Skip to main content
SpringerLink
Log in

Anonymizer-Enabled Security and Privacy for RFID

  • Conference paper
Cryptology and Network Security (CANS 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5888))

Included in the following conference series:

Abstract

RFID-based systems are becoming a widely deployed pervasive technology that is more and more used in applications where privacy-sensitive information is entrusted to RFID tags. Thus, a careful analysis in appropriate security and privacy models is needed before deployment to practice.

Recently, Vaudenay presented a comprehensive security and privacy model for RFID that captures most previously proposed privacy models. The strongest achievable notion of privacy in this model (narrow-strong privacy) requires public-key cryptography, which in general exceeds the computational capabilities of current cost-efficient RFIDs. Other privacy notions achievable without public-key cryptography heavily restrict the power of the adversary and thus are not suitable to realistically model the real world.

In this paper, we extend and improve the current state-of-the art for privacy-protecting RFID by introducing a security and privacy model for anonymizer-enabled RFID systems. Our model builds on top of Vaudenay’s model and supports anonymizers, which are separate devices specifically designated to ensure the privacy of tags. We present a privacy-preserving RFID protocol that uses anonymizers and achieves narrow-strong privacy without requiring tags to perform expensive public-key operations (i.e., modular exponentiations), thus providing a satisfying notion of privacy for cost-efficient tags.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Atmel Corporation: Innovative IDIC solutions (2007), http://www.atmel.com/dyn/resources/prod_documents/doc4602.pdf

  2. Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 210–219. ACM Press, New York (2004)

    Chapter  Google Scholar 

  3. Calypso Networks Association: Web site of Calypso Networks Association. (May 2007), http://www.calypsonet-asso.org/

  4. NXP Semiconductors: MIFARE smartcard ICs (September 2008), http://www.mifare.net/products/smartcardics/

  5. Sony Global: Web site of Sony FeliCa (June 2008), http://www.sony.net/Products/felica/

  6. Sadeghi, A.R., Visconti, I., Wachsmann, C.: User privacy in transport systems based on RFID e-tickets. In: International Workshop on Privacy in Location-Based Applications (PiLBA), Malaga, Spain, October 9 (2008)

    Google Scholar 

  7. I.C.A. Organization: Machine Readable Travel Documents, Doc 9303, Part 1 Machine Readable Passports, Fifth Edition (2003)

    Google Scholar 

  8. Juels, A.: RFID security and privacy: A research survey. Journal of Selected Areas in Communication 24(2), 381–395 (2006)

    Article  MathSciNet  Google Scholar 

  9. Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 50–59. Springer, Heidelberg (2004)

    Google Scholar 

  10. Lim, C.H., Kwon, T.: Strong and robust RFID authentication enabling perfect ownership transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  11. Spirtech: CALYPSO functional specification: Card application, version 1.3. (October 2005), http://calypso.spirtech.net/

  12. Octopus Holdings: Web site of Octopus Holdings (June 2008), http://www.octopus.com.hk/en/

  13. Avoine, G.: Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049 (2005)

    Google Scholar 

  14. Juels, A., Weis, S.A.: Defining strong privacy for RFID. Cryptology ePrint Archive, Report 2006/137 (2006)

    Google Scholar 

  15. Damgård, I., Østergaard, M.: RFID security: Tradeoffs between security and efficiency. Cryptology ePrint Archive, Report 2006/234 (2006)

    Google Scholar 

  16. Burmester, M., van Le, T., de Medeiros, B.: Provably secure ubiquitous systems: Universally composable RFID authentication protocols. In: Proceedings of Second International Conference on Security and Privacy in Communication Networks (SecureComm), pp. 1–9. IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

  17. Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to privacy-friendly tags (November 2003)

    Google Scholar 

  18. Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  19. Paise, R.I., Vaudenay, S.: Mutual authentication in RFID: Security and privacy. In: ASIACCS 2008: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 292–299. ACM Press, New York (2008)

    Chapter  Google Scholar 

  20. Ng, C.Y., Susilo, W., Mu, Y., Safavi-Naini, R.: RFID privacy models revisited. In: [53], pp. 251–256

    Google Scholar 

  21. Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)

    Google Scholar 

  22. Katz, J., Shin, J.S.: Parallel and Concurrent Security of the HB and HB+ Protocols. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 73–87. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  23. Katz, J., Smith, A.: Analyzing the HB and HB+ protocols in the large error case. Cryptology ePrint Archive, Report 2006/326 (2006)

    Google Scholar 

  24. Katz, J.: Efficient Cryptographic Protocols Based on the Hardness of Learning Parity with Noise. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 1–15. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  25. Gilbert, H., Robshaw, M., Silbert, H.: An active attack against HB+ — A provable secure leightweight authentication protocol. Cryptology ePrint Archive, Report 2007/237 (2007)

    Google Scholar 

  26. Gilbert, H., Robshaw, M.J.B., Seurin, Y.: Good Variants of HB+ Are Hard to Find. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 156–170. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  27. Ouafi, K., Overbeck, R., Vaudenay, S.: On the Security of HB# against a Man-in-the-Middle Attack. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 108–124. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  28. Frumkin, D., Shamir, A.: Un-Trusted-HB: Security Vulnerabilities of Trusted-HB. Cryptology ePrint Archive, Report 2009/044 (2009)

    Google Scholar 

  29. Levieil, E., Fouque, P.A.: An Improved LPN Algorithm. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 348–359. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  30. Tsudik, G.: YA-TRAP: Yet Another Trivial RFID Authentication Protocol. In: Security in Pervasive Computing. LNCS, vol. 2802, pp. 640–643. IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

  31. Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, pp. 149–153. IEEE Computer Society, Los Alamitos (2004)

    Chapter  Google Scholar 

  32. Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient hash-chain based RFID privacy protection scheme. In: International Conference on Ubiquitous Computing (UbiComp), Workshop Privacy: Current Status and Future Directions (September 2004)

    Google Scholar 

  33. Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm), pp. 59–66. IEEE Computer Society, Los Alamitos (2005)

    Chapter  Google Scholar 

  34. Song, B., Mitchell, C.J.: RFID authentication protocol for low-cost tags. In: Proceedings of the First ACM Conference on Wireless Network Security, pp. 140–147. ACM Press, New York (2008)

    Chapter  Google Scholar 

  35. Sadeghi, A.R., Visconti, I., Wachsmann, C.: Location privacy in RFID applications. In: Bettini, C., et al. (eds.) Privacy in Location-Based Applications: Research Issues and Emerging Trends. LNCS, vol. 5599, pp. 127–150. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  36. Juels, A., Pappu, R.: Squealing Euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)

    Google Scholar 

  37. Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal re-encryption for mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)

    Google Scholar 

  38. Saito, J., Ryou, J.C., Sakurai, K.: Enhancing privacy of universal re-encryption scheme for RFID tags. In: Yang, L.T., Guo, M., Gao, G.R., Jha, N.K. (eds.) EUC 2004. LNCS, vol. 3207, pp. 879–890. Springer, Heidelberg (2004)

    Google Scholar 

  39. Ateniese, G., Camenisch, J., de Medeiros, B.: Untraceable RFID tags via insubvertible encryption. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 92–101. ACM Press, New York (2005)

    Chapter  Google Scholar 

  40. Economist: Security technology: Where’s the smart money? The Economist, 69–70 (February 2002)

    Google Scholar 

  41. Juels, A.: Minimalist cryptography for low-cost RFID tags (extended abstract). In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)

    Google Scholar 

  42. Avoine, G., Dysli, E., Oechslin, P.: Reducing time complexity in RFID systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  43. Ha, J.H., Moon, S.J., Zhou, J., Ha, J.C.: A new formal proof model for RFID location privacy. In: [53], pp. 267–281.

    Google Scholar 

  44. D’Arco, P., Scafuro, A., Visconti, I.: Semi-Destructive Privacy in DoS-Enabled RFID systems. In: Proceedings of RFIDSec 2009 (July 2009)

    Google Scholar 

  45. D’Arco, P., Scafuro, A., Visconti, I.: Revisiting DoS attacks and privacy in RFID-enabled networks. In: Dolev, S. (ed.) ALGOSENSORS 2009. LNCS, vol. 5804, p. 263. Springer, Heidelberg (2009)

    Google Scholar 

  46. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)

    Google Scholar 

  47. Prabhakaran, M., Rosulek, M.: Homomorphic encryption with CCA security. Cryptology ePrint Archive, Report 2005/079 (2008)

    Google Scholar 

  48. Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28, 270–299 (1984)

    Article  MATH  MathSciNet  Google Scholar 

  49. Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)

    Google Scholar 

  50. Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designingefficient protocols. In: Proceedings of the Annual Conference on Computer and Communications Security (CCS) (1994)

    Google Scholar 

  51. Danev, B., Heydt-Benjamin, T.S., Capkun, S.: Physical-layer Identification of RFID Devices. In: 18th USENIX Security Symposium, Montreal, Canada, August 10-14, pp. 199–214 (2009)

    Google Scholar 

  52. Sadeghi, A.R., Visconti, I., Wachsmann, C.: Efficient RFID security and privacy with anonymizers. In: Proceedings of RFIDSec 2009 (July 2009)

    Google Scholar 

  53. Jajodia, S., Lopez, J. (eds.): ESORICS 2008. LNCS, vol. 5283, p. 602. Springer, Heidelberg (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Germany

    Ahmad-Reza Sadeghi & Christian Wachsmann

  2. Dipartimento di Informatica ed Applicazioni, University of Salerno, Italy

    Ivan Visconti

Authors
  1. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ivan Visconti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christian Wachsmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. AT&T Labs Research, Florham Park, NJ, USA

    Juan A. Garay

  2. Japan Advanced Institute of Science and Technology (JAIST), Nomi, Ishikawa, Japan

    Atsuko Miyaji

  3. National Institute of Advanced Industrial Science and Technoloy (AIST), Tokyo, Japan

    Akira Otsuka

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sadeghi, AR., Visconti, I., Wachsmann, C. (2009). Anonymizer-Enabled Security and Privacy for RFID. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds) Cryptology and Network Security. CANS 2009. Lecture Notes in Computer Science, vol 5888. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10433-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10433-6_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10432-9

  • Online ISBN: 978-3-642-10433-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation