li, T. 2009. RFID privacy: relation between two notions, minimal condition, and efficient construction. In Proceedings of the ACM Conference on Computer and Communications Security. 54--65.

Digital Library

[25]

Molnar, D. and Wagner, D. 2004. Privacy and security in library RFID: issues, practices, and architectures. In Proceedings of the ACM Conference on Computer and Communications Security. 210--219.

Digital Library

[26]

Ng, C. Y., Susilo, W., Mu, Y., and Safavi-Naini, R. 2008. RFID privacy models revisited. In Proceedings of the European Symposium on Research in Computer Security. 251--266.

Digital Library

[27]

Ohkubo, M., Suzuki, K., and Kinoshita, S. 2004. Efficient hash-chain based RFID privacy protection scheme. In Proceedings of the International Conference on Ubiquitous Computing—Ubicomp, Workshop Privacy: Current Status and Future Directions.

[28]

Paise, R.-I. and Vaudenay, S. 2008. Mutual authentication in RFID: security and privacy. In Proceedings of the Asian Conference on Computer Security. 292--299.

Digital Library

[29]

Peris-Lopez, P., Castro, J. C. H., Estevez-Tapiador, J. M., and Ribagorda, A. 2006. RFID systems: A survey on security threats and proposed solutions. In Proceedings of the 11th IFIP International Conference on Personal Wireless Communications. 159--170.

Digital Library

[30]

Peris-Lopez, P., Li, T., Tong Lee, L., Hernandez-Castro, J. C., and Estevez-Tapiador, J. M. 2008. Vulnerability analysis of a mutual authentication scheme under the EPC Class-1 Generation-2 Standard. In Proceedings of the Workshop on RFID Security.

[31]

Samarati, P. and Sweeney, L. 1998. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Tech. rep., SRI International.

[32]

Sarma, S. E., Weis, S. A., and Engels, D. W. 2003. Radio-frequency identification: Security risks and challenges. Crytobytes, RSA Labs. 6, 1, 2--9.

[33]

Spiekermann, S. and Evdokimov, S. 2009. Privacy enhancing technologies for RFID—A critical investigation of state of the art research. IEEE Priv. Sec.

[34]

Tsudik, G. 2006. YA-TRAP: Yet another trivial RFID authentication protocol. In Proceedings of the Intemational Conference on Pervasive Computing and Communications. 640--643.

Digital Library

[35]

Tsudik, G. 2007. A family of dunces: Trivial RFID identification and authentication protocols. In Proceedings of the 7th International Conference on Privacy Enhancing Technologies. 45--61.

Digital Library

[36]

van Deursen, T. and Radomirovic, S. 2008. Attacks on RFID protocols. Cryptology ePrint Archive, Report 2008/310. http://eprint.iacr.org/.

[37]

van Deursen, T. and Radomirovic, S. 2009. On a new formal proof model for RFID location privacy, Inform. Process. Lett. 110, 2, 57--61.

Digital Library

[38]

Vaudenay, S. 2007. On privacy models for RFID. In Proceedings of the Annual Cryptology Conference (ASIACRYPT'07). K. Kurosawa, Ed., Lecture Notes in Computer Science, vol. 4833, Springer, 68--87.

Digital Library

Cited By

Sakai KSun MKu WLai T(2019)On The Performance Bound of Structured Key-Based RFID Authentication2019 IEEE International Conference on Pervasive Computing and Communications (PerCom10.1109/PERCOM.2019.8767391(1-10)Online publication date: Mar-2019
https://doi.org/10.1109/PERCOM.2019.8767391
Komori YSakai KFukumoto S(2018)Fast and secure tag authentication in large-scale RFID systems using skip graphsComputer Communications10.1016/j.comcom.2017.11.008116(77-89)Online publication date: Jan-2018
https://doi.org/10.1016/j.comcom.2017.11.008
Kılınç HVaudenay S(2017)Contactless Access Control Based on Distance BoundingInformation Security10.1007/978-3-319-69659-1_11(195-213)Online publication date: 22-Nov-2017
https://dl.acm.org/doi/10.1007/978-3-319-69659-1_11
Show More Cited By

Index Terms

On two RFID privacy notions and their relations
1. Security and privacy
  1. Cryptography
  2. Systems security
    1. Operating systems security

Recommendations

RFID: The Next Serious Threat to Privacy

Radio Frequency Identification, or RFID, is a technology which has been receiving considerable attention as of late. It is a fairly simple technology involving radio wave communication between a microchip and an electronic reader, in which an ...
RFID privacy: relation between two notions, minimal condition, and efficient construction
CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the ...
Impossibility results for RFID privacy notions
Transactions on computational science XI

RFID systems have become increasingly popular and are already used in many real-life applications. Although very useful, RFIDs introduce privacy risks since they carry identifying information that can be traced. Hence, several RFID privacy models have ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 14, Issue 4

December 2011

138 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/2043628

Issue’s Table of Contents

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Accepted: 01 July 2011

Revised: 01 December 2010

Received: 01 June 2010

Published: 26 December 2008

Published in TISSEC Volume 14, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
836
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sakai KSun MKu WLai T(2019)On The Performance Bound of Structured Key-Based RFID Authentication2019 IEEE International Conference on Pervasive Computing and Communications (PerCom10.1109/PERCOM.2019.8767391(1-10)Online publication date: Mar-2019
https://doi.org/10.1109/PERCOM.2019.8767391
Komori YSakai KFukumoto S(2018)Fast and secure tag authentication in large-scale RFID systems using skip graphsComputer Communications10.1016/j.comcom.2017.11.008116(77-89)Online publication date: Jan-2018
https://doi.org/10.1016/j.comcom.2017.11.008
Kılınç HVaudenay S(2017)Contactless Access Control Based on Distance BoundingInformation Security10.1007/978-3-319-69659-1_11(195-213)Online publication date: 22-Nov-2017
https://dl.acm.org/doi/10.1007/978-3-319-69659-1_11
Zhuang YHancke GWong D(2015)How to Demonstrate Our Presence Without Disclosing Identity? Evidence from a Grouping-Proof ProtocolRevised Selected Papers of the 16th International Workshop on Information Security Applications - Volume 950310.1007/978-3-319-31875-2_35(423-435)Online publication date: 20-Aug-2015
https://dl.acm.org/doi/10.1007/978-3-319-31875-2_35
Yang ALiang KZhuang YWong DJia X(2015)A new unpredictability-based radio frequency identification forward privacy model and a provably secure constructionSecurity and Communication Networks10.1002/sec.12088:16(2836-2849)Online publication date: 10-Nov-2015
https://dl.acm.org/doi/10.1002/sec.1208
Li YDeng RBertino E(2013)RFID Security and PrivacySynthesis Lectures on Information Security, Privacy, and Trust10.2200/S00550ED1V01Y201311SPT0074:3(1-157)Online publication date: 26-Dec-2013
https://doi.org/10.2200/S00550ED1V01Y201311SPT007
Yang AZhuang YWong DYang G(2013)A New Unpredictability-Based RFID Privacy ModelNetwork and System Security10.1007/978-3-642-38631-2_35(479-492)Online publication date: 2013
https://doi.org/10.1007/978-3-642-38631-2_35

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents