Abstract
RFID-based access control solutions for mobile environments, e.g. ticketing systems for sport events, commonly rely on readers that are not continuously connected to the back-end system. The readers must so be able to perform their tasks even in offline mode, what commonly requires the management by the readers of sensitive data.
We stress in this paper the problem of compromised readers and its impact in practice. We provide a thorough review of the existing authentication protocols faced to this constraint, and extend our analysis with the privacy property. We show that none of the reviewed protocols fits the required properties in case of compromised readers. We then design a sporadically-online solution that meets our expectations in terms of both security and privacy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Atici, A.C., Batina, L., Fan, J., Verbauwhede, I., Yalcin, S.B.O.: Low-cost Implementations of NTRU for Pervasive Security. In: International Conference on Application-Specific Systems, Architectures and Processors – ASAP 2008, Leuven, Belgium, pp. 79–84 (July 2008)
Avoine, G., Dysli, E., Oechslin, P.: Reducing Time Complexity in RFID Systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006)
Avoine, G., Oechslin, P.: RFID Traceability: A Multilayer Problem. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)
Baudron, O., Boudot, F., Bourel, P., Bresson, E., Corbel, J., Frisch, L., Gilbert, H., Girault, M., Goubin, L., Misarsky, J.-F., Nguyen, P., Patarin, J., Pointcheval, D., Poupard, G., Stern, J., Traoré, J.: GPS - An Asymmetric Identification Scheme for on the Fly Authentication of Low Cost Smart Cards. In: A proposal to NESSIE (2001)
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)
Bogdanov, A., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J., Seurin, Y.: Hash Functions and RFID Tags: Mind The Gap. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 283–299. Springer, Heidelberg (2008)
Bringer, J., Chabanne, H., Icart, T.: Efficient Zero-Knowledge Identification Schemes which respect Privacy. In: ACM Symposium on Information, Computer and Communication Security – ASIACCS 2009, Sydney, Australia, March 2009, pp. 195–205. ACM Press, New York (2009)
Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems using the AES Algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)
Fiat, A., Shamir, A.: How To Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)
Gama, N., Nguyen, P.Q.: New Chosen-Ciphertext Attacks on NTRU. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 89–106. Springer, Heidelberg (2007)
Hein, D., Wolkerstorfer, J., Felber, N.: ECC is Ready for RFID – A Proof in Silicon. In: Conference on RFID Security, Budapest, Hungary (July 2008)
International Organization for Standardization. ISO/IEC 9798 – Information technology – Security techniques – Entity authentication (1997 – 2008)
Mathas, C.: Altera CPLDs go to the Beijing Olympics (2008), http://www.eetimes.com/showArticle.jhtml?articleID=208800197
McLoone, M., Robshaw, M.J.: Public Key Cryptography and RFID Tags. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 372–384. Springer, Heidelberg (2006)
Naccache, D.: Method, Sender Apparatus and Receiver Apparatus for Modulo Operation. European patent application no. 91402958.2 (1992)
NESSIE consortium. Portfolio of recommended cryptographic primitives. Technical report (2003)
O’Neill, M., (McLoone).: Low-Cost SHA-1 Hash Function Architecture for RFID Tags. In: Conference on RFID Security, Budapest, Hungary (July 2008)
Oren, Y., Feldhofer, M.: WIPR - a Public Key Implementation on Two Grains of Sand. In: Conference on RFID Security, Budapest, Hungary (July 2008)
Oren, Y., Feldhofer, M.: A Low-Resource Public-Key Identification Scheme for RFID Tags and Sensor Nodes. In: Proceedings of the second ACM Conference on Wireless Network Security – WiSec 2009, Zurich, Switzerland. ACM Press, New York (2009)
Rabin, M.O.: Digitalized Signatures and Public-Key Functions as Intractable as Factorization. Technical report, Massachusetts Institute of Technology, Cambridge, Massachusetts, USA (1979)
Shamir, A.: Memory Efficient Variant of Public-key Schemes for Smart Card Applications. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 445–449. Springer, Heidelberg (1995)
Tan, C.C., Sheng, B., Li, Q.: Serverless Search and Authentication Protocols for RFID. In: International Conference on Pervasive Computing and Communications – PerCom 2007, New York, USA. IEEE Computer Society Press, Los Alamitos (2007)
Wu, J., Stinson, D.: How to Improve Security and Reduce Hardware Demands of the WIPR RFID Protocol. In: IEEE International Conference on RFID – RFID 2009, Orlando, Florida, USA (April 2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Avoine, G., Lauradoux, C., Martin, T. (2009). When Compromised Readers Meet RFID. In: Youm, H.Y., Yung, M. (eds) Information Security Applications. WISA 2009. Lecture Notes in Computer Science, vol 5932. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10838-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-10838-9_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10837-2
Online ISBN: 978-3-642-10838-9
eBook Packages: Computer ScienceComputer Science (R0)