Advertisement

New Security Problem in RFID Systems “Tag Killing”

  • Dong-Guk Han
  • Tsuyoshi Takagi
  • Ho Won Kim
  • Kyo Il Chung
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3982)

Abstract

Radio frequency identification systems based on low-cost computing devices is the new plaything that every company would like to adopt. The biggest challenge for RFID technology is to provide benefits without threatening the privacy of consumers. Using cryptographic primitives to thwart RFID security problems is an approach which has been explored for several years. In this paper, we introduce a new security problem called as “Tag Killing” which aims to wipe out the functioning of the system, e.g., denial of service attacks. We analyze several well-known RFID protocols which are considered as good solutions with “Tag Killing” adversary model and we show that most of them have weaknesses and are vulnerable to it.

Keywords

Radio frequency identification (RFID) privacy security hash chain challenge-response 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Avoine, G.: Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049. Referenced (2005), http://eprint.iacr.org
  2. 2.
    Avoine, G., Dysli, E., Oechslin, P.: Reducing time complexity in RFID systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Avoine, G., Oechslin, P.: RFID traceability: A multilayer problem. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal reencryption for mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Hellman, M.: A cryptanalytic time-memory tradeoff. IEEE Transactions on Information Theory IT-26, 401–406 (1980)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: Workshop on Pervasive Computing and Communications Security (PerSec 2004), pp. 149–153. IEEE Computer Society, Los Alamitos (2004)CrossRefGoogle Scholar
  8. 8.
    Juels, A.: Minimalist cryptography for low-cost RFID tags (Extended abstract). In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Juels, A., Pappu, R.: Squealing euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Juels, A., Rivest, R.L., Szydlo, M.: The blocker tag: Selective blocking of RFID tags for consumer privacy. In: 8th ACM Conference on Computer and Communications Security, pp. 103–111. ACM Press, New York (2003)CrossRefGoogle Scholar
  11. 11.
    Kang, J., Nyang, D.: RFID authentication protocol with strong resistance against traceability and denial of service attacks. In: Molva, R., Tsudik, G., Westhoff, D. (eds.) ESAS 2005. LNCS, vol. 3813, pp. 164–175. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    mCloak: Personal corporate management of wireless devices and technology, Product description (2003), www.mobilecloak.com
  13. 13.
    Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: ACM Conference on Communications and Computer Security, pp. 210–219. ACM Press, New York (2004)Google Scholar
  14. 14.
    Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In: RFID Privacy Workshop. MIT, USA (2003)Google Scholar
  15. 15.
    Rieback, M., Crispo, B., Tanenbaum, A.: RFID guardian: A battery-powered mobile device for RFID privacy management. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 184–194. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
  17. 17.
    Rhee, K., Kwak, J., Kim, S., Won, D.: Challenge-response based RFID authentication protocol for distributed database environment. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 70–84. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Saito, J., Ryou, J.-C., Sakurai, K.: Enhancing privacy of universal re-encryption scheme for RFID tags. In: Yang, L.T., Guo, M., Gao, G.R., Jha, N.K. (eds.) EUC 2004. LNCS, vol. 3207, pp. 879–890. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Sarma, S.E., Weis, S.A., Engels, D.W.: Radio-frequency identification systems. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 454–469. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Weingart, S.H.: Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defences. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 302–317. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  21. 21.
    Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Yeo, S.S., Kim, S.K.: Scalable and Flexible Privacy Protection Scheme for RFID Systems. In: 2nd European Workshop on Security in Ad-Hoc and Sensor Networks, ESAS 2005 (2005) (to be appeared)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Dong-Guk Han
    • 1
  • Tsuyoshi Takagi
    • 2
  • Ho Won Kim
    • 3
  • Kyo Il Chung
    • 3
  1. 1.Center for Information and Security Technologies(CIST)Korea UniversitySeoulKorea
  2. 2.Future University-HakodateJapan
  3. 3.Electronics and Telecommunications Research Institute(ETRI)Korea

Personalised recommendations