Abstract
Even though RFID technology has expanded enormously, this expansion has been hindered by privacy concerns. In order to prevent an adversary from tracking RFID tags and thus breaking location privacy, tags have to update their internal state with every authentication attempt. Although this technique solves the privacy problem, it has the side effect that tags and back office might desynchronize. This desynchronization can be caused by physical conditions or by adversarial intervention. If we look at consumer product identification, RFID labels and barcodes are bound to coexist for quite some time. In this paper we exploit this coexistence to reduce the workload at the reader/backoffice and allow re-synchronization. Concretely, we propose an authentication protocol that achieves correctness, forward-privacy under mild additional assumptions and synchronization in the random oracle model.
Partially supported by the research program Sentinels ( www.sentinels.nl ), project PEARL (7639). Sentinels is being financed by Technology Foundation STW, the Netherlands Organization for Scientific Research (NWO), and the Dutch Ministry of Economic Affairs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Avoine, G., Oechslin, P.: A scalable and provably secure hash based RFID protocol. In: International Workshop on Pervasive Computing and Communication Security, PerSec 2005, pp. 110–114 (2005)
Attaran, M.: RFID: an enabler of supply chain operations. Supply Chain Management: An International Journal 12(4), 249–257 (2007)
Avoine, G.: Adversary Model for Radio Frequency Identification. Technical Report LASEC-REPORT-2005-001, Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC), Lausanne, Switzerland (September 2005)
Berbain, C., Billet, O., Etrog, J., Gilbert, H.: An efficient forward private RFID protocol. In: Proceedings of the 16th ACM conference on Computer and communications security,CCS 2009, pp. 43–53. ACM Press, New York (2009)
Brusó, M., Chatzikokolakis, K., den Hartog, J.: Formal verification of privacy for RFID systems. In: Proceedings of the 23nd IEEE Computer Security Foundations Symposium (2010)
Burmester, M., de Medeiros, B., Motta, R.: Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries. Journal of Applied Cryptography 1(2), 79–90 (2008)
Canard, S., Coisel, I.: Data synchronization in privacy-preserving RFID authentication schemes. In: Conference on RFID Security (2008)
Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, pp. 59–66 (2005)
Garcia, F., van Rossum, P.: Modeling privacy for off-line RFID systems. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 194–208. Springer, Heidelberg (2010)
Juels, A.: RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communications 24(2), 381–394 (2006)
Juels, A., Weis, S.: Authenticating Pervasive Devices with Human Protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)
Juels, A., Weis, S.A.: Defining strong privacy for RFID. ACM Transactions on Information and System Security (TISSEC) 13(1), 1–23 (2009)
Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Proceedings of the 11th ACM conference on Computer and Communications Security, pp. 210–219. ACM, New York (2004)
Ng, C.Y., Susilo, W., Mu, Y., Safavi-Naini, R.: New Privacy Results on Synchronized RFID Authentication Protocols against Tag Tracing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, p. 321. Springer, Heidelberg (2009)
Ohkubo, M., Suzuki, K., Kinoshita, S., et al.: Cryptographic approach to privacy-friendly tags. In: RFID Privacy Workshop, Citeseer, vol. 82 (2003)
Tsudik, G.: YA-TRAP: Yet Another Trivial RFID Authentication Protocol. In: International Conference on Pervasive Computing and Communications, PerCom 2006, Pisa, Italy. IEEE Computer Society Press, Los Alamitos (March 2006)
Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Wanga, S.W., Chenb, W.H., Onga, C.S., Liuc, L., Chuangb, Y.W.: RFID applications in hospitals: a case study on a demonstration RFID project in a Taiwan hospital. Hospitals 8, 33 (2007)
Wu, N.C., Nystrom, M.A., Lin, T.R., Yu, H.C.: Challenges to global RFID adoption. Technovation 26(12), 1317–1323 (2006)
Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
de Koning Gans, G., Garcia, F.D. (2010). Towards a Practical Solution to the RFID Desynchronization Problem. In: Ors Yalcin, S.B. (eds) Radio Frequency Identification: Security and Privacy Issues. RFIDSec 2010. Lecture Notes in Computer Science, vol 6370. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16822-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-16822-2_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16821-5
Online ISBN: 978-3-642-16822-2
eBook Packages: Computer ScienceComputer Science (R0)