Skip to main content
Springer Nature Link
Log in

Privacy of Recent RFID Authentication Protocols

  • Conference paper
Information Security Practice and Experience (ISPEC 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4991))

  • 915 Accesses

Abstract

Privacy is a major concern in RFID systems, especially with widespread deployment of wireless-enabled interconnected personal devices e.g. PDAs and mobile phones, credit cards, e-passports, even clothing and tires. An RFID authentication protocol should not only allow a legitimate reader to authenticate a tag but it should also protect the privacy of the tag against unauthorized tracing: an adversary should not be able to get any useful information about the tag for tracking or discovering the tag’s identity. In this paper, we analyze the privacy of some recently proposed RFID authentication protocols (2006 and 2007) and show attacks on them that compromise their privacy. Our attacks consider the simplest adversaries that do not corrupt nor open the tags. We describe our attacks against a general untraceability model; from experience we view this endeavour as a good practice to keep in mind when designing and analyzing security protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Albertsons Announces Mandate, RFID Journal (March 5, 2004), http://www.rfidjournal.com/article/articleview/819/1/1/

  2. Avoine, G.: Adversarial Model for Radio Frequency Identification, Cryptology ePrint Archive, report 2005/049 (February 20, 2005), http://eprint.iacr.org/2005/049

  3. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  4. Burmester, M., Le, T.V., de Medeiros, B.: Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols. In: Proceedings of Securecomm 2006, pp. 1–9 (last revised December 5, 2006), full version available at IACR ePrint Archive, http://eprint.iacr.org/2006/448

  5. Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: Proc. IEEE FOCS 2001, pp. 136–145 (2001), (last revised December 13, 2005), full version available at IACR ePrint Archive, http://eprint.iacr.org/2000/067

  6. Carluccio, D., Lemke, K., Paar, C.: E-Passport: The Global Traceability or How to Feel Like a UPS Package. In: Lee, J.K., Yi, O., Yung, M. (eds.) WISA 2006. LNCS, vol. 4298, pp. 391–404. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. CASPIAN, Boycott Benetton (accessed September 19, 2007), http://www.boycottbenetton.com

  8. Castelluccia, C., Soos, M.: Secret Shuffling: A Novel Approach to RFID Private Identification. In: Proceedings of RFIDSec 2007, pp. 169–180 (2007)

    Google Scholar 

  9. Conti, M., Di Petro, R., Mancini, L.V., Spognardi, A.: RIPP-FS: An RFID Identification, Privacy Preserving Protocol with Forward Secrecy. In: Proceedings of PerCom 2007, pp. 229–234 (2007)

    Google Scholar 

  10. Heydt-Benjamin, T.S., Bailey, D.V., Fu, K., Juels, A., O’Hare, T.: Vulnerabilities in First-Generation RFID-enabled Credit Cards. In: Proceedings of Financial Cryptography 2007. LNCS (to appear, 2007)

    Google Scholar 

  11. Hoepman, J.-H., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.W.: Crossing Borders: Security and Privacy Issues of the European e-Passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S.-i. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  12. Juels, A., Molnar, D., Wagner, D.: Security and Privacy Issues in E-Passports. In: Proceedings of SecureComm 2005, pp. 74–88 (2005) (last revised September 18, 2007), full version available at IACR ePrint Archive, http://eprint.iacr.org/2005/095

  13. Juels, A., Weis, S.A.: Defining Strong Privacy for RFID. In: Proceedings of PerCom 2007, pp. 342–347 (2007) (April 7, 2006), http://eprint.iacr.org/2006/137

  14. Kim, S.-C., Yeo, S.-S., Kim, S.K.: MARP: Mobile Agent for RFID Privacy Protection. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 300–312. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  15. Kosta, E., Meints, M., Hensen, M., Gasson, M.: An Analysis of Security and Privacy Issues Relating to RFID Enabled ePassports. In: Proceedings of IFIP-SEC 2007. LNCS (to appear, 2007)

    Google Scholar 

  16. Le, T.V., Burmester, M., de Medeiros, B.: Universally Composable and Forward-Secure RFID Authentication and Authenticated Key Exchange. In: Proceedings of ASIACCS 2007, pp. 242–252 (2007) (February 14, 2007), http://eprint.iacr.org/2007/051

  17. Lim, C.H., Kwon, T.: Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  18. Michelin Embeds RFID Tags in Tires, RFID Journal (January 17, 2003), http://www.rfidjournal.com/article/articleview/269/1/1/

  19. Mitsubishi Electric Asia Switches on RFID, RFID Journal (September 11, 2006), http://www.rfidjournal.com/article/articleview/2644/

  20. Monnerat, J., Vaudenay, S., Vuagnoux, M.: About Machine-Readable Travel Documents: Privacy Enhancement using (Weakly) Non-Transferable Data Authentication. In: Proceedings of RFIDSec 2007, pp. 15–28 (2007)

    Google Scholar 

  21. Ohkubo, M., Suzuki, K., Kinoshita, S.: RFID Privacy Issues and Technical Challenges. Communications of the ACM 48(9), 66–71 (2005)

    Article  Google Scholar 

  22. Paise, R.-I., Vaudenay, S.: Mutual Authentication in RFID: Security and Privacy. In: Proceedings of AsiaCCS (2008) (to appear)

    Google Scholar 

  23. Rogaway, P.: On the Role Definitions in and Beyond Cryptography. In: Maher, M.J. (ed.) ASIAN 2004. LNCS, vol. 3321, pp. 13–32. Springer, Heidelberg (2004)

    Google Scholar 

  24. Tan, C.C., Sheng, B., Li, Q.: Serverless Search and Authentication Protocols for RFID. In: Proceedings of PerCom 2007, pp. 3–12 (2007)

    Google Scholar 

  25. Target, Wal-Mart Share EPC Data, RFID Journal (October 17, 2005), http://www.rfidjournal.com/article/articleview/642/1/1/

  26. Tsudik, G.: YA-TRAP: Yet Another Trivial RFID Authentication Protocol. In: Proceedings of PerCom 2006, pp. 640–643 (2006)

    Google Scholar 

  27. Vaudenay, S.: RFID Privacy based on Public-Key Cryptography. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 1–6. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  28. Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratoire de sécurité et de cryptographie (LASEC), Ecole Polytechnique Fédérale de Lausanne (EPFL), CH-1015, Switzerland

    Khaled Ouafi

  2. Electronic & Electrical Engineering, Loughborough University, LE11 3TU, Leics, United Kingdom

    Raphael C. -W. Phan

Authors
  1. Khaled Ouafi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raphael C. -W. Phan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Liqun Chen Yi Mu Willy Susilo

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ouafi, K., Phan, R.C.W. (2008). Privacy of Recent RFID Authentication Protocols. In: Chen, L., Mu, Y., Susilo, W. (eds) Information Security Practice and Experience. ISPEC 2008. Lecture Notes in Computer Science, vol 4991. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79104-1_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-79104-1_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-79103-4

  • Online ISBN: 978-3-540-79104-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics