Abstract
We provide a formal model for identification schemes. Under this model, we give strong definitions for security and privacy. Our model captures the notion of a powerful adversary who can monitor all communications, trace tags within a limited period of time, corrupt tags, and get side channel information on the reader output. Adversaries who do not have access to this side channel are called narrow adversaries. Depending on restrictions on corruption, adversaries are called strong, destructive, forward, or weak adversaries. We derive some separation results: strong privacy is impossible. Narrow-strong privacy implies key agreement. We also prove some constructions: narrow-strong and forward privacy based on a public-key cryptosystem, narrow-destructive privacy based on a random oracle, and weak privacy based on a pseudorandom function.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Aumasson, J.-Ph., Finiasz, M., Meier, W., Vaudenay, S.: TCHo: a Hardware-Oriented Trapdoor Cipher. In: Information Security and Privacy (ACISP 2007), Townsville, Australia. LNCS, vol. 4586, pp. 184–199. Springer, Heidelberg (2007)
Avoine, G.: Cryptography in Radio Frequency Identification and Fair Exchange Protocols. PhD Thesis no. 3407, EPFL (2005), http://library.epfl.ch/theses/?nr=3407
Avoine, G., Dysli, E., Oechslin, P.: Reducing Time Complexity in RFID Systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006)
Avoine, G., Oechslin, P.: RFID Traceability: A Multilayer Problem. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)
Batina, L., Mentens, N., Sakiyama, K., Preneel, B., Verbauwhede, I.: Security and Privacy in Ad-Hoc and Sensor Networks. In: Buttyán, L., Gligor, V., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, Springer, Heidelberg (2006)
Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations Among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, Springer, Heidelberg (1998)
Bocchetti, S.: Security and Privacy in RFID Protocols. Master Thesis (2006)
Burmester, M., van Le, T., de Medeiros, B.: Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols. In: SecureComm 2006. Conference on Security and Privacy for Emerging Areas in Communication Networks, Baltimore, MA, USA, IEEE, Los Alamitos (2006)
Calmels, B., Canard, S., Girault, M., Sibert, H.: Low-Cost Cryptography for Privacy in RFID Systems. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 237–251. Springer, Heidelberg (2006)
Damgård, I., Østergaard, M.: RFID Security: Tradeoffs between Security and Efficiency. Technical report 2006/234, IACR (2006), http://eprint.iacr.org/2006/234
Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22, 644–654 (1976)
Dimitriou, T.: A Lightweight RFID Protocol to Protect against Traceability and Cloning Attacks. In: SecureComm 2005. Conference on Security and Privacy for Emerging Areas in Communication Networks, Athens, Greece, IEEE, Los Alamitos (2005), http://ieeexplore.ieee.org/iel5/10695/33755/01607559.pdf?arnumber=1607559
Dolev, D., Dwork, C., Naor, M.: Non-Malleable Cryptography. In: Proceedings of the 23rd ACM Symposium on Theory of Computing, New Orleans, Louisiana, U.S.A, pp. 542–552. ACM Press, New York (1991)
Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems using the AES Algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)
Feldhofer, M., Rechberger, C.: A Case against Currently used Hash Functions in RFID Protocols. In: Meersman, R., Tari, Z., Herrero, P. (eds.) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. LNCS, vol. 4277, pp. 372–381. Springer, Heidelberg (2006)
Finiasz, M., Vaudenay, S.: When Stream Cipher Analysis Meets Public-Key Cryptography (Invited Talk.). In: Proceedings of SAC 2006. LNCS, Springer, Heidelberg (2006)
Gilbert, H., Robshaw, M., Sibert, H.: An Active Attack Against HB+: A Provably Secure Lightweight Authentication Protocol. IEE Electronic Letters 41, 1169–1170 (2005)
Girault, M., Lefranc, D.: Public Key Authentication with One (Online) Single Addition. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 413–427. Springer, Heidelberg (2004)
Girault, M., Poupard, G., Stern, J.: On the Fly Authentication and Signature Schemes Based on Groups of Unknown Order. Journal of Cryptology 19, 463–487 (2006)
Goldwasser, S., Micali, S.: Probabilistic Encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984)
Hall, J., Barbeau, M., Kranakis, E.: Detecting Rogue Devices in Bluetooth Networks using Radio Frequency Fingerprinting. In: Proceedings of the Third IASTED International Conference on Communications and Computer Networks (CCN 2006), Lima, Peru, pp. 108–113. IASTED/ACTA Press (2006)
ISO/IEC 14443-3. Identification Cards — Contactless Integrated Circuit(s) Cards — Proximity Cards. Part 3: Initialization and Anticollision. ISO (2001)
Juels, A., Weis, S.: Authenticating Pervasive Devices with human Protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)
Juels, A., Weis, S.: Defining Strong Privacy for RFID. Technical report 2006/137, IACR (2006), http://eprint.iacr.org/2006/137
Katz, J., Shin, J.S.: Parallel and Concurrent Security of the HB and HB+ Protocols. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 73–87. Springer, Heidelberg (2006)
van Le, T., Burmester, M., de Medeiros, B.: Universally Composable and Forward Secure RFID Authentication and Authenticated Key Exchange. In: ASIACCS 2007. Proceedings of the 2007 ACM Symposium on Information, Computer and Communications Security, Singapore, pp. 242–252. ACM, New York (2007)
Lim, C.H., Kwon, T.: Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)
Molnar, D., Wagner, D.: Privacy and Security in Library RFID: Issues, Practices, and Architectures. In: 11th ACM Conference on Computer and Communications Security, Washington, DC, USA, pp. 210–219. ACM Press, New York (2004)
Naor, M., Yung, M.: Public-Key Cryptosystems Provably Secure against Chosen Ciphertext Attacks. In: Proceedings of the 22nd ACM Symposium on Theory of Computing, Baltimore, Maryland, U.S.A, pp. 427–437. ACM Press, New York (1990)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic Approach to a Privacy Friendly Tag. In: Presented at the RFID Privacy Workshop, MIT, USA (2003)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient Hash-Chain based RFID Privacy Protection Scheme. In: Davies, N., Mynatt, E.D., Siio, I. (eds.) UbiComp 2004. LNCS, vol. 3205, Springer, Heidelberg (2004)
Ohkubo, M., Suzuki, K.: RFID Privacy Issues and Technical Challenges. Communications of the ACM 48, 66–71 (2005)
Paise, R.I.: A Privacy Model for Mutual Authentication in Radio Frequency Systems. Master Thesis (2007)
Rackoff, C., Simon, D.: Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, Springer, Heidelberg (1992)
Robshaw, M.J.B.: Searching for Compact Algorithms: CGEN. In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 37–49. Springer, Heidelberg (2006)
Rudich, S.: The Use of Interaction in Public Cryptosystems. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 242–251. Springer, Heidelberg (1992)
Shoup, V.: Sequences of Games: A Tool for Taming Complexity in Security Proofs. Technical report 2004/332, IACR (2004), http://eprint.iacr.org/2004/332
Vaudenay, S.: RFID Privacy based on Public-Key Cryptography (Invited Talk). In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 1–6. Springer, Heidelberg (2006)
Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 454–469. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vaudenay, S. (2007). On Privacy Models for RFID. In: Kurosawa, K. (eds) Advances in Cryptology – ASIACRYPT 2007. ASIACRYPT 2007. Lecture Notes in Computer Science, vol 4833. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76900-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-76900-2_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76899-9
Online ISBN: 978-3-540-76900-2
eBook Packages: Computer ScienceComputer Science (R0)