Abstract
There are numerous works on the privacy and the security problems for RFID systems. However, many of them have failed due to the lack of formal security proof. In the literature, there are a few formal models that consider forward untraceability. In ASIACRYPT 2007, Vaudenay presented an new security and privacy model for RFID that combines early models to more understandable one. In this paper, we revisit Vaudenay’s model and modify it by considering the notion of forward untraceability. Our modification considers all message flows between RFID reader and tags before and after compromising secrets of tag. We analyze some RFID schemes claiming to provide forward untraceability and resistance to server impersonation. For each scheme, we exhibit attacks in which a strong adversary can trace the future interactions of the tag and impersonate the valid server to the tag. Further, we show that a previously proposed attack claiming to violate forward untraceability of an existing RFID scheme does not violate forward untraceability.
This work has been partially funded by FP7-Project ICE under the grant agreement number 206546.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ahson, S., Ilyas, M.: RFID Handbook: Applications, Technology, Security, and Privacy. CRC Press, Boca Raton (2008)
Avoine, G.: Adversarial Model for Radio Frequency Identification. Cryptology ePrint Archive, Report 2005/049 (2005), http://eprint.iacr.org/
Avoine, G., Coisel, I., Martin, T.: Time Measurement Threatens Privacy-Friendly RFID Authentication Protocols. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 146–165. Springer, Heidelberg (2010)
Cai, S., Li, Y., Li, T., Deng, R.H.: Attacks and improvements to an RFID mutual authentication protocol and its extensions. In: WiSec 2009: Proceedings of the second ACM conference on Wireless network security, pp. 51–58. ACM, New York (2009)
Cole, P.H., Ranasinghe, D.C.: Networked RFID Systems and Lightweight Cryptography. Springer, Heidelberg (2008)
Garfinkel, S., Rosenberg, B.: RFID: Applications, Security, and Privacy. Addison-Wesley, Reading (2005)
Juels, A., Weis, S.: Defining Strong Privacy for RFID. In: International Conference on Pervasive Computing and Communications – PerCom 2007, pp. 342–347. IEEE Computer Society Press, New York (2007)
Lim, C.H., Kwon, T.: Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)
Okhubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In: RFID Privacy Workshop. MIT, Massachusetts (2003)
Ouafi, K., Phan, R.C.W.: Privacy of Recent RFID Authentication Protocols. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 263–277. Springer, Heidelberg (2008)
Ouafi, K., Phan, R.C.W.: Traceable Privacy of Recent Provably-Secure RFID Protocols. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 479–489. Springer, Heidelberg (2008)
Paise, R.I., Vaudenay, S.: Mutual Authentication in RFID: Security and Privacy. In: Proceedings of the 3rd ACM Symposium on Information, Computer and Communications Security – ASIACCS 2008, pp. 292–299. ACM Press, Tokyo (2008)
Song, B., Mitchell, C.J.: RFID authentication protocol for low-cost tags. In: WiSec 2008: Proceedings of the first ACM conference on Wireless network security, pp. 140–147. ACM, New York (2008)
Thornton, F., Hanies, B., Das, A.M., Bhargava, H., Campbell, A., Kleinschmidt, J.: RFID Security. Syngress (2006)
van Deursen, T., Radomirović, S.: Attacks on RFID Protocols. Cryptology ePrint Archive, Report 2008/310 (2008)
Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Akgün, M., Çaǧlayan, M.U. (2011). Extending an RFID Security and Privacy Model by Considering Forward Untraceability. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds) Security and Trust Management. STM 2010. Lecture Notes in Computer Science, vol 6710. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22444-7_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-22444-7_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22443-0
Online ISBN: 978-3-642-22444-7
eBook Packages: Computer ScienceComputer Science (R0)