Proper RFID privacy: Model and protocols

IEEE Transactions on Mobile Computing

Volumn 13, Issue 12, 2014, Pages 2888-2902

  Hermans, Jens ^a   Peeters, Roel ^a   Preneel, Bart ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

authentication; Computer security; cryptography; privacy; RFID tags

Indexed keywords

CRYPTOGRAPHY; DATA PRIVACY; SECURITY OF DATA;

RF-ID TAGS;

AUTHENTICATION;

EID: 84908530088     PISSN: 15361233     EISSN: None     Source Type: Journal    
DOI: 10.1109/TMC.2014.2314127     Document Type: Article

References (38)

1. S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, "Security and privacy aspects of low-cost radio frequency identification systems," in Proc. 1st Int. Conf. Security Pervasive Comput., 2003, vol. 2802, pp. 201-212.
2. S. Mangard, E. Oswald, and T. Popp, Power Analysis Attacks-Revealing the Secrets of Smart Cards. New York, NY, USA: Springer, 2007.
3. M. Hutter, J.-M. Schmidt, and T. Plos, "RFID and its vulnerability to faults," in Proc. SOF 10th Int. Workshop Cryptographic Hardware Embedded Syst., 2008, vol. 5154, pp. 363-379.
4. T. Kasper, D. Oswald, and C. Paar, "New methods for costeffective side-channel attacks on cryptographic RFIDs," in Proc. Radio Frequency Identification Syst. Security Workshop, 2009, p. 15.
5. R. Canetti, O. Goldreich, S. Goldwasser, and S. Micali, "Resettable zero-knowledge (extended abstract)," in Proc. 32nd Annu. ACM Symp. Theory Comput., 2000, pp. 235-244.
6. M. Bellare, M. Fischlin, S. Goldwasser, and S. Micali, "Identification protocols secure against reset attacks," in Proc. Int. Conf. Theory Appl. Cryptographic Techn., 2001, vol. 2045, pp. 495-511.
7. V. Goyal and A. Sahai, "Resettably secure computation," in Proc. 28th Annu. Int. Conf. Adv. Cryptology, 2009, vol. 5479, pp. 54-71.
8. T. van Deursen and S. Radomirović, "Insider attacks and privacy of RFID protocols," in Proc. Eur. Conf. Public Key Infrastructures, Serv., Appl., 2011, vol. 7163, pp. 65-80.
9. S. Vaudenay, "On privacy models for RFID," in Proc. Adv. Crypotology 13th Int. Conf. Theory Appl. Cryptol. Inform. Security, 2007, vol. 4833, pp. 68-87.
10. S. Canard, I. Coisel, J. Etrog, and M. Girault. (2010). Privacypreserving RFID systems: Model and constructions. [Online]. Available: http://eprint.iacr.org/.
11. M. Bellare, C. Namprempre, D. Pointcheval, and M. Semanko, "The one-more-RSA-inversion problems and the security of Chaum's blind signature scheme," J. Cryptol, vol. 16, pp. 185-215, 2003.
12. D. R. L. Brown and K. Gjøsteen, "A security analysis of the NIST SP 800-90 elliptic curve random number generator," in Proc. 27th Annu. Internat. Cryptol. Conf. Adv. Cryptol., 2007, vol. 4622, pp. 466-481.
13. M. Abdalla, M. Bellare, and P. Rogaway, "The oracle Diffie-Hellman assumptions and an analysis of DHIES," in Proc. Conf. Topics Cryptol.: The Cryptographer's Track at RSA, 2001, vol. 2020, pp. 143-158.
14. G. Avoine, E. Dysli, and P. Oechslin, "Reducing time complexity in RFID systems," in Proc. 12th Int. Conf. Select. Areas Cryptography, 2005, vol. 3897, pp. 291-306.
15. M. Burmester, T. Le, and B. Medeiros, "Provably secure ubiquitous systems: Universally composable RFID authentication protocols," in Proc. SECURECOMM Workshop, 2006, pp. 1-9.
16. T. Van Le, M. Burmester, and B. de Medeiros, "Universally composable and forward-secure RFID authentication and authenticated key exchange," in Proc. 2nd ACM Symp. Inform., Comput. Commun. Security, 2007, pp. 242-252.
17. I. Damgård and M. Ø. Pedersen, "RFID security: Tradeoffs between security and efficiency," in Proc. Cryptopgraphers' Track at the RSA Conf. Topics Cryptol., 2008, vol. 4964, pp. 318-332.
18. J. Ha, S.-J. Moon, J. Zhou, and J. Ha, "A new formal proof model for RFID location privacy," in Proc. 13th Eur. Symp. Res. Comput. Security, 2008, pp. 267-281.
19. A. Juels and S. A. Weis, "Defining strong privacy for RFID," in Proc. PerCom Workshops, 2007, pp. 342-347.
20. R.-I. Paise and S. Vaudenay, "Mutual authentication in RFID: Security and privacy," in Proc. ACM Symp. Inform., Comput. Commun. Security, 2008, pp. 292-299.
21. C. Y. Ng, W. Susilo, Y. Mu, and R. Safavi-Naini, "RFID privacy models revisited," in Proc. 13th Eur. Symp. Res. Comput. Security, 2008, vol. 5283, pp. 251-266.
22. C. Y. Ng, W. Susilo, Y. Mu, and R. Safavi-Naini, "New privacy results on synchronized RFID authentication protocols against tag tracing," in Proc. 14th Eur. Conf. Res. Comput. Security, 2009, vol. 5789, pp. 321-336.
23. J. Bringer, H. Chabanne, and T. Icart, "Efficient zero-knowledge identification schemes which respect privacy," in Proc. 4th Int. Symp. Inform., Comput. Commun. Security, 2009, pp. 195-205.
24. A.-R. Sadeghi, I. Visconti, and C. Wachsmann, "Anonymizerenabled security and privacy for RFID," in Proc. 8th Int. Conf. Cryptol. Netw. Security, 2009, vol. 5888, pp. 134-153.
25. F. Armknecht, A.-R. Sadeghi, A. Scafuro, I. Visconti, and C. Wachsmann, "Impossibility results for RFID privacy notions," in Transactions on Computational Science IX, New York, NY, USA: Springer, 2010, pp. 39-63.
26. K. Ouafi and S. Vaudenay, "Strong privacy for RFID systems from plaintext-aware encryption," in Proc. 11th Int. Conf. Cryptol. Netw. Security, 2012, vol. 7712, pp. 247-262.
27. D. Bleichenbacher, "Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1," in Proc. 18th Annu. Int. Cryptol. Conf. Adv. Cryptol., 1998, vol. 1462, pp. 1-12.
28. J.-M. Bohli and A. Pashalidis, "Relations among privacy notions," in Proc. 13th Int. Conf. Financial Cryptography Data Security, 2009, vol. 5628, pp. 362-380.
29. J. Bringer, H. Chabanne, and T. Icart, "Cryptanalysis of EC-RAC, a RFID identification protocol," in Proc. 7th Int. Conf. Cryptol. Netw. Security, 2008, vol. 5339, pp. 149-161.
30. R. Peeters, J. Hermans, and J. Fan, "IBIHOP: Proper privacy preserving mutual RFID authentication," in Proc. Workshop Radio Frequency Identification Syst. Security, 2013, vol. 11, pp. 45-56.
31. H. Krawczyk, "The order of encryption and authentication for protecting communications (or: How Secure Is SSL?)," in Proc. 21st Annu. Int. Cryptol. Conf. Adv. Cryptol., 2001, vol. 2139, pp. 310-331.
32. C.-P. Schnorr, "Efficient signature generation by smart cards," J. Cryptology, vol. 4, no. 3, pp. 161-174, 1991.
33. M. Bellare and A. Palacio, "GQ and schnorr identification schemes: Proofs of security against impersonation under active and concurrent attacks," in Proc. 22nd Annu. Int. Cryptol. Conf. Adv. Cryptol., 2002, vol. 2442, pp. 162-177.
34. A. C.-C. Yao, "Theory and applications of trapdoor functions (extended abstract)," in Proc. 23rd Annu. Symp. Foundations Comput. Sci., 1982, pp. 80-91.
35. O. Goldreich, Foundations of Cryptography: Volume 1, Basic Tools. Cambridge, U.K.: Cambridge Univ. Press, 2001.
36. Y. K. Lee, L. Batina, D. Singelée, and I. Verbauwhede, "Low-cost untraceable authentication protocols for RFID," in Proc. 3rd ACM Conf. Wireless Netw. Security, 2010, pp. 55-64.
37. E. Wenger and M. Hutter, "A hardware processor supporting elliptic curve cryptography for less than 9 kGEs," in Proc. 10th IFIP WG 8.8/11.2 Int. Conf. Smart Card Res. Adv. Appl., 2011, vol. 7079, pp. 182-198.
38. SHA-3 Zoo. Overview of all candidates for the SHA-3 hash competition organized by NIST. [Online]. Available: http://ehash. iaik.tugraz.at/wiki/The-SHA-3-Zoo.