Skip to main content
Springer Nature Link
Log in

Location Privacy in RFID Applications

  • Chapter
Privacy in Location-Based Applications

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5599))

Abstract

RFID-enabled systems allow fully automatic wireless identification of objects and are rapidly becoming a pervasive technology with various applications. However, despite their benefits, RFID-based systems also pose challenging risks, in particular concerning user privacy. Indeed, improvident use of RFID can disclose sensitive information about users and their locations allowing detailed user profiles. Hence, it is crucial to identify and to enforce appropriate security and privacy requirements of RFID applications (that are also compliant to legislation). This chapter first discusses security and privacy requirements for RFID-enabled systems, focusing in particular on location privacy issues. Then it explores the advances in RFID applications, stressing the security and privacy shortcomings of existing proposals. Finally, it presents new promising directions for privacy-preserving RFID systems, where as a case study we focus electronic tickets (e-tickets) for public transportation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Atmel Corporation: Innovative IDIC solutions (2007), http://www.atmel.com/dyn/resources/prod_documents/doc4602.pdf

  2. Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 210–219. ACM Press, New York (2004)

    Google Scholar 

  3. Calypso Networks Association: Web site of Calypso Networks Association. (May 2007), http://www.calypsonet-asso.org/

  4. NXP Semiconductors: MIFARE smartcard ICs. (September 2008), http://www.mifare.net/products/smartcardics/

  5. Sony Global: Web site of Sony FeliCa. (June 2008), http://www.sony.net/Products/felica/

  6. I.C.A. Organization: Machine Readable Travel Documents, Doc. 9303, Part 1 Machine Readable Passports, 5th edn (2003)

    Google Scholar 

  7. Juels, A.: RFID security and privacy: A research survey. Journal of Selected Areas in Communication 24(2), 381–395 (2006)

    Article  MathSciNet  Google Scholar 

  8. Burmester, M., van Le, T., de Medeiros, B.: Provably secure ubiquitous systems: Universally composable RFID authentication protocols. In: Proceedings of Second International Conference on Security and Privacy in Communication Networks (SecureComm), pp. 1–9. IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

  9. Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  10. Avoine, G.: Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049 (2005)

    Google Scholar 

  11. Avoine, G., Dysli, E., Oechslin, P.: Reducing time complexity in RFID systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  12. Juels, A., Weis, S.A.: Defining strong privacy for RFID. Cryptology ePrint Archive, Report 2006/137 (2006)

    Google Scholar 

  13. Damgård, I., Østergaard, M.: RFID security: Tradeoffs between security and efficiency. In: RSA Conference, Cryptographers’ Track, pp. 318–332 (2008)

    Google Scholar 

  14. Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  15. Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, pp. 149–153. IEEE Computer Society, Los Alamitos (2004)

    Chapter  Google Scholar 

  16. Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient hash-chain based RFID privacy protection scheme. In: International Conference on Ubiquitous Computing (UbiComp), Workshop Privacy: Current Status and Future Directions (September 2004)

    Google Scholar 

  17. Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm), pp. 59–66. IEEE Computer Society, Los Alamitos (2005)

    Chapter  Google Scholar 

  18. Lim, C.H., Kwon, T.: Strong and robust RFID authentication enabling perfect ownership transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  19. Tsudik, G.: YA-TRAP: Yet Another Trivial RFID Authentication Protocol. In: Security in Pervasive Computing. LNCS, vol. 2802, pp. 640–643. IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

  20. Song, B., Mitchell, C.J.: RFID authentication protocol for low-cost tags. In: Proceedings of the First ACM Conference on Wireless Network Security, pp. 140–147. ACM Press, New York (2008)

    Chapter  Google Scholar 

  21. Juels, A., Pappu, R.: Squealing Euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  22. Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal re-encryption for mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  23. Saito, J., Ryou, J.C., Sakurai, K.: Enhancing privacy of universal re-encryption scheme for RFID tags. In: Yang, L.T., Guo, M., Gao, G.R., Jha, N.K. (eds.) EUC 2004. LNCS, vol. 3207, pp. 879–890. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  24. Ateniese, G., Camenisch, J., de Medeiros, B.: Untraceable RFID tags via insubvertible encryption. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 92–101. ACM Press, New York (2005)

    Google Scholar 

  25. Sadeghi, A.R., Visconti, I., Wachsmann, C.: User privacy in transport systems based on RFID e-tickets. In: International Workshop on Privacy in Location-Based Applications (PiLBA), Malaga, Spain (October 9, 2008)

    Google Scholar 

  26. NXP Semiconductors: MIFARE application directory (MAD) — list of registered applications. (April 2008), http://www.nxp.com/acrobat/other/identification/mad_overview_042008.pdf

  27. Tuyls, P., Batina, L.: RFID-tags for anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  28. Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags (November 2003)

    Google Scholar 

  29. Juels, A.: Minimalist cryptography for low-cost RFID tags (extended abstract). In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  30. Ha, J.H., Moon, S.J., Zhou, J., Ha, J.C.: A new formal proof model for RFID location privacy, In: [61], pp. 267–281

    Google Scholar 

  31. Canetti, R.: Universally Composable Security: a New Paradigm for Cryptographic Protocols. In: 42nd Symposium on Foundations of Computer Science (FOCS 2001), 1109 Spring Street, Suite 300, Silver Spring, MD 20910, USA, pp. 136–145. IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  32. Paise, R.I., Vaudenay, S.: Mutual authentication in RFID: Security and privacy. In: ASIACCS 2008: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 292–299. ACM Press, New York (2008)

    Chapter  Google Scholar 

  33. Ng, C.Y., Susilo, W., Mu, Y., Safavi-Naini, R.: RFID privacy models revisited, In: [61], pp. 251–256

    Google Scholar 

  34. EPCglobal Inc.: Specification for RFID air interface — EPC radio-frequency protocols, Class-1 Generation-2 UHF RFID, protocol for communications at 860 MHz–960 MHz, version 1.1.0 (December 2005)

    Google Scholar 

  35. DIFRwear: Web site of difrwear (January 2009), http://www.difrwear.com/products.shtml

  36. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: RFID systems: A survey on security threats and proposed solutions. In: Cuenca, P., Orozco-Barbosa, L. (eds.) PWC 2006. LNCS, vol. 4217, pp. 159–170. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  37. Heydt-Benjamin, T.S., Chae, H.J., Defend, B., Fu, K.: Privacy for public transportation. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 1–19. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  38. NFC Forum: Web site of Near Field Communication (NFC) Forum (April 2008), http://www.nfc-forum.org/

  39. Ouafi, K., Phan, R.C.W.: Privacy of recent RFID authentication protocols. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 263–277. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  40. Castelluccia, C., Soos, M.: Secret shuffling: A novel approach to RFID private identification. In: Conference on RFID Security 2007, Malaga, Spain (July 11–13, 2007)

    Google Scholar 

  41. Mitra, M.: Privacy for rfid systems to prevent tracking and cloning. International Journal of Computer Science and Network Security 8(1), 1–5 (2008)

    Google Scholar 

  42. Economist: Security technology: Where’s the smart money? The Economist, 69–70 (February 2002)

    Google Scholar 

  43. Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002), Redwood Shores, CA, USA, August 13–15, 2002, Revised Papers. Volume 2523 of LNCS. Springer Verlag (2002) 31–48

    Chapter  Google Scholar 

  44. Neve, M., Peeters, E., Samyde, D., Quisquater, J.J.: Memories: A survey of their secure uses in smart cards. In: Proceedings of the Second IEEE International Security in Storage Workshop, October 31, 2003, pp. 62–72. IEEE Computer Society, Los Alamitos (2003)

    Chapter  Google Scholar 

  45. Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: In: Proceedings of the 18th Annual Computer Security Applications Conference, December 9–13, 2002, pp. 149–160. IEEE Computer Society, Los Alamitos (2002)

    Google Scholar 

  46. Tuyls, P., Škoriç, B., Kevenaar, T. (eds.): Security with Noisy Data — On Private Biometrics, Secure Key Storage, and Anti-Counterfeiting. Springer, Heidelberg (2007)

    MATH  Google Scholar 

  47. Ranasinghe, D.C., Engels, D.W., Cole, P.H.: Security and privacy: Modest proposals for low-cost rfid systems. In: Auto-ID Labs Research Workshop (September 2004)

    Google Scholar 

  48. Devadas, S., Suh, E., Paral, S., Sowell, R., Ziola, T., Khandelwal, V.: Design and implementation of PUF-based unclonable RFID ICs for anti-counterfeiting and security applications. In: IEEE International Conference on RFID 2008, April 16-17, pp. 58–64. IEEE Computer Society, Las Vegas (2008)

    Chapter  Google Scholar 

  49. Holcomb, D.E., Burleson, W.P., Fu, K.: Initial SRAM state as a fingerprint and source of true random numbers for RFID tags. In: Conference on RFID Security 2007, Malaga, Spain (July 11–13, 2007)

    Google Scholar 

  50. Bolotnyy, L., Robins, G.: Physically unclonable function-based security and privacy in RFID systems. In: Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications, pp. 211–220. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  51. Hein, D., Wolkerstorfer, J., Felber, N.: ECC is ready for RFID — a proof in silicon. In: Conference on RFID Security 2007, Malaga, Spain (July 11-13, 2007)

    Google Scholar 

  52. Oren, Y., Feldhofer, M.: WIPR — a public key implementation on two grains of sand. In: Conference on RFID Security 2007, Malaga, Spain (July 11-13, 2007)

    Google Scholar 

  53. NXP Semiconductors: Web site of MIFARE (May 2007), http://mifare.net/

  54. Spirtech: CALYPSO functional specification: Card application, version 1.3. (October 2005), http://calypso.spirtech.net/

  55. Nohl, K., Plötz, H.: MiFare — Little security despite obscurity (2007), http://events.ccc.de/congress/2007/Fahrplan/events/2378.en.html

  56. Schreur, R.W., van Rossum, P., Garcia, F., Teepe, W., Hoepman, J.H., Jacobs, B., de Koning Gans, G., Verdult, R., Muijrers, R., Kali, R., Kali, V.: Security flaw in MiFare Classic (March 2008), http://www.sos.cs.ru.nl/applications/rfid/pressrelease.en.html

  57. Garcia, F.D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R.W., Jacobs, B.: Dismantling mifare classic. In: [61], pp. 97–114

    Google Scholar 

  58. Courtois, N.T., Nohl, K., O’Neil, S.: Algebraic attacks on the Crypto-1 stream cipher in MiFare Classic and Oyster Cards. Cryptology ePrint Archive, Report 2008/166 (2008)

    Google Scholar 

  59. Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  60. Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact e-cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  61. Jajodia, S., Lopez, J. (eds.): ESORICS 2008. LNCS, vol. 5283. Springer, Heidelberg (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT-Security (HGI), Ruhr-University Bochum, Germany

    Ahmad-Reza Sadeghi & Christian Wachsmann

  2. Dipartimento di Informatica ed Applicazioni, University of Salerno, Italy

    Ivan Visconti

Authors
  1. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ivan Visconti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christian Wachsmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica e Comunicazione (DICO), Universita’ degli Studi di Milano, Via Comelico 39, 20135, Milano, Italy

    Claudio Bettini

  2. George Mason University, 4400 University Drive, 22030-4444, Fairfax, VA, USA

    Sushil Jajodia

  3. Dipartimento di Tecnologie dell’ Informazione, Universita’ degli Studi di Milano, Via Bramante 65, 26013, Crema, Italy

    Pierangela Samarati

  4. Department of Computer Science, University of Vermont, 33 Colchester Avenue, 05405, Burlington, VT, USA

    X. Sean Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Sadeghi, AR., Visconti, I., Wachsmann, C. (2009). Location Privacy in RFID Applications. In: Bettini, C., Jajodia, S., Samarati, P., Wang, X.S. (eds) Privacy in Location-Based Applications. Lecture Notes in Computer Science, vol 5599. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03511-1_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03511-1_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03510-4

  • Online ISBN: 978-3-642-03511-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics