Skip to main content
SpringerLink
Log in

Scalability Issues in Privacy-Compliant RFID Protocols

  • Chapter
RFID Security

Abstract

Like all growing technologies, radio frequency identification brings along its share of security-related problems. Such problems are impersonation of tags, denial of service attacks, leakage or theft of information, malicious traceability, etc. to name a few.

To carry out her attack, an adversary can try to penetrate into the back-end database, to tamper with some tags, or she can try to eavesdrop or even modify the information exchanged between the tags and the readers. The latter approach is the one we focus on in this chapter: We address the conception of tag-reader protocols that avoid malicious traceability. Finding such a protocol is far from being an easy task, due to the weak resources available on tags. Indeed, we consider that tags are not able to use public-key cryptography. With such an assumption, protocols that resist to malicious traceability do not scale well, and so cannot be used in most of the current applications.

In what follows, we recall the basic knowledges about RFID protocols and malicious traceability. Then, we present protocols that scale well but which are not secure. We so exhibit common design-related mistakes one can encounter when analyzing RFID protocols. Next, we introduce protocols based on the well-known challenge-response scheme. We explain why they are secure, but also why they do not scale well. In the last part of this chapter, we present techniques that have been suggested to reduce the computation complexity of challenge-response-based protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Aigner and M. Feldhofer. Secure symmetric authentication for RFID tags. In Telecommunication and Mobile Computing - TCMC 2005, Graz, Austria, March 2005

    Google Scholar 

  2. R. Anderson and M. Kuhn. Low cost attacks on tamper resistant devices. In B. Christianson, B. Crispo, M. Lomas, and M. Roe, editors, International Workshop on Security Protocols -IWSP'97, volume 1361 of Lecture Notes in Computer Science, pp. 125-136, Paris, France, April 1997, Springer, Berlin

    Chapter  Google Scholar 

  3. G. Ateniese, J. Camenisch, and B. de Medeiros. Untraceable RFID tags via insubvertible encryption. In Conference on Computer and Communications Security - CCS'05, Alexandria, Virginia, USA, November 2005, ACM, ACM Press, New York, NY

    Google Scholar 

  4. G. Avoine. Adversary model for radio frequency identification. Technical Report LASEC-REPORT-2005-001, Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC), Lausanne, Switzerland, September 2005

    Google Scholar 

  5. G. Avoine. Cryptography in Radio Frequency Identification and Fair Exchange Protocols. PhD Thesis, EPFL, Lausanne, Switzerland, December 2005

    Google Scholar 

  6. G. Avoine. Bibliography on Security and Privacy in RFID Systems. Available Online, 2007

    Google Scholar 

  7. G. Avoine and P. Oechslin. A scalable and provably secure hash based RFID protocol. In International Workshop on Pervasive Computing and Communication Security - PerSec 2005, pp. 110-114, Kauai Island, Hawaii, USA, March 2005, IEEE, IEEE Computer Society Press, Washington, DC

    Google Scholar 

  8. G. Avoine, E. Dysli, and P. Oechslin. Reducing time complexity in RFID systems. In B. Preneel and S. Tavares, editors, Selected Areas in Cryptography - SAC 2005, volume 3897 of Lecture Notes in Computer Science, pp. 291-306, Kingston, Canada, August 2005, Springer, Berlin

    Chapter  Google Scholar 

  9. G. Avoine, P. Junod, and P. Oechslin. Time-memory trade-offs: False alarm detection using checkpoints. In Progress in Cryptology - Indocrypt 2005, volume 3797 of Lecture Notes in Computer Science, pp. 183-196, Bangalore, India, December 2005, Cryptology Research Society of India, Springer, Berlin

    Google Scholar 

  10. G. Avoine, L. Butty án, T. Holczer, and I. Vajda. Group-based private authentication. In IEEE International Workshop on Trust, Security, and Privacy for Ubiquitous Computing - TSPUC, Helsinki, Finland, June 2007, IEEE, IEEE Computer Society Press,Washington, DC

    Google Scholar 

  11. L. Butty án, T. Holczer, and I. Vajda. Optimal key-trees for tree-based private authentication. In Workshop on Privacy Enhancing Technologies - PET 2006, Cambridge, United Kingdom, June 2006

    Google Scholar 

  12. S. Dominikus, E. Oswald, and M. Feldhofer. Symmetric authentication for RFID systems in practice. Handout of the Ecrypt Workshop on RFID and Lightweight Crypto, July 2005

    Google Scholar 

  13. T. Elgamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4): 469-472, July 1985

    Article  MATH  MathSciNet  Google Scholar 

  14. M. Feldhofer, S. Dominikus, and J.Wolkerstorfer. Strong authentication for RFID systems using the AES algorithm. In M. Joye and J.-J. Quisquater, editors, Workshop on Cryptographic Hardware and Embedded Systems - CHES 2004, volume 3156 of Lecture Notes in Computer Science, pp. 357-370, Boston, Massachusetts, USA, August 2004, IACR, Springer, Berlin

    Google Scholar 

  15. S. Garfinkel. Adopting fair information practices to low cost RFID systems. Ubicomp 2002 -Workshop on Socially-Informed Design of Privacy-Enhancing Solutions in Ubiquitous Computing, September 2002

    Google Scholar 

  16. S. Garfinkel. An RFID bill of rights. Technology Review, October 2002

    Google Scholar 

  17. M. Girault and D. Lefranc. Public key authentication with one (online) single addition. In M. Joye and J.-J. Quisquater, editors, Workshop on Cryptographic Hardware and Embedded Systems - CHES 2004, volume 3156 of Lecture Notes in Computer Science, pp. 413-427, Boston, Massachusetts, USA, August 2004, IACR, Springer, Berlin

    Google Scholar 

  18. P. Golle, M. Jakobsson, A. Juels, and P. Syverson. Universal re-encryption for mixnets. In T. Okamoto, editor, The Cryptographers' Track at the RSA Conference - CT-RSA, volume 2964 of Lecture Notes in Computer Science, pp. 163-178, San Francisco, California, USA, February 2004, Springer, Berlin

    Google Scholar 

  19. G. Hancke. A practical relay attack on ISO 14443 proximity cards. Manuscript, February 2005

    Google Scholar 

  20. G. Hancke and M. Kuhn. An RFID distance bounding protocol. In Conference on Security and Privacy for Emerging Areas in Communication Networks - SecureComm 2005, Athens, Greece, September 2005, IEEE, New York, NY

    Google Scholar 

  21. M. Hellman. A cryptanalytic time-memory trade off. IEEE Transactions on Information Theory, IT-26(4): 401-406, July 1980

    Article  MathSciNet  Google Scholar 

  22. D. Henrici and P. Müller. Hash-based enhancement of location privacy for radiofrequency identification devices using varying identifiers. In R. Sandhu and R. Thomas, editors, International Workshop on Pervasive Computing and Communication Security - PerSec 2004, pp. 149-153, Orlando, Florida, USA, March 2004, IEEE, IEEE Computer Society Press, Washington, DC

    Chapter  Google Scholar 

  23. D. Henrici and P. Müller. Tackling security and privacy issues in radio frequency identification devices. In A. Ferscha and F. Mattern, editors, Pervasive Computing, volume 3001 of Lecture Notes in Computer Science, pp. 219-224, Vienna, Austria, April 2004, Springer, Berlin

    Google Scholar 

  24. ICAO DOC-9303. Machine Readable Travel Documents, Part 1, Volume 2, November 2004

    Google Scholar 

  25. Y. Jeongkyu. Security and privacy on authentication protocol for low-cost radio frequency identification. Master Thesis, Information and Communications University, Daejeon, Korea, December 2004

    Google Scholar 

  26. A. Juels. Minimalist cryptography for low-cost RFID tags. In C. Blundo and S. Cimato, editors, International Conference on Security in Communication Networks - SCN 2004, volume 3352 of Lecture Notes in Computer Science, pp. 149-164, Amalfi, Italia, September 2004, Springer, Berlin

    Google Scholar 

  27. A. Juels and J. Brainard. Soft blocking: Flexible blocker tags on the cheap. In S. De Capitani di Vimercati and P. Syverson, editors, Workshop on Privacy in the Electronic Society - WPES, pp. 1-7, Washington, DC, USA, October 2004, ACM, ACM Press, New York, NY

    Google Scholar 

  28. A. Juels and R. Pappu. Squealing euros: Privacy protection in RFID-enabled banknotes. In R. Wright, editor, Financial Cryptography - FC'03, volume 2742 of Lecture Notes in Computer Science, pp. 103-121, Le Gosier, Guadeloupe, French West Indies, January 2003, IFCA, Springer, Berlin

    Google Scholar 

  29. A. Juels and S. Weis. Authenticating pervasive devices with human protocols. In V. Shoup, editor, Advances in Cryptology - CRYPTO'05, volume 3621 of Lecture Notes in Computer Science, pp. 293-308, Santa Barbara, California, USA, August 2005, IACR, Springer, New York, NY

    Google Scholar 

  30. A. Juels and S. Weis. Defining strong privacy for RFID. Cryptology ePrint Archive, Report 2006/137, 2006

    Google Scholar 

  31. A. Juels, R. Rivest, and M. Szydlo. The blocker tag: Selective blocking of RFID tags for consumer privacy. In V. Atluri, editor, Conference on Computer and Communications Security - CCS'03, pp. 103-111, Washington, DC, USA, October 2003, ACM, ACM Press, New York, NY

    Chapter  Google Scholar 

  32. G. Karjoth and P. Moskowitz. Disabling RFID tags with visible confirmation: Clipped tags are silenced. In Workshop on Privacy in the Electronic Society - WPES, Alexandria, Virginia, USA, November 2005, ACM, ACM Press, New York, NY

    Google Scholar 

  33. Z. Kfir and A. Wool. Picking virtual pockets using relay attacks on contactless smartcard systems. In Conference on Security and Privacy for Emerging Areas in Communication Networks - SecureComm 2005, Athens, Greece, September 2005, IEEE, New York, NY

    Google Scholar 

  34. T. Li and R. H. Deng. Vulnerability analysis of EMAP - an efficient RFID mutual authentication protocol. In Second International Conference on Availability, Reliability and Security -AReS 2007, Vienna, Austria, April 2007

    Google Scholar 

  35. D. Molnar and D. Wagner. Privacy and security in library RFID: Issues, practices, and architectures. In B. Pfitzmann and P. Liu, editors, Conference on Computer and Communications Security - CCS'04, pp. 210-219, Washington, DC, USA, October 2004, ACM, ACM Press, New York, NY

    Chapter  Google Scholar 

  36. K. Nohl and D. Evans. Quantifying information leakage in tree-based hash protocols. In Conference on Information and Communications Security - ICICS'06, volume 4307 of Lecture Notes in Computer Science, pp. 228-237, Raleigh, North Carolina, USA, December 2006, Springer, Berlin

    Google Scholar 

  37. P. Oechslin. Making a faster cryptanalytic time-memory trade-off. In D. Boneh, editor, Advances in Cryptology - CRYPTO'03, volume 2729 of Lecture Notes in Computer Science, pp. 617-630, Santa Barbara, California, USA, August 2003, IACR, Springer, Berlin

    Google Scholar 

  38. M. Ohkubo, K. Suzuki, and S. Kinoshita. Cryptographic approach to “privacy-friendly” tags. In RFID Privacy Workshop, November 2003, MIT, Cambridge, MA, USA

    Google Scholar 

  39. M. Ohkubo, K. Suzuki, and S. Kinoshita. Efficient hash-chain based RFID privacy protection scheme. In International Conference on Ubiquitous Computing - Ubicomp, Workshop Privacy: Current Status and Future Directions, Nottingham, England, September 2004

    Google Scholar 

  40. P. Peris-Lopez, J. C. Hernandez-Castro, J. Estevez-Tapiador, and A. Ribagorda. LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. Printed Handout of Workshop on RFID Security - RFIDSec 06, July 2006

    Google Scholar 

  41. P. Peris-Lopez, J. C. Hernandez-Castro, J. Estevez-Tapiador, and A. Ribagorda. M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In International Conference on Ubiquitous Intelligence and Computing - UIC2˘01906, volume 4159 of Lecture Notes in Computer Science, pp. 912-923, September 2006, Springer, Berlin

    Google Scholar 

  42. P. Peris-Lopez, J. C. Hernandez-Castro, J. M. Estevez-Tapiador, and A. Ribagorda. EMAP: An efficient mutual authentication protocol for low-cost RFID tags. In OTM Federated Conferences and Workshop: IS Workshop - IS'06, volume 4277 of Lecture Notes in Computer Science, pp. 352-361. November 2006, Springer, Berlin

    Google Scholar 

  43. J. Saito, J.-C. Ryou, and K. Sakurai. Enhancing privacy of universal re-encryption scheme for RFID tags. In L. Jang, M. Guo, G. Gao, and N. Jha, editors, Embedded and Ubiquitous Computing - EUC 2004, volume 3207 of Lecture Notes in Computer Science, pp. 879-890, Aizu-Wakamatsu City, Japan, August 2004, Springer, Berlin

    Google Scholar 

  44. S. Weingart. Physical security devices for computer subsystems: A survey of attacks and defenses. In C. K. Koç and C. Paar, editors, Workshop on Cryptographic Hardware and Embedded Systems - CHES 2000, volume 1965 of Lecture Notes in Computer Science, pp. 302-317, Worcester, Massachusetts, USA, August 2000, Springer, Berlin

    Chapter  Google Scholar 

  45. S. Weis, S. Sarma, R. Rivest, and D. Engels. Security and privacy aspects of low-cost radio frequency identification systems. In D. Hutter, G. Müller, W. Stephan, and M. Ullmann, editors, International Conference on Security in Pervasive Computing - SPC 2003, volume 2802 of Lecture Notes in Computer Science, pp. 454-469, Boppard, Germany, March 2003, Springer, Berlin

    Google Scholar 

  46. J. Yang, J. Park, H. Lee, K. Ren, and K. Kim. Mutual authentication protocol for low-cost RFID. Handout of the Ecrypt Workshop on RFID and Lightweight Crypto, July 2005

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. UCL, Louvain-la-Neuve, Belgium

    Gildas Avoine

Authors
  1. Gildas Avoine
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Science & Technology Computer Science, Hellenic Open University, Tsamadou 13-15, 262 22, Patras, Greece

    Paris Kitsos

  2. Simula Research Laboratory, Martin Linges v 17, Fornebu, P.O. Box 134, 1325, Lysaker, Norway

    Yan Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer Science+Business Media, LLC

About this chapter

Cite this chapter

Avoine, G. (2008). Scalability Issues in Privacy-Compliant RFID Protocols. In: Kitsos, P., Zhang, Y. (eds) RFID Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-76481-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-76481-8_9

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-76480-1

  • Online ISBN: 978-0-387-76481-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation