Advertisement

RFID Security pp 191-228 | Cite as

Scalability Issues in Privacy-Compliant RFID Protocols

  • Gildas Avoine

Abstract

Like all growing technologies, radio frequency identification brings along its share of security-related problems. Such problems are impersonation of tags, denial of service attacks, leakage or theft of information, malicious traceability, etc. to name a few.

To carry out her attack, an adversary can try to penetrate into the back-end database, to tamper with some tags, or she can try to eavesdrop or even modify the information exchanged between the tags and the readers. The latter approach is the one we focus on in this chapter: We address the conception of tag-reader protocols that avoid malicious traceability. Finding such a protocol is far from being an easy task, due to the weak resources available on tags. Indeed, we consider that tags are not able to use public-key cryptography. With such an assumption, protocols that resist to malicious traceability do not scale well, and so cannot be used in most of the current applications.

In what follows, we recall the basic knowledges about RFID protocols and malicious traceability. Then, we present protocols that scale well but which are not secure. We so exhibit common design-related mistakes one can encounter when analyzing RFID protocols. Next, we introduce protocols based on the well-known challenge-response scheme. We explain why they are secure, but also why they do not scale well. In the last part of this chapter, we present techniques that have been suggested to reduce the computation complexity of challenge-response-based protocols.

Keywords

Hash Function Authentication Protocol Mutual Authentication Scalability Issue International Civil Aviation Organization 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M. Aigner and M. Feldhofer. Secure symmetric authentication for RFID tags. In Telecommunication and Mobile Computing - TCMC 2005, Graz, Austria, March 2005Google Scholar
  2. 2.
    R. Anderson and M. Kuhn. Low cost attacks on tamper resistant devices. In B. Christianson, B. Crispo, M. Lomas, and M. Roe, editors, International Workshop on Security Protocols -IWSP'97, volume 1361 of Lecture Notes in Computer Science, pp. 125-136, Paris, France, April 1997, Springer, Berlin CrossRefGoogle Scholar
  3. 3.
    G. Ateniese, J. Camenisch, and B. de Medeiros. Untraceable RFID tags via insubvertible encryption. In Conference on Computer and Communications Security - CCS'05, Alexandria, Virginia, USA, November 2005, ACM, ACM Press, New York, NYGoogle Scholar
  4. 4.
    G. Avoine. Adversary model for radio frequency identification. Technical Report LASEC-REPORT-2005-001, Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC), Lausanne, Switzerland, September 2005 Google Scholar
  5. 5.
    G. Avoine. Cryptography in Radio Frequency Identification and Fair Exchange Protocols. PhD Thesis, EPFL, Lausanne, Switzerland, December 2005 Google Scholar
  6. 6.
    G. Avoine. Bibliography on Security and Privacy in RFID Systems. Available Online, 2007Google Scholar
  7. 7.
    G. Avoine and P. Oechslin. A scalable and provably secure hash based RFID protocol. In International Workshop on Pervasive Computing and Communication Security - PerSec 2005, pp. 110-114, Kauai Island, Hawaii, USA, March 2005, IEEE, IEEE Computer Society Press, Washington, DCGoogle Scholar
  8. 8.
    G. Avoine, E. Dysli, and P. Oechslin. Reducing time complexity in RFID systems. In B. Preneel and S. Tavares, editors, Selected Areas in Cryptography - SAC 2005, volume 3897 of Lecture Notes in Computer Science, pp. 291-306, Kingston, Canada, August 2005, Springer, Berlin CrossRefGoogle Scholar
  9. 9.
    G. Avoine, P. Junod, and P. Oechslin. Time-memory trade-offs: False alarm detection using checkpoints. In Progress in Cryptology - Indocrypt 2005, volume 3797 of Lecture Notes in Computer Science, pp. 183-196, Bangalore, India, December 2005, Cryptology Research Society of India, Springer, BerlinGoogle Scholar
  10. 10.
    G. Avoine, L. Butty án, T. Holczer, and I. Vajda. Group-based private authentication. In IEEE International Workshop on Trust, Security, and Privacy for Ubiquitous Computing - TSPUC, Helsinki, Finland, June 2007, IEEE, IEEE Computer Society Press,Washington, DCGoogle Scholar
  11. 11.
    L. Butty án, T. Holczer, and I. Vajda. Optimal key-trees for tree-based private authentication. In Workshop on Privacy Enhancing Technologies - PET 2006, Cambridge, United Kingdom, June 2006Google Scholar
  12. 12.
    S. Dominikus, E. Oswald, and M. Feldhofer. Symmetric authentication for RFID systems in practice. Handout of the Ecrypt Workshop on RFID and Lightweight Crypto, July 2005Google Scholar
  13. 13.
    T. Elgamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4): 469-472, July 1985 MATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    M. Feldhofer, S. Dominikus, and J.Wolkerstorfer. Strong authentication for RFID systems using the AES algorithm. In M. Joye and J.-J. Quisquater, editors, Workshop on Cryptographic Hardware and Embedded Systems - CHES 2004, volume 3156 of Lecture Notes in Computer Science, pp. 357-370, Boston, Massachusetts, USA, August 2004, IACR, Springer, Berlin Google Scholar
  15. 15.
    S. Garfinkel. Adopting fair information practices to low cost RFID systems. Ubicomp 2002 -Workshop on Socially-Informed Design of Privacy-Enhancing Solutions in Ubiquitous Computing, September 2002Google Scholar
  16. 16.
    S. Garfinkel. An RFID bill of rights. Technology Review, October 2002Google Scholar
  17. 17.
    M. Girault and D. Lefranc. Public key authentication with one (online) single addition. In M. Joye and J.-J. Quisquater, editors, Workshop on Cryptographic Hardware and Embedded Systems - CHES 2004, volume 3156 of Lecture Notes in Computer Science, pp. 413-427, Boston, Massachusetts, USA, August 2004, IACR, Springer, Berlin Google Scholar
  18. 18.
    P. Golle, M. Jakobsson, A. Juels, and P. Syverson. Universal re-encryption for mixnets. In T. Okamoto, editor, The Cryptographers' Track at the RSA Conference - CT-RSA, volume 2964 of Lecture Notes in Computer Science, pp. 163-178, San Francisco, California, USA, February 2004, Springer, Berlin Google Scholar
  19. 19.
    G. Hancke. A practical relay attack on ISO 14443 proximity cards. Manuscript, February 2005Google Scholar
  20. 20.
    G. Hancke and M. Kuhn. An RFID distance bounding protocol. In Conference on Security and Privacy for Emerging Areas in Communication Networks - SecureComm 2005, Athens, Greece, September 2005, IEEE, New York, NYGoogle Scholar
  21. 21.
    M. Hellman. A cryptanalytic time-memory trade off. IEEE Transactions on Information Theory, IT-26(4): 401-406, July 1980CrossRefMathSciNetGoogle Scholar
  22. 22.
    D. Henrici and P. Müller. Hash-based enhancement of location privacy for radiofrequency identification devices using varying identifiers. In R. Sandhu and R. Thomas, editors, International Workshop on Pervasive Computing and Communication Security - PerSec 2004, pp. 149-153, Orlando, Florida, USA, March 2004, IEEE, IEEE Computer Society Press, Washington, DC CrossRefGoogle Scholar
  23. 23.
    D. Henrici and P. Müller. Tackling security and privacy issues in radio frequency identification devices. In A. Ferscha and F. Mattern, editors, Pervasive Computing, volume 3001 of Lecture Notes in Computer Science, pp. 219-224, Vienna, Austria, April 2004, Springer, Berlin Google Scholar
  24. 24.
    ICAO DOC-9303. Machine Readable Travel Documents, Part 1, Volume 2, November 2004Google Scholar
  25. 25.
    Y. Jeongkyu. Security and privacy on authentication protocol for low-cost radio frequency identification. Master Thesis, Information and Communications University, Daejeon, Korea, December 2004 Google Scholar
  26. 26.
    A. Juels. Minimalist cryptography for low-cost RFID tags. In C. Blundo and S. Cimato, editors, International Conference on Security in Communication Networks - SCN 2004, volume 3352 of Lecture Notes in Computer Science, pp. 149-164, Amalfi, Italia, September 2004, Springer, Berlin Google Scholar
  27. 27.
    A. Juels and J. Brainard. Soft blocking: Flexible blocker tags on the cheap. In S. De Capitani di Vimercati and P. Syverson, editors, Workshop on Privacy in the Electronic Society - WPES, pp. 1-7, Washington, DC, USA, October 2004, ACM, ACM Press, New York, NY Google Scholar
  28. 28.
    A. Juels and R. Pappu. Squealing euros: Privacy protection in RFID-enabled banknotes. In R. Wright, editor, Financial Cryptography - FC'03, volume 2742 of Lecture Notes in Computer Science, pp. 103-121, Le Gosier, Guadeloupe, French West Indies, January 2003, IFCA, Springer, Berlin Google Scholar
  29. 29.
    A. Juels and S. Weis. Authenticating pervasive devices with human protocols. In V. Shoup, editor, Advances in Cryptology - CRYPTO'05, volume 3621 of Lecture Notes in Computer Science, pp. 293-308, Santa Barbara, California, USA, August 2005, IACR, Springer, New York, NY Google Scholar
  30. 30.
    A. Juels and S. Weis. Defining strong privacy for RFID. Cryptology ePrint Archive, Report 2006/137, 2006Google Scholar
  31. 31.
    A. Juels, R. Rivest, and M. Szydlo. The blocker tag: Selective blocking of RFID tags for consumer privacy. In V. Atluri, editor, Conference on Computer and Communications Security - CCS'03, pp. 103-111, Washington, DC, USA, October 2003, ACM, ACM Press, New York, NY CrossRefGoogle Scholar
  32. 32.
    G. Karjoth and P. Moskowitz. Disabling RFID tags with visible confirmation: Clipped tags are silenced. In Workshop on Privacy in the Electronic Society - WPES, Alexandria, Virginia, USA, November 2005, ACM, ACM Press, New York, NYGoogle Scholar
  33. 33.
    Z. Kfir and A. Wool. Picking virtual pockets using relay attacks on contactless smartcard systems. In Conference on Security and Privacy for Emerging Areas in Communication Networks - SecureComm 2005, Athens, Greece, September 2005, IEEE, New York, NYGoogle Scholar
  34. 34.
    T. Li and R. H. Deng. Vulnerability analysis of EMAP - an efficient RFID mutual authentication protocol. In Second International Conference on Availability, Reliability and Security -AReS 2007, Vienna, Austria, April 2007Google Scholar
  35. 35.
    D. Molnar and D. Wagner. Privacy and security in library RFID: Issues, practices, and architectures. In B. Pfitzmann and P. Liu, editors, Conference on Computer and Communications Security - CCS'04, pp. 210-219, Washington, DC, USA, October 2004, ACM, ACM Press, New York, NY CrossRefGoogle Scholar
  36. 36.
    K. Nohl and D. Evans. Quantifying information leakage in tree-based hash protocols. In Conference on Information and Communications Security - ICICS'06, volume 4307 of Lecture Notes in Computer Science, pp. 228-237, Raleigh, North Carolina, USA, December 2006, Springer, BerlinGoogle Scholar
  37. 37.
    P. Oechslin. Making a faster cryptanalytic time-memory trade-off. In D. Boneh, editor, Advances in Cryptology - CRYPTO'03, volume 2729 of Lecture Notes in Computer Science, pp. 617-630, Santa Barbara, California, USA, August 2003, IACR, Springer, Berlin Google Scholar
  38. 38.
    M. Ohkubo, K. Suzuki, and S. Kinoshita. Cryptographic approach to “privacy-friendly” tags. In RFID Privacy Workshop, November 2003, MIT, Cambridge, MA, USAGoogle Scholar
  39. 39.
    M. Ohkubo, K. Suzuki, and S. Kinoshita. Efficient hash-chain based RFID privacy protection scheme. In International Conference on Ubiquitous Computing - Ubicomp, Workshop Privacy: Current Status and Future Directions, Nottingham, England, September 2004Google Scholar
  40. 40.
    P. Peris-Lopez, J. C. Hernandez-Castro, J. Estevez-Tapiador, and A. Ribagorda. LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. Printed Handout of Workshop on RFID Security - RFIDSec 06, July 2006Google Scholar
  41. 41.
    P. Peris-Lopez, J. C. Hernandez-Castro, J. Estevez-Tapiador, and A. Ribagorda. M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In International Conference on Ubiquitous Intelligence and Computing - UIC2˘01906, volume 4159 of Lecture Notes in Computer Science, pp. 912-923, September 2006, Springer, BerlinGoogle Scholar
  42. 42.
    P. Peris-Lopez, J. C. Hernandez-Castro, J. M. Estevez-Tapiador, and A. Ribagorda. EMAP: An efficient mutual authentication protocol for low-cost RFID tags. In OTM Federated Conferences and Workshop: IS Workshop - IS'06, volume 4277 of Lecture Notes in Computer Science, pp. 352-361. November 2006, Springer, BerlinGoogle Scholar
  43. 43.
    J. Saito, J.-C. Ryou, and K. Sakurai. Enhancing privacy of universal re-encryption scheme for RFID tags. In L. Jang, M. Guo, G. Gao, and N. Jha, editors, Embedded and Ubiquitous Computing - EUC 2004, volume 3207 of Lecture Notes in Computer Science, pp. 879-890, Aizu-Wakamatsu City, Japan, August 2004, Springer, BerlinGoogle Scholar
  44. 44.
    S. Weingart. Physical security devices for computer subsystems: A survey of attacks and defenses. In C. K. Koç and C. Paar, editors, Workshop on Cryptographic Hardware and Embedded Systems - CHES 2000, volume 1965 of Lecture Notes in Computer Science, pp. 302-317, Worcester, Massachusetts, USA, August 2000, Springer, Berlin CrossRefGoogle Scholar
  45. 45.
    S. Weis, S. Sarma, R. Rivest, and D. Engels. Security and privacy aspects of low-cost radio frequency identification systems. In D. Hutter, G. Müller, W. Stephan, and M. Ullmann, editors, International Conference on Security in Pervasive Computing - SPC 2003, volume 2802 of Lecture Notes in Computer Science, pp. 454-469, Boppard, Germany, March 2003, Springer, Berlin Google Scholar
  46. 46.
    J. Yang, J. Park, H. Lee, K. Ren, and K. Kim. Mutual authentication protocol for low-cost RFID. Handout of the Ecrypt Workshop on RFID and Lightweight Crypto, July 2005Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Gildas Avoine
    • 1
  1. 1.UCLLouvain-la-NeuveBelgium

Personalised recommendations