Abstract
Massively deploying RFID systems while preserving people’s privacy and data integrity is a major security challenge of the coming years. Up to now, it was commonly believed that, due to the very limited computational resources of RFID tags, only ad hoc methods could be used to address this problem. Unfortunately, not only those methods generally provide a weak level of security and practicality, but they also require to revise the synopsis of communications between the tag and the reader. In this paper, we give evidence that highly secure solutions can be used in the RFID environment, without substantially impacting the current communication protocols, by adequately choosing and combining low-cost cryptographic algorithms. The main ingredients of our basic scheme are a probabilistic (symmetric or asymmetric) encryption function, e.g. AES, and a coupon-based signature function, e.g. GPS. We also propose a dedicated method allowing the tag to authenticate the reader, which is of independent interest. On the whole, this leads to a privacy-preserving protocol well suited for RFID tags, which is very flexible in the sense that each reader can read and process all and only all the data it is authorized to.
Chapter PDF
Similar content being viewed by others
Keywords
- Encryption Scheme
- Authentication Scheme
- Pseudo Random Number Generator
- Cryptographic Primitive
- Electronic Product Code
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Aigner, M., Feldhofer, M.: Secure symmetric authentication for rfid tags. In: Telecommunication and Mobile Computing – TCMC 2005, Graz, Austria (March 2005)
Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 255–270. Springer, Heidelberg (2000)
Avoine, G., Oechslin, P.: RFID traceability: A multilayer problem. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)
Avoine, G., Oechslin, P.: A scalable and provably secure hash based RFID protocol. In: International Workshop on Pervasive Computing and Communication Security – PerSec 2005, Kauai Island, Hawaii, USA, IEEE, March 2005, pp. 110–114. IEEE Computer Society Press, Los Alamitos (2005)
Canard, S., Girault, M.: Implementing group signatures schemes with smart cards. In: Smart Card Research and Advanced Applications V - Cardis 2002, Kluwer, Dordrecht (2002)
Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)
Feldhofer, M., Dominikux, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems Using the AES Algorithm. In: Joye, Quisquater (eds.) [12], pp. 357–370
Girault, M.: Self-Certified Public Keys. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 490–497. Springer, Heidelberg (1991)
Girault, M.: Low-Size Coupons for Low-Cost IC Cards. In: Domingo-Ferrer, J., Chan, D., Watson, A. (eds.) Cardis 2000. IFIP Conference Proceedings, vol. 180, pp. 39–50. Kluwer Academic Publishers, Dordrecht (2000)
Girault, M., Lefranc, D.: Public Key Authentication with one Single (on-line) Addition. In: Joye, Quisquater (eds.) [12], pp. 413–427
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A Ring-Based Public Key Cryptosystem. In: Abstract Compositional Analysis of Iterated Relations. LNCS, vol. 1426, pp. 267–288. Springer, Heidelberg (1998)
Joye, M., Quisquater, J. (eds.): CHES 2004. LNCS, vol. 3156. Springer, Heidelberg (2004)
Juels, A.: Minimalist Cryptography for Low-Cost RFID Tags (2003)
Juels, A., Pappu, R.: Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)
Juels, A., Rivest, R.L., Szydlo, M.: The blocker tag: selective blocking of RFID tags for consumer privacy. In: 10th ACM conference on Computer and communications security, pp. 103–111. ACM Press, New York (2003)
Juels, A., Weis, S.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)
Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Birgit Pfitzmann and Peng Liu, editors, Conference on Computer and Communications Security – ACM CCS, October 2004, pp. 210–219. ACM Press, Washington (2004)
National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard (November 2001)
Poupard, G., Stern, J.: Security Analysis of a Practical on the fly Authentication and Signature Generation. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 422–436. Springer, Heidelberg (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 IFIP International Federation for Information Processing
About this paper
Cite this paper
Calmels, B., Canard, S., Girault, M., Sibert, H. (2006). Low-Cost Cryptography for Privacy in RFID Systems. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds) Smart Card Research and Advanced Applications. CARDIS 2006. Lecture Notes in Computer Science, vol 3928. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11733447_17
Download citation
DOI: https://doi.org/10.1007/11733447_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33311-1
Online ISBN: 978-3-540-33312-8
eBook Packages: Computer ScienceComputer Science (R0)