A New Unpredictability-Based RFID Privacy Model

  • Anjia Yang
  • Yunhui Zhuang
  • Duncan S. Wong
  • Guomin Yang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7873)


Ind-privacy and unp-privacy, later refined to unp*-privacy, are two different classes of privacy models for RFID authentication protocols. These models have captured the major anonymity and untraceability related attacks regarding RFID authentication protocols with privacy, and existing work indicates that unp*-privacy seems to be a stronger notion when compared with ind-privacy. In this paper, we continue studying the RFID privacy models, and there are two folds regarding our results. First of all, we describe a new traceability attack and show that schemes proven secure in unp*-privacy may not be secure against this new and practical type of traceability attacks. We then propose a new unpredictability-based privacy model to capture this new type of attacks. Secondly, we show that this new model, where we called it the unp τ -privacy, is stronger than both unp*-privacy and ind-privacy.


RFID privacy models mutual authentication protocol 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Avoine, G.: Adversarial model for radion frequency identification. Cryptology ePrint Archive, Report 2005/049 (2005),
  2. 2.
    Burmester, M., Le, T.V., de Medeiros, B., Tsudik, G.: Universally composable RFID identification and authentication protocols. ACM TISSEC 2009 12(4) (2009)Google Scholar
  3. 3.
    Deng, R.H., Li, Y., Yung, M., Zhao, Y.: A new framework for RFID privacy. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 1–18. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Ha, J., Moon, S., Zhou, J., Ha, J.: A new formal proof model for RFID location privacy. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 267–281. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: IEEE PerCom Workshops 2004, pp. 149–153 (2004)Google Scholar
  6. 6.
    Hermans, J., Pashalidis, A., Vercauteren, F., Preneel, B.: A new RFID privacy model. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 568–587. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  7. 7.
    Juels, A., Weis, S.A.: Defining strong privacy for RFID. In: IEEE PerCom Workshops 2007, pp. 342–347 (2007); Also appears in ACM TISSEC 2009 13(1), 7 (2009)Google Scholar
  8. 8.
    Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The Swiss-Knife RFID distance bounding protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Le, T.V., Burmester, M., de Medeiros, B.: Universally composable and forward-secure RFID authentication and authenticated key exchange. In: ASIACCS 2007, pp. 242–252 (2007)Google Scholar
  10. 10.
    Lee, S.M., Hwang, Y.J., Lee, D.-H., Lim, J.-I.: Efficient authentication for low-cost RFID systems. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3480, pp. 619–627. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Li, Y., Deng, R.H., Lai, J., Ma, C.: On two RFID privacy notions and their relations. ACM TISSEC 2011 14(4) (2011)Google Scholar
  12. 12.
    Ma, C., Li, Y., Deng, R.H., Li, T.: Relation between two notions, minimal condition, and efficient construction. In: ACM CCS 2009, pp. 54–65 (2009)Google Scholar
  13. 13.
    Moriyama, D., Matsuo, S., Ohkubo, M.: Relations among notions of privacy for RFID authentication protocols. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 661–678. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  14. 14.
    Ng, C.Y., Susilo, W., Mu, Y., Safavi-Naini, R.: RFID privacy models revisited. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 251–266. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Ouafi, K., Phan, R.C.-W.: Traceable privacy of recent provably-secure RFID protocols. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 479–489. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. 16.
    Paise, R.-I., Vaudenay, S.: Mutual authentication in RFID: Security and privacy. In: ASIACCS 2008, pp. 292–299 (2008)Google Scholar
  17. 17.
    Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing 2003. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Yang, A., Zhuang, Y., Wong, D.S.: An efficient single-slow-phase mutually authenticated RFID distance bounding protocol with tag privacy. In: Chim, T.W., Yuen, T.H. (eds.) ICICS 2012. LNCS, vol. 7618, pp. 285–292. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Anjia Yang
    • 1
  • Yunhui Zhuang
    • 1
  • Duncan S. Wong
    • 1
  • Guomin Yang
    • 2
  1. 1.City University of Hong KongHong Kong
  2. 2.University of WollongongAustralia

Personalised recommendations