Abstract
We give an intuitive formal definition of untraceability in the standard Dolev-Yao intruder model, inspired by existing definitions of anonymity. We show how to verify whether communication protocols satisfy the untraceability property and apply our methods to known RFID protocols. We show a previously unknown attack on a published RFID protocol and use our framework to prove that the protocol is not untraceable.
Chapter PDF
Similar content being viewed by others
References
Murray, C.J.: RFID tags: driving toward 5 cents. Design News (April 24, 2006)
Hoepman, J.H., Hubbers, E., Jacobs, B., Oostdijk, M., Wichers Schreur, R.: Crossing borders: Security and privacy issues of the European e-passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S.-i. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006)
Yoshida, J.: Euro bank notes to embed RFID chips by 2005. EETimes (December 19, 2001)
Gilbert, A.: Major retailers to test ’smart shelves’. CNET (January 8, 2003)
O’Conner, M.C.: Gilette fuses RFID with product launch. RFID Journal (March 27, 2006)
Wong, F.L., Stajano, F.: Location privacy in Bluetooth. In: Molva, R., Tsudik, G., Westhoff, D. (eds.) ESAS 2005. LNCS, vol. 3813, pp. 176–188. Springer, Heidelberg (2005)
Jakobsson, M., Wetzel, S.: Security weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 176–191. Springer, Heidelberg (2001)
Clark, J.A., Jacob, J.L.: A survey of authentication protocol literature. Technical Report 1.0 (1997)
Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using fdr. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)
Garcia, F.D., Hasuo, I., Pieters, W., van Rossum, P.: Provable anonymity. In: FMSE, pp. 63–72 (2005)
Mauw, S., Verschuren, J., de Vink, E.: A Formalization of Anonymity and Onion Routing. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 109–124. Springer, Heidelberg (2004)
Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)
Di Pietro, R., Molva, R.: Information confinement, privacy, and security in RFID systems. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 187–202. Springer, Heidelberg (2007)
Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)
Saito, J., Ryou, J.C., Sakurai, K.: Enhancing privacy of universal re-encryption scheme for RFID tags. In: Yang, L.T., Guo, M., Gao, G.R., Jha, N.K. (eds.) EUC 2004. LNCS, vol. 3207, pp. 879–890. Springer, Heidelberg (2004)
Garfinkel, S., Juels, A., Pappu, R.: RFID privacy: An overview of problems and proposed solutions. In: IEEE Security and Privacy, May-June 2005, vol. 3(3), pp. 34–43 (2005)
Juels, A.: RFID security and privacy: A research survey. Manuscript (September 2005)
Tan, C.C., Sheng, B., Li, Q.: Severless search and authentication protocols for RFID. In: International Conference on Pervasive Computing and Communications – PerCom 2007, USA, IEEE,, March 2007, IEEE Computer Society Press, New York (2007)
Seo, Y., Lee, H., Kim, K.: A scalable and untraceable authentication protocol for RFID. In: Zhou, X., Sokolsky, O., Yan, L., Jung, E.-S., Shao, Z., Mu, Y., Lee, D.C., Kim, D.Y., Jeong, Y.-S., Xu, C.-Z. (eds.) EUC Workshops 2006. LNCS, vol. 4097, pp. 252–261. Springer, Heidelberg (2006)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to privacy-friendly tags. In: RFID Privacy Workshop, MIT, MA, USA (November 2003)
Kang, J., Nyang, D.: RFID Authentication Protocol with Strong Resistance Against Traceability and Denial of Service Attacks. In: Molva, R., Tsudik, G., Westhoff, D. (eds.) ESAS 2005. LNCS, vol. 3813, pp. 164–175. Springer, Heidelberg (2005)
Dimitriou, T.: A secure and efficient RFID protocol that could make big brother (partially) obsolete. In: PerCom, pp. 269–275 (2006)
Choi, E.Y., Lee, S.M., Lee, D.H.: Efficient RFID Authentication Protocol for Ubiquitous Computing Environment. In: Enokido, T., Yan, L., Xiao, B., Kim, D.Y., Dai, Y.-S., Yang, L.T. (eds.) EUC-WS 2005. LNCS, vol. 3823, pp. 945–954. Springer, Heidelberg (2005)
Nguyen Duc, D., Park, J., Lee, H., Kim, K.: Enhancing security of EPCGlobal Gen-2 RFID tag against traceability and cloning. In: Symposium on Cryptography and Information Security, Hiroshima, Japan (January 2006)
Piramuthu, S.: On existence proofs for multiple RFID tags. In: IEEE International Conference on Pervasive Services, Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing – SecPerU 2006, Lyon, France, June 2006, IEEE Computer Society Press, Los Alamitos (2006)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J., Ribagorda, A.: RFID Systems: A Survey on Security Threats and Proposed Solutions. In: Cuenca, P., Orozco-Barbosa, L. (eds.) PWC 2006. LNCS, vol. 4217, pp. 159–170. Springer, Heidelberg (2006)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J., Ribagorda, A.: Cryptanalysis of a novel authentication protocol conforming to epc-c1g2 standard (2007)
Martinez, S., Magda, V., Concepcio, R., Fransesc, G., Josep, M.: An elliptic curve and zero knowledge based forward secure RFID protocol (2007)
Alomair, B., Lazos, L., Poovendran, R.: Passive attacks on a class of authentication protocols for RFID. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 102–115. Springer, Heidelberg (2007)
Nohl, K., Evans, D.: Quantifying information leakage in tree-based hash protocols. Technical Report UVA-CS-2006-20, University of Virginia, Department of Computer Science, Charlottesville, Virginia, USA (2006)
Tsudik, G.: YA-TRAP: Yet another trivial RFID authentication protocol. In: International Conference on Pervasive Computing and Communications – PerCom 2006, Pisa, Italy, March 2006, IEEE Computer Society Press, Los Alamitos (2006)
Ateniese, G., Camenisch, J., de Medeiros, B.: Untraceable RFID tags via insubvertible encryption. In: Conference on Computer and Communications Security – CCS 2005, Alexandria, Virginia, USA, November 2005, ACM Press, New York (2005)
Avoine, G.: Adversary model for radio frequency identification. Technical Report LASEC-REPORT-2005-001, Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC), Lausanne, Switzerland (September 2005)
Juels, A., Weis, S.A.: Defining strong privacy for RFID. In: PerCom Workshops, pp. 342–347 (2007)
Chatmon, C., van, L.T., Burmester, M.: Secure anonymous RFID authentication protocols. Technical Report TR-060112, Florida State University, Department of Computer Science, Tallahassee, Florida, USA (2006)
Tsudik, G.: A family of dunces: Trivial RFID identification and authentication protocols. Cryptology ePrint Archive, Report 2006/015 (2007)
Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm, Athens, Greece, September 2005, IEEE, Los Alamitos (2005)
Lee, S., Asano, T., Kim, K.: RFID mutual authentication scheme based on synchronized secret information. In: Symposium on Cryptography and Information Security, Hiroshima, Japan (January 2006)
Steinbrecher, S., Köpsell, S.: Modelling unlinkability. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 32–47. Springer, Heidelberg (2003)
Huang, D.: On measuring anonymity for wireless mobile ad-hoc networks. In: 31st IEEE Conference on Local Computer Networks, pp. 779–786. IEEE Press, Los Alamitos, CA (2006)
Schneider, S., Sidiropoulos, A.: CSP and anonymity. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 198–218. Springer, Heidelberg (1996)
Avoine, G., Oechslin, P.: RFID Traceability: A Multilayer Problem. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)
Cremers, C., Mauw, S.: Operational Semantics of Security Protocols. In: Leue, S., Systä, T.J. (eds.) Scenarios: Models, Transformations and Tools. LNCS, vol. 3466, pp. 66–89. Springer, Heidelberg (2005)
Cooper, C.: On the rank of random matrices. Random Structures and Algorithms 16(2) (2000)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
van Deursen, T., Mauw, S., Radomirović, S. (2008). Untraceability of RFID Protocols. In: Onieva, J.A., Sauveron, D., Chaumette, S., Gollmann, D., Markantonakis, K. (eds) Information Security Theory and Practices. Smart Devices, Convergence and Next Generation Networks. WISTP 2008. Lecture Notes in Computer Science, vol 5019. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79966-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-79966-5_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79965-8
Online ISBN: 978-3-540-79966-5
eBook Packages: Computer ScienceComputer Science (R0)