Abstract
Like many technologies, low-cost Radio Frequency Identification (RFID) systems will become pervasive in our daily lives when affixed to everyday consumer items as ”smart labels”. While yielding great productivity gains, RFID systems may create new threats to the security and privacy of individuals or organizations. This paper presents a brief description of RFID systems and their operation. We describe privacy and security risks and how they apply to the unique setting of low-cost RFID devices. We propose several security mechanisms and suggest areas for future research.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abadi, M., Burrows, M., Kaufman, C., Lampson, B.W.: Authentication and Delegation with Smart-cards. In: Theoretical Aspects of Computer Software, pp. 326–345 (1991)
Anderson, R., Kuhn, M.: Low Cost Attacks on Tamper Resistant Devices. In: IWSP: International Workshop on Security Protocols. LNCS (1997)
Bing, B.: Broadband Wireless Access. Kluwer Academic Publishers, Dordrecht (2002)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Canetti, R., Micciancio, D., Reingold, O.: Perfectly One-Way Probabilistic Hash Functions. In: 30th Annual ACM Symposium on Theory of Computing, pp. 131–140 (1998)
CAST Inc. AES and SHA-1 Cryptoprocessor Cores, http://www.cast-inc.com
Chari, S., Jutla, C., Rao, J.R., Rohatgi, P.: A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards. In: Second Advanced Encryption Standard (AES) Candidate Conference, Rome, Italy (1999)
EAN International and the Uniform Code Council, http://www.ean-int.org
Gobioff, H., Smith, S., Tygar, J.D., Yee, B.: Smart Cards in Hostile Environments. In: 2nd USENIX Workshop on Elec. Commerce (1996)
Goldreich, O.: Foundations of Cryptography. Cambridge University Press, Cambridge (2001)
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A Ring-Based Public Key Cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)
Jakobsson, M., Wetzel, S.: Security Weaknesses in Bluetooth. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, p. 176. Springer, Heidelberg (2001)
Juels, A., Pappu, R.: Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)
Kaliski Jr., B.S., Robshaw, M.J.B.: Comments on Some New Attacks on Cryptographic Devices. RSA Laboratories’ Bulletin (5) (July 1997), http://www.rsasecurity.com/rsalabs/bulletins/
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Kocher, P.C.: Cryptanalysis of Diffie-Hellman, RSA, DSS, and other Systems Using Timing Attacks. Technical report, Cryptography Research, Inc. (1995)
Krause, M., Lucks, S.: On the Minimal Hardware Complexity of Pseudorandom Function Generators. In: Ferreira, A., Reichel, H. (eds.) STACS 2001. LNCS, vol. 2010, pp. 419–435. Springer, Heidelberg (2001)
Luby, M., Rackoff, C.: How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM Journal on Computing 17(2), 373–386 (1988)
Menezes, A.J., van Oorshot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography, ch. 1.9. CRC Press, Boca Raton (1996)
Metcalfe, R.M., Boggs, D.R.: Ethernet: Distributed Packet Switching for Local Computer Networks. Communications of the ACM 19(5), 395–404 (1976)
MIT. Auto-ID Center, http://www.autoidcenter.org
NTRU. GenuID, http://www.ntru.com/products/genuid.htm
RFID Journal. Gillette to Purchase 500 Million EPC Tags (November 2002), http://www.rfidjournal.com
RFID Journal. Michelin Embeds RFID Tags in Tires (January 2003), http://www.rfidjournal.com
Rivest, R.L.: Chaffing and Winnowing: Confidentiality without Encryption. CryptoBytes (RSA Laboratories) 4(1), 12–17 (1998)
Sarma, S.E.: Towards the Five-Cent Tag. Technical Report MIT-AUTOID-WH-006, MIT Auto-ID Center (2001)
Sarma, S.E., Weis, S.A., Engels, D.W.: RFID Systems and Security and Privacy Implications. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 454–470. Springer, Heidelberg (2003)
Stajano, F., Anderson, R.: The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In: Malcolm, J.A., Christianson, B., Crispo, B., Roe, M. (eds.) Security Protocols 1999. LNCS, vol. 1796, pp. 172–194. Springer, Heidelberg (2000)
TAMPER Lab. University of Cambridge Tamper and Monitoring Protection Engineering Research Lab., http://www.cl.cam.ac.uk/Research/Security/tamper
Uniform Code Council. Homepage, http://www.uc-council.org
Weigart, S.H.: Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defences. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 302–317. Springer, Heidelberg (2000)
Wheeler, D.J., Needham, R.M.: TEA, a Tiny Encryption Algorithm. Technical report, Computer Laboratory, University of Cambridge (1995)
Wheeler, D.J., Needham, R.M.: TEA Extensions. Technical report, Computer Laboratory, University of Cambridge (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W. (2004). Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds) Security in Pervasive Computing. Lecture Notes in Computer Science, vol 2802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39881-3_18
Download citation
DOI: https://doi.org/10.1007/978-3-540-39881-3_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20887-7
Online ISBN: 978-3-540-39881-3
eBook Packages: Springer Book Archive