Abstract
RFID-based systems are becoming a widely deployed pervasive technology that is more and more used in applications where privacy-sensitive information is entrusted to RFID tags. Thus, a careful analysis in appropriate security and privacy models is needed before deployment to practice.
Recently, Vaudenay presented a comprehensive security and privacy model for RFID that captures most previously proposed privacy models. The strongest achievable notion of privacy in this model (narrow-strong privacy) requires public-key cryptography, which in general exceeds the computational capabilities of current cost-efficient RFIDs. Other privacy notions achievable without public-key cryptography heavily restrict the power of the adversary and thus are not suitable to realistically model the real world.
In this paper, we extend and improve the current state-of-the art for privacy-protecting RFID by introducing a security and privacy model for anonymizer-enabled RFID systems. Our model builds on top of Vaudenay’s model and supports anonymizers, which are separate devices specifically designated to ensure the privacy of tags. We present a privacy-preserving RFID protocol that uses anonymizers and achieves narrow-strong privacy without requiring tags to perform expensive public-key operations (i.e., modular exponentiations), thus providing a satisfying notion of privacy for cost-efficient tags.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Atmel Corporation: Innovative IDIC solutions (2007), http://www.atmel.com/dyn/resources/prod_documents/doc4602.pdf
Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 210–219. ACM Press, New York (2004)
Calypso Networks Association: Web site of Calypso Networks Association. (May 2007), http://www.calypsonet-asso.org/
NXP Semiconductors: MIFARE smartcard ICs (September 2008), http://www.mifare.net/products/smartcardics/
Sony Global: Web site of Sony FeliCa (June 2008), http://www.sony.net/Products/felica/
Sadeghi, A.R., Visconti, I., Wachsmann, C.: User privacy in transport systems based on RFID e-tickets. In: International Workshop on Privacy in Location-Based Applications (PiLBA), Malaga, Spain, October 9 (2008)
I.C.A. Organization: Machine Readable Travel Documents, Doc 9303, Part 1 Machine Readable Passports, Fifth Edition (2003)
Juels, A.: RFID security and privacy: A research survey. Journal of Selected Areas in Communication 24(2), 381–395 (2006)
Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 50–59. Springer, Heidelberg (2004)
Lim, C.H., Kwon, T.: Strong and robust RFID authentication enabling perfect ownership transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)
Spirtech: CALYPSO functional specification: Card application, version 1.3. (October 2005), http://calypso.spirtech.net/
Octopus Holdings: Web site of Octopus Holdings (June 2008), http://www.octopus.com.hk/en/
Avoine, G.: Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049 (2005)
Juels, A., Weis, S.A.: Defining strong privacy for RFID. Cryptology ePrint Archive, Report 2006/137 (2006)
Damgård, I., Østergaard, M.: RFID security: Tradeoffs between security and efficiency. Cryptology ePrint Archive, Report 2006/234 (2006)
Burmester, M., van Le, T., de Medeiros, B.: Provably secure ubiquitous systems: Universally composable RFID authentication protocols. In: Proceedings of Second International Conference on Security and Privacy in Communication Networks (SecureComm), pp. 1–9. IEEE Computer Society, Los Alamitos (2006)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to privacy-friendly tags (November 2003)
Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Paise, R.I., Vaudenay, S.: Mutual authentication in RFID: Security and privacy. In: ASIACCS 2008: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 292–299. ACM Press, New York (2008)
Ng, C.Y., Susilo, W., Mu, Y., Safavi-Naini, R.: RFID privacy models revisited. In: [53], pp. 251–256
Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)
Katz, J., Shin, J.S.: Parallel and Concurrent Security of the HB and HB+ Protocols. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 73–87. Springer, Heidelberg (2006)
Katz, J., Smith, A.: Analyzing the HB and HB+ protocols in the large error case. Cryptology ePrint Archive, Report 2006/326 (2006)
Katz, J.: Efficient Cryptographic Protocols Based on the Hardness of Learning Parity with Noise. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 1–15. Springer, Heidelberg (2007)
Gilbert, H., Robshaw, M., Silbert, H.: An active attack against HB+ — A provable secure leightweight authentication protocol. Cryptology ePrint Archive, Report 2007/237 (2007)
Gilbert, H., Robshaw, M.J.B., Seurin, Y.: Good Variants of HB+ Are Hard to Find. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 156–170. Springer, Heidelberg (2008)
Ouafi, K., Overbeck, R., Vaudenay, S.: On the Security of HB# against a Man-in-the-Middle Attack. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 108–124. Springer, Heidelberg (2008)
Frumkin, D., Shamir, A.: Un-Trusted-HB: Security Vulnerabilities of Trusted-HB. Cryptology ePrint Archive, Report 2009/044 (2009)
Levieil, E., Fouque, P.A.: An Improved LPN Algorithm. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 348–359. Springer, Heidelberg (2006)
Tsudik, G.: YA-TRAP: Yet Another Trivial RFID Authentication Protocol. In: Security in Pervasive Computing. LNCS, vol. 2802, pp. 640–643. IEEE Computer Society, Los Alamitos (2006)
Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, pp. 149–153. IEEE Computer Society, Los Alamitos (2004)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient hash-chain based RFID privacy protection scheme. In: International Conference on Ubiquitous Computing (UbiComp), Workshop Privacy: Current Status and Future Directions (September 2004)
Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm), pp. 59–66. IEEE Computer Society, Los Alamitos (2005)
Song, B., Mitchell, C.J.: RFID authentication protocol for low-cost tags. In: Proceedings of the First ACM Conference on Wireless Network Security, pp. 140–147. ACM Press, New York (2008)
Sadeghi, A.R., Visconti, I., Wachsmann, C.: Location privacy in RFID applications. In: Bettini, C., et al. (eds.) Privacy in Location-Based Applications: Research Issues and Emerging Trends. LNCS, vol. 5599, pp. 127–150. Springer, Heidelberg (2009)
Juels, A., Pappu, R.: Squealing Euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)
Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal re-encryption for mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)
Saito, J., Ryou, J.C., Sakurai, K.: Enhancing privacy of universal re-encryption scheme for RFID tags. In: Yang, L.T., Guo, M., Gao, G.R., Jha, N.K. (eds.) EUC 2004. LNCS, vol. 3207, pp. 879–890. Springer, Heidelberg (2004)
Ateniese, G., Camenisch, J., de Medeiros, B.: Untraceable RFID tags via insubvertible encryption. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 92–101. ACM Press, New York (2005)
Economist: Security technology: Where’s the smart money? The Economist, 69–70 (February 2002)
Juels, A.: Minimalist cryptography for low-cost RFID tags (extended abstract). In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)
Avoine, G., Dysli, E., Oechslin, P.: Reducing time complexity in RFID systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006)
Ha, J.H., Moon, S.J., Zhou, J., Ha, J.C.: A new formal proof model for RFID location privacy. In: [53], pp. 267–281.
D’Arco, P., Scafuro, A., Visconti, I.: Semi-Destructive Privacy in DoS-Enabled RFID systems. In: Proceedings of RFIDSec 2009 (July 2009)
D’Arco, P., Scafuro, A., Visconti, I.: Revisiting DoS attacks and privacy in RFID-enabled networks. In: Dolev, S. (ed.) ALGOSENSORS 2009. LNCS, vol. 5804, p. 263. Springer, Heidelberg (2009)
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)
Prabhakaran, M., Rosulek, M.: Homomorphic encryption with CCA security. Cryptology ePrint Archive, Report 2005/079 (2008)
Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28, 270–299 (1984)
Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)
Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designingefficient protocols. In: Proceedings of the Annual Conference on Computer and Communications Security (CCS) (1994)
Danev, B., Heydt-Benjamin, T.S., Capkun, S.: Physical-layer Identification of RFID Devices. In: 18th USENIX Security Symposium, Montreal, Canada, August 10-14, pp. 199–214 (2009)
Sadeghi, A.R., Visconti, I., Wachsmann, C.: Efficient RFID security and privacy with anonymizers. In: Proceedings of RFIDSec 2009 (July 2009)
Jajodia, S., Lopez, J. (eds.): ESORICS 2008. LNCS, vol. 5283, p. 602. Springer, Heidelberg (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sadeghi, AR., Visconti, I., Wachsmann, C. (2009). Anonymizer-Enabled Security and Privacy for RFID. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds) Cryptology and Network Security. CANS 2009. Lecture Notes in Computer Science, vol 5888. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10433-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-10433-6_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10432-9
Online ISBN: 978-3-642-10433-6
eBook Packages: Computer ScienceComputer Science (R0)