research-article

Defining strong privacy for RFID

Authors:

Stephen A. WeisAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 13, Issue 1

Article No.: 7, Pages 1 - 23

https://doi.org/10.1145/1609956.1609963

Published: 06 November 2009 Publication History

Abstract

In this work, we consider privacy in Radio Frequency IDentification (RFID) systems. Our contribution is twofold: (i) We propose a simple, formal definition of strong privacy useful for basic analysis of RFID systems, as well as a different (weaker) definition applicable to multiverifier systems; (ii) We apply our definition to reveal vulnerabilities in several proposed privacy-enhancing RFID protocols; and (iii) We formally analyze and suggest improvements to hash-locks, one of the first privacy-enhancing RFID protocols in the literature.

References

[1]

Alien Technology. 2005. Alien Technology Corporation achieves another step toward pervasive, economic RFID with announcement of 12.9 cent RFID labels. Alien Technology Press release. http://www.alientechnology.com.

[2]

Avoine, G. 2005. Adversarial model for radio frequency identification. Cryptology ePrint Archive. Report 2005/049. http://eprint.iacr.org

[3]

Avoine, G. 2006. Security and privacy in RFID systems. http://lasecwww.ep.ch/figavoine/rfid/.

[4]

Avoine, G., Dysli, E., and Oechslin, P. 2005. Reducing time complexity in RFID systems. In Proceedings of the 12th Annual Workshop on Selected Areas in Cryptography (SAC'05). Springer-Verlag, Berlin.

Digital Library

[5]

Avoine, G. and Oechslin, P. 2005a. RFID traceability: A multilayer problem. In Proceedings of the 9th International Conference on Financial Cryptography and Data Security (FC'05). Springer-Verlag, Berlin, 125--140.

Digital Library

[6]

Avoine, G. and Oechslin, P. 2005b. A scalable and provably secure hash based RFID protocol. In Proceedings of the 2nd IEEE International Workshop on Pervasive Computing and Communication Security (PerSec'05). IEEE, Los Alamitos, CA, 110--114.

Digital Library

[7]

Burmester, M., van Le, T., and de Medeiros, B. 2006. Provably secure ubiquitous systems: Universally composable RFID authentication protocols. http://eprint.iacr.org/2006/131.pdf.

[8]

Canetti, R. Universally composable security: A new paradigm for cryptographic protocols. IACR ePrint Report 2000/067. http://eprint.iacr.org/2000/067

[9]

Engberg, S., Harning, M., and Jensen, C. 2004. Zero-knowledge device authentication: Privacy and security enhanced RFID preserving business value and consumer convenience. In Proceedings of the 2nd Annual Conference on Privacy, Security, and Trust. IEEE, Los Alamitos, CA.

[10]

Fishkin, K. P., Roy, S., and Jiang, B. 2004. Some methods for privacy in RFID communication. In Proceedings of the 1st European Workshop on Security in Ad-Hoc and Sensor Networks (ESAS'04). Springer, Berlin.

Digital Library

[11]

Golle, P., Jakobsson, M., Juels, A., and Syverson, P. 2004. Universal re-encryption for mixnets. In Proceedings of the Cryptographers' Track RSA Conference (CT-RSA). Springer, Berlin, 163--178.

[12]

Hellman, M. 1980. A cryptanalytic time-memory tradeoff. IEEE Trans. Inf. Theor. 26, 401--406.

Digital Library

[13]

Juels, A. 2004. Minimalist cryptography for low-cost RFID tags. In Proceedings of the 4th International Conference on Security in Communication Networks (SCN'04). Springer-Verlag, Berlin, 149--164.

Digital Library

[14]

Juels, A. 2006. RFID security and privacy: A research survey. IEEE J. Sel. Areas Comm. 24, 2.

Digital Library

[15]

Juels, A., Rivest, R., and Szydlo, M. 2003. The blocker tag: Selective blocking of RFID tags for consumer privacy. In Proceedings of the 8th ACM Conference on Computer and Communications Security. ACM, New York, 103--111.

Digital Library

[16]

Kahn, F. 2005. Can zero-knowledge tags protect privacy&quest; RFID J. http://www.rfidjournal.com/article/articleview/1891/1/1/.

[17]

Kinoshita, A., Ohkubo, M., Hoshino, F., Morohashi, G., Shionoiri, O., and Kanai, A. 2005. Privacy enhanced active RFID tag. In Proceedings of the International Workshop on Exploiting Context Histories in Smart Environments. Springer-Verlag, Berlin.

[18]

Molnar, D., Soppera, A., and Wagner, D. 2005. A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In Proceedings of the 12th Annual Workshop on Selected Areas in Cryptography (SAC'05). Springer-Verlag, Berlin.

Digital Library

[19]

Molnar, D. and Wagner, D. 2004. Privacy and security in library RFID: Issues, practices, and architectures. In Proceedings of the ACM Conference on Communications and Computer Security. ACM, New York, 210--219.

Digital Library

[20]

Nohara, Y., Inoue, S., Baba, K., and Yasuura, H. 2005. Quantitative evaluation of unlinkable ID matching schemes. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES'05). ACM, New York.

Digital Library

[21]

O'Connor, M. 2006. EPC tags subject to phone attacks. RFID J. http://www1.rfidjournal.com/article/articleview/2167/1/1.

[22]

Oechslin, P. 2003. Making a faster cryptanalytic time-memory trade-off. In Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques. Springer-Verlag, Berlin, 617--630.

[23]

Ohkubo, M., Suzuki, K., and Kinoshita, S. 2004. Efficient hash-chain-based RFID privacy protection scheme. In Proceedings of the International Conference on Ubiquitous Computing. Springer-Verlag, Berlin.

[24]

Tsudik, G. 2006a. Personal communication.

[25]

Tsudik, G. 2006b. YA-TRAP: Yet another trivial RFID authentication protocol. In Proceedings of the 4th Annual Conference on Pervasive Computing and Communications (PerCom'06). IEEE, Los Alamitos, CA.

Digital Library

[26]

Weis, S., Sarma, S., Rivest, R., and Engels, D. 2003. Security and privacy aspects of low-cost radio frequency identification systems. In Proceedings of the International Conference on Security in Pervasive Computing (SPC'03). Springer-Verlag, Berlin, 454--469.

Cited By

Jeanteur SKovács LMaffei MRawson M(2024)CryptoVampire: Automated Reasoning for the Complete Symbolic Attacker Cryptographic Model2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00246(3165-3183)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00246
Yan LLi LMu XWang HChen XShin H(2023)Differential Privacy Preservation for Location SemanticsSensors10.3390/s2304212123:4(2121)Online publication date: 13-Feb-2023
https://doi.org/10.3390/s23042121
Gancher JGibson SSingh PDharanikota SParno B(2023)Owl: Compositional Verification of Security Protocols via an Information-Flow Type System2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179477(1130-1147)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179477
Show More Cited By

Index Terms

Defining strong privacy for RFID
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Theory of computation
  1. Logic
  2. Models of computation

Recommendations

RFID privacy: relation between two notions, minimal condition, and efficient construction
CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the ...
Defining Strong Privacy for RFID
PERCOMW '07: Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops

In this work, we consider privacy in Radio Frequency IDentification (RFID) systems. Our contribution is twofold: (1) We propose a simple, formal definition of strong privacy useful for basic analysis of RFID systems, as well as a different (weaker) ...
A Novel Anonymous RFID Authentication Protocol Providing Strong Privacy and Security
MINES '10: Proceedings of the 2010 International Conference on Multimedia Information Networking and Security

As the radio frequency identification (RFID) technology continues to evolve and mature, RFID tags can be implemented in a wide range of applications. Due to the shared wireless medium between the RFID reader and the RFID tag, however, adversaries can ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 13, Issue 1

October 2009

289 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/1609956

Issue’s Table of Contents

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2009

Accepted: 01 January 2009

Revised: 01 November 2008

Received: 01 April 2007

Published in TISSEC Volume 13, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

102
Total Citations
View Citations
1,966
Total Downloads

Downloads (Last 12 months)37
Downloads (Last 6 weeks)1

Reflects downloads up to 21 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jeanteur SKovács LMaffei MRawson M(2024)CryptoVampire: Automated Reasoning for the Complete Symbolic Attacker Cryptographic Model2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00246(3165-3183)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00246
Yan LLi LMu XWang HChen XShin H(2023)Differential Privacy Preservation for Location SemanticsSensors10.3390/s2304212123:4(2121)Online publication date: 13-Feb-2023
https://doi.org/10.3390/s23042121
Gancher JGibson SSingh PDharanikota SParno B(2023)Owl: Compositional Verification of Security Protocols via an Information-Flow Type System2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179477(1130-1147)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179477
Baelde DKoutsos ALallemand J(2023)A Higher-Order Indistinguishability Logic for Cryptographic Reasoning2023 38th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)10.1109/LICS56636.2023.10175781(1-13)Online publication date: 26-Jun-2023
https://doi.org/10.1109/LICS56636.2023.10175781
Cheval VRakotonirina I(2023)Indistinguishability Beyond Diff-Equivalence in ProVerif2023 IEEE 36th Computer Security Foundations Symposium (CSF)10.1109/CSF57540.2023.00036(184-199)Online publication date: Jul-2023
https://doi.org/10.1109/CSF57540.2023.00036
Maurya PGhosh HBagchi S(2023)MDS Code Based Ultralightweight Authentication Protocol for RFID SystemIEEE Access10.1109/ACCESS.2023.323953011(10563-10577)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3239530
Hristea CŢiplea F(2023)Destructive Privacy and Mutual Authentication in Vaudenay’s RFID ModelSoft Computing Applications10.1007/978-3-031-23636-5_51(648-676)Online publication date: 27-Oct-2023
https://doi.org/10.1007/978-3-031-23636-5_51
Tiplea F(2022)Lessons to be Learned for a Good Design of Private RFID SchemesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.305580819:4(2384-2395)Online publication date: 1-Jul-2022
https://doi.org/10.1109/TDSC.2021.3055808
Cremers CFontaine CJacomme C(2022)A Logic and an Interactive Prover for the Computational Post-Quantum Security of Protocols2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833800(125-141)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833800
Bagheri NKumari SCamara CPeris-Lopez P(2022)Defending Industry 4.0: An Enhanced Authentication Scheme for IoT DevicesIEEE Systems Journal10.1109/JSYST.2021.313168916:3(4501-4512)Online publication date: Sep-2022
https://doi.org/10.1109/JSYST.2021.3131689
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents