Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security and Trust Management

STM 2010: Security and Trust Management pp 239–254Cite as

Extending an RFID Security and Privacy Model by Considering Forward Untraceability

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6710))

Abstract

There are numerous works on the privacy and the security problems for RFID systems. However, many of them have failed due to the lack of formal security proof. In the literature, there are a few formal models that consider forward untraceability. In ASIACRYPT 2007, Vaudenay presented an new security and privacy model for RFID that combines early models to more understandable one. In this paper, we revisit Vaudenay’s model and modify it by considering the notion of forward untraceability. Our modification considers all message flows between RFID reader and tags before and after compromising secrets of tag. We analyze some RFID schemes claiming to provide forward untraceability and resistance to server impersonation. For each scheme, we exhibit attacks in which a strong adversary can trace the future interactions of the tag and impersonate the valid server to the tag. Further, we show that a previously proposed attack claiming to violate forward untraceability of an existing RFID scheme does not violate forward untraceability.

This work has been partially funded by FP7-Project ICE under the grant agreement number 206546.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ahson, S., Ilyas, M.: RFID Handbook: Applications, Technology, Security, and Privacy. CRC Press, Boca Raton (2008)

    Book  Google Scholar 

  2. Avoine, G.: Adversarial Model for Radio Frequency Identification. Cryptology ePrint Archive, Report 2005/049 (2005), http://eprint.iacr.org/

  3. Avoine, G., Coisel, I., Martin, T.: Time Measurement Threatens Privacy-Friendly RFID Authentication Protocols. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 146–165. Springer, Heidelberg (2010)

    Google Scholar 

  4. Cai, S., Li, Y., Li, T., Deng, R.H.: Attacks and improvements to an RFID mutual authentication protocol and its extensions. In: WiSec 2009: Proceedings of the second ACM conference on Wireless network security, pp. 51–58. ACM, New York (2009)

    Chapter  Google Scholar 

  5. Cole, P.H., Ranasinghe, D.C.: Networked RFID Systems and Lightweight Cryptography. Springer, Heidelberg (2008)

    Book  Google Scholar 

  6. Garfinkel, S., Rosenberg, B.: RFID: Applications, Security, and Privacy. Addison-Wesley, Reading (2005)

    Google Scholar 

  7. Juels, A., Weis, S.: Defining Strong Privacy for RFID. In: International Conference on Pervasive Computing and Communications – PerCom 2007, pp. 342–347. IEEE Computer Society Press, New York (2007)

    Google Scholar 

  8. Lim, C.H., Kwon, T.: Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  9. Okhubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In: RFID Privacy Workshop. MIT, Massachusetts (2003)

    Google Scholar 

  10. Ouafi, K., Phan, R.C.W.: Privacy of Recent RFID Authentication Protocols. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 263–277. Springer, Heidelberg (2008)

    Google Scholar 

  11. Ouafi, K., Phan, R.C.W.: Traceable Privacy of Recent Provably-Secure RFID Protocols. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 479–489. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  12. Paise, R.I., Vaudenay, S.: Mutual Authentication in RFID: Security and Privacy. In: Proceedings of the 3rd ACM Symposium on Information, Computer and Communications Security – ASIACCS 2008, pp. 292–299. ACM Press, Tokyo (2008)

    Chapter  Google Scholar 

  13. Song, B., Mitchell, C.J.: RFID authentication protocol for low-cost tags. In: WiSec 2008: Proceedings of the first ACM conference on Wireless network security, pp. 140–147. ACM, New York (2008)

    Google Scholar 

  14. Thornton, F., Hanies, B., Das, A.M., Bhargava, H., Campbell, A., Kleinschmidt, J.: RFID Security. Syngress (2006)

    Google Scholar 

  15. van Deursen, T., Radomirović, S.: Attacks on RFID Protocols. Cryptology ePrint Archive, Report 2008/310 (2008)

    Google Scholar 

  16. Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Tübitak UEKAE, 41470, Kocaeli, Turkey

    Mete Akgün

  2. Computer Engineering Department, Boǧaziçi University, İstanbul, Turkey

    Mete Akgün & Mehmet Ufuk Çaǧlayan

Authors
  1. Mete Akgün
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mehmet Ufuk Çaǧlayan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Siemens AG - Corporate Technology, Otto-Hahn-Ring 6, 81730, München, Germany

    Jorge Cuellar

  2. Computer Science Department, E.T.S. Ingenieria Informatica, University of Malaga, Campus de Teatinos, 29170, Malaga, Spain

    Javier Lopez

  3. Facultad de Informatica (UPM), Fundación IMDEA Software, Campus Montegancedo, 28660 Boadilla del Monte, Madrid, Spain

    Gilles Barthe

  4. Certifiable Trustworthy IT Systems, Karlsruhe Institute of Technology (KIT), Am Fasanengarten 5, 76131, Karlsruhe, Germany

    Alexander Pretschner

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Akgün, M., Çaǧlayan, M.U. (2011). Extending an RFID Security and Privacy Model by Considering Forward Untraceability. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds) Security and Trust Management. STM 2010. Lecture Notes in Computer Science, vol 6710. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22444-7_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22444-7_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22443-0

  • Online ISBN: 978-3-642-22444-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation