Design Trade-Offs for Realistic Privacy

  • Karsten Nohl
  • David Evans


The integration of RFID technology into consumer products raises serious privacy concerns, but no privacy protection scheme that can be implemented on passive RFID tags is readily available. Existing proposals either sacrifice a core property of RFID systems, such as availability or scalability, or offer only limited privacy. The most promising approaches appear to be tree-based hash protocols, which sacrifice some privacy to maintain scalability. The amount of information that is leaked by these tree-based protocols depends on the tree setup, as well as the number and position of disclosed secrets. This leaked information is valued differently by different attackers. Some attackers aim to collect most information from many tags to build customer profiles; some need detailed information from a representative subset of tags to derive turnover rates of goods while others need very detailed information on selected tags to track individuals. Modifications of the tree protocol can improve privacy but need to be evaluated under the applicable attacker model. In this chapter, we first introduce privacy issues in RFID systems and techniques for measuring achieved privacy. Then, we describe protocols designed to enhance privacy and evaluate their effectiveness against different types of attackers. We find that some measures such as pseudonyms and periodic key updates improve privacy against some attackers, while hurting privacy against other attackers. Some measures such as restructuring the tree improve privacy against all attackers but incur additional computational cost for the legitimate reader. To find the best privacy protocol for a known attacker all available trade-offs should be considered.


Privacy Protection Hash Chain Strong Privacy Legitimate Reader Probabilistic Privacy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Wolkerstorfer, J. Is Elliptic-Curve Cryptography Suitable to Secure RFID Tags?. Workshop on RFID and Lightweight Crypto, 2005Google Scholar
  2. 2.
    Fabian, B., Guenther, O. and Spiekermann, S. Security Analysis of the Object Name Service for RFID. International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2005Google Scholar
  3. 3.
    Bauer, M., Fabian, B., Fischmann, M. and Gurses, S. Emerging Markets for RFID Traces., 2006Google Scholar
  4. 4.
    Odlyzko, A. Privacy, Economics, and Price Discrimination on the Internet. International Conference on Electronic Commerce, 2003Google Scholar
  5. 5.
    Juels, A. RFID Security and Privacy: A research Survey. Manuscript, 2005Google Scholar
  6. 6.
    Juels, A. and Weis, S. Defining Strong Privacy for RFID. Cryptology ePrint Archive, 2006Google Scholar
  7. 7.
    Nohl, K. and Evans, D. Quantifying Information Leakage in Tree-Based Hash Protocols. Conference on Information and Communications Security, 2006Google Scholar
  8. 8.
    Weis, S., Sarma, S., Rivest, R. and Engels, D. Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. International Conference on Security in Pervasive Computing, 2003Google Scholar
  9. 9.
    Ohkubo, M., Suzuki, K. and Kinoshita, S. Cryptographic Approach to “Privacy-Friendly” Tags. RFID Privacy Workshop, 2003Google Scholar
  10. 10.
    Zhai, J., Mok-Park, C. and Wang, G.-N. Hash-Based RFID Security Protocol Using Randomly Key-Changed Identification Procedure. International Conference on Computational Science and its Applications, 2006Google Scholar
  11. 11.
    Rieback, M., Crispo, B. and Tanenbaum, A. RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management. Australasian Conference on Information Security and Privacy, 2005Google Scholar
  12. 12.
    Molnar, D. and Wagner, D. Privacy and Security in Library RFID: Issues, Practices, and Architectures. ACM CCS, 2004Google Scholar
  13. 13.
    Damgard, I. and Østergaard, M. RFID Security: Tradeoffs between Security and Efficiency. Cryptology ePrint Archive, 2006Google Scholar
  14. 14.
    Buttyan, L., Holczer, T. and Vajda, I. Optimal Key-Trees for Tree-Based Private Authentication. Workshop on Privacy Enhancing Technologies, 2006Google Scholar
  15. 15.
    Avoine, G. and Oechslin, P. RFID Traceability: A Multilayer Problem. Financial Cryptography, 2005Google Scholar
  16. 16.
    Nohara, Y., Inoue, S., Baba, K. and Yasuura, H. Quantitative Evaluation of Unlinkable ID atching Schemes. Workshop on Privacy in the Electronic Society, 2006Google Scholar
  17. 17.
    Cate, F. and Staten, M. The Value of Information-Sharing. Council of Better Business Bureau White Paper, 2000Google Scholar
  18. 18.
    Lim, C.H. and Kwon, T. Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer. Conference on Information and Communications Security, 2006Google Scholar
  19. 19.
    Molnar, D., Soppera, A. and Wagner, D. A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags. Selected Areas in Cryptography, 2005Google Scholar
  20. 20.
    Staake, T., Thiesse, F. and Fleisch, E. Extending the EPC Network - The Potential of RFID in Anti-Counterfeiting. Symposium on Applied Computing, 2005Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Karsten Nohl
    • 1
  • David Evans
  1. 1.University of VirginiaCharlottesvilleUSA

Personalised recommendations