HJM Tree for Security Analyses of Passive RFID Systems
Radio frequency identification (RFID) technology is not fundamentally new and concerns a whole range of applications. The first RFID application may have been the Royal British Air Force’s “Identify Friend or Foe” system, which was used during the Second World War to identify friendly aircraft. RFID can be applied to a variety of tasks, structures, work systems, and contexts along the value chain, including business-to-business (B-2-B) logistics, internal operations, business-toconsumer (B-2-C) marketing, and after-sales service applications [1–6]. However, the boom that RFID technology enjoys today is basically due to the standardization  and development of low cost devices.
Like every wireless device, RFID systems bring with them security and privacy issues to all those people who have been working in this area. Security issues involve classic attacks, namely denial of service, impersonation of tags, or channel eavesdropping. These attacks are rendered more practicable because of the tags’ lack of computational and storage capacity. There are many papers investigating these issues in various ways [7, 8, 10–12, 14]. Today’s challenge is to find protocols (or deployments) which allow authorized parties to identify the tags without an adversary being able to track them, thus getting to the root of the privacy problem [8, 13]. It is well known that the reason not to use well known authentication protocols is that such protocols do not preserve the privacy of the provider. Asymmetric cryptography could easily solve this problem, but it is too heavy to be implemented within a tag.
KeywordsSecurity Analysis Forward Rate Bond Price Electronic Product Code Cryptographic Operation
Unable to display preview. Download preview PDF.
- 2.Standford V (2003) Pervasive computing goes the last hundred feet with RFID systems, IEEE Perv Comp 2:2Google Scholar
- 4.Thompson CA (2004) Radio frequency tags for identifying legitimate drug products discussed by tech industry, Amer J Health-Sys Pharm 61(14): 1430–1431Google Scholar
- 5.Yang G, Jarvenpaa SI (2005) Trust and radio frequency identification (RFID) adoption within an alliance, In: Sprague R, ed Proc 38th Hawaii Intl Conf Sys Sci, Big Island, HI, January 2005, pp 855–864, IEEE Comp Soc Press, Los Alamitos, CA, USAGoogle Scholar
- 6.Bono S, Green M, Stubblefield A, Juels A, Rubin A, Szydlo M (2005) Security analysis of a cryptographically-enabled RFID device, In: 14th USENIX security symposium, pp 1–16, Baltimore, Maryland, USAGoogle Scholar
- 7.Electronic Product Code Global Inc http://www.epcglobalinc.org
- 8.Avoine G (n.d.) Security and privacy in RFID systems. Online bibliography available at http://lasecwww.epfl.ch/~gavoine/rfid/
- 9.Molnar D, Wagner D (2004) Privacy and security in library RFID: issues, practices, and architectures. In: Pfitzmann B, Liu P, ed, Conference on computer and communications security - CCS’04, pp 210–219, ACM Press, Washington, DC, USAGoogle Scholar
- 10.Golle P, Jakobsson M, Juels A, Syverson P (2004) Universal reencryption for mixnets. In: Okamoto T, ed, The Cryptographers track at the RSA conference, CT-RSA, Lecture notes in computer science, 2964:163–178, San Francisco, California, USA, Springer-VerlagGoogle Scholar
- 11.Henrico D, Muller P (2004) Tackling security and privacy issues in radio frequency identification devices. In: Ferscha A, Mattern F, ed, Pervasive computing, Lecture Notes in Computer Science 3001:219–224, Vienna Austria, Springer-VerlagGoogle Scholar
- 12.Ohkubo M, Suzuki K, Kinoshita S (2003) Cryptographic approch to “privacy-friendly” tags. In: RFID privacy workshop, MIT, Massachusetts, USAGoogle Scholar
- 14.Huang X, Sharma D (2006) Investigating security in multi-tree based technique. In:. Gabrys B, Howlett RJ, Jain LC (eds) RFID systems. KES 2006 Part III. LNAI 4253:1151–1156. Springer-Verlag, Berlin, HeidelbergGoogle Scholar
- 15.Hull J (2000) Options, futures, and other derivatives, Fifth Ed, Prentice-Hall, pp 574–577Google Scholar