Abstract
Radio frequency identification (RFID) is a technology that enables RFID readers to perform fully automatic wireless identification of objects that are labeled with RFID tags. Initially, this technology was mainly used for electronic labeling of pallets, cartons, and products to enable seamless supervision of supply chains. Today, RFID technology is widely deployed to many other applications as well, including animal and product identification [2, 42], access control [2, 47], electronic tickets [47] and passports [27], and even human implantation [30].
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Note that illegitimate tags created by the \(\ensuremath{\mathsf{CreateTag}}\) oracle are initialized in the same way as legitimate tags with the only difference that their identifier \(\ensuremath{\mathtt{ID}}\) and secret K is not added to the credentials database \(\ensuremath{\mathtt{DB}}\) of \(\ensuremath{\mathcal{R}}\). As shown in [67], an adversary can use such tags to violate the privacy objectives.
- 2.
Note that, in case of PUF-enabled RFID tags, a destructive adversary can corrupt the tag and read out its memory whereas the properties of the PUF ensure that the PUF is destroyed and the adversary does not obtain any information on the PUF.
References
G. Ateniese, J. Camenisch, B. de Medeiros, in Untraceable RFID Tags via Insubvertible Encryption. Proceedings of the 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 7–11 Nov 2005 (ACM Press, 2005), pp. 92–101
Atmel Corporation. Innovative IDIC solutions. http://www.atmel.com/dyn/resources/ prod_documents/doc4602.pdf, 2007
Gildas Avoine. Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049, 2005.
G. Avoine, E. Dysli, P. Oechslin, in Reducing Time Complexity in RFID systems. 12th International Workshop on Selected Areas in Cryptography (SAC), Kingston, ON, Canada, 11–12 Aug 2005. Lecture Notes in Computer Science, vol. 3897 (Springer, Berlin, 2005), pp. 291–306
G. Avoine, C. Lauradoux, T. Martin in When Compromised Readers Meet RFID. The 5th Workshop on RFID Security 2009, Leuven, Belgium, 30 June–2 July, 2009
L. Bolotnyy, G. Robins, in Physically Unclonable Function-Based Security and Privacy in RFID systems. Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications, White Plains, NY, USA, 19–23 Mar 2007 (IEEE Computer Society, Washington, DC, 2007)
M. Burmester, T. van Le, B. de Medeiros, Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols. Proceedings of Second International Conference on Security and Privacy in Communication Networks (SecureComm), Baltimore, MD, USA, 28 Aug–1 Sept 2006 (IEEE Computer Society, Washington, DC, 2006), pp. 1–9
I. Damgård, M. Østergaard, RFID Security: Tradeoffs Between Security and Efficiency. Cryptology ePrint Archive, Report 2006/234, 2006
P. D’Arco, A. Scafuro, I. Visconti, in Revisiting DoS Attacks and Privacy in RFID-Enabled Networks. Proceedings of ALGOSENSORS, Rhodes, Greece, 10–11 July 2009. Lecture Notes in Computer Science (Springer, July 2009)
P. D’Arco, A. Scafuro, I. Visconti, in Semi-Destructive Privacy in DoS-Enabled RFID Systems. Proceedings of RFIDSec, Leuven, Belgium, 30 June-2 July 2009, July 2009
S. Devadas, E. Suh, S. Paral, R. Sowell, T. Ziola, V. Khandelwal, in Design and Implementation of PUF-Based Unclonable RFID ICs for Anti-counterfeiting and Security Applications. IEEE International Conference on RFID 2008, Las Vegas, NV, USA, 16–17 April, 2008 (IEEE Computer Society, 2008), pp. 58–64
T. Dimitriou, in A Lightweight RFID Protocol to Protect Against Traceability and Cloning Attacks. Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm) Athens, Greece, 5–9 Sept 2005 (IEEE Computer Society, 2005), pp. 59–66
Y. Dodis, L. Reyzin, A. Smith, Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2–6 May, 2004, Proceedings. Lecture Notes in Computer Science, vol. 3027 (Springer, 2004), pp. 523–540
Y. Dodis, L. Reyzin, A. Smith, in Security with Noisy Data, chapter Fuzzy Extractors, (Springer, 2007), pp. 79–99
EPCglobal Inc. Object Naming Service (ONS), version 1.0, October 2005
EPCglobal Inc. Web site of EPCglobal Inc http://www.epcglobalinc.org/, April 2008
K. Finkenzeller, RFID-Handbook 2nd edn. (Carl Hanser Verlag, Munich, Germany, Apr 2003). Translated from the 3rd German edition by Rachel Waddington, Swadlincote, UK
D. Frumkin, A. Shamir, Un-Trusted-HB: Security Vulnerabilities of Trusted-HB. Cryptology ePrint Archive, Report 2009/044, 2009
B. Gassend, D. Clarke, M. van Dijk, S. Devadas, in Controlled Physical Random Functions. Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, NV, USA, 9–13 Dec 2002 (IEEE Computer Society, 2002), pp. 149–160
H. Gilbert, M. Robshaw, H. Silbert, An Active Attack Against HB+ — A Provable Secure Leightweight Authentication Protocol. Cryptology ePrint Archive, Report 2007/237, 2007
H. Gilbert, M.J.B. Robshaw, Y. Seurin, in Good Variants of HB+ Are Hard to Find. in G. Tsudik. Financial Cryptography and Data Security, 12th International Conference, FC 2008, Cozumel, Mexico, 28–31 Jan 2008, Revised Selected Papers. Lecture Notes in Computer Science, (Springer, 2008), pp. 156–170
P. Golle, M. Jakobsson, A. Juels, P. Syverson, in Universal Re-encryption for Mixnets. The Cryptographers’ Track at the RSA Conference 2004, Proceedings. Lecture Notes in Computer Science, San Francisco, CA, USA, 23–27 Feb 2004 (Springer, 2004), pp. 163–178.
J.H. Ha, S.J. Moon, J. Zhou, J.C. Ha, A new formal proof model for RFID location privacy. In Jajodia and Lopez (28), pp. 267–281
D. Henrici, P. Müller, in Hash-Based Enhancement of Location Privacy for Radio-Frequency Identification Devices Using Varying Identifiers. Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, Orlando, FL, USA, 14–17 Mar 2004 (IEEE Computer Society, 2004), pp. 149–153
D.E. Holcomb, W.P. Burleson, K. Fu, Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags. Conference on RFID Security 2007, Malaga, Spain, 11–13 July 2007
M. Hutter, J.-M. Schmidt, T. Plos, RFID and Its Vulnerability to Faults. 10th International Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2008, Washington, DC, USA, 10–13 Aug 2008, Proceedings. Lecture Notes in Computer Science, vol. 5154 (Springer, 2008), pp. 363–379
I.C.A. Organization. Machine Readable Travel Documents, Doc 9303, Part 1 Machine Readable Passports, 5th edn., 2003
S. Jajodia, J. Lopez (eds.), Computer Security — ESORICS 2008. Lecture Notes in Computer Science, Malaga, Spain, 6–8 Oct 2008, vol. 5283 (Springer, 2008)
A. Juels, in Minimalist Cryptography for Low-Cost RFID Tags (Extended Abstract). 4th International Conference on Security in Communication Networks (SCN) 2004, Revised Selected Papers. Lecture Notes in Computer Science, Amalfi, Italy, 8–10 Sep 2004, vol. 3352 (Springer, 2004), pp. 149–164
A. Juels, in RFID Security and Privacy: A Research Survey. J. Select. Areas Commun. 24(2), 381–395 (Feb 2006)
A. Juels, R. Pappu, in Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. 7th International Conference on Financial Cryptography (FC) 2003, Revised Papers. Lecture Notes in Computer Science, Gosier, Guadeloupe, FWI, 27–30 Jan 2003, vol. 2742 (Springer, 2003), pp. 103–121
A. Juels, S.A. Weis, Authenticating pervasive devices with human protocols. in Advances in Cryptology — CRYPTO 2005, ed. by V. Shoup. 25th Annual International Cryptology Conference, Santa Barbara, CA, USA, 14–18 Aug 2005, Proceedings. Lecture Notes in Computer Science, vol. 3621 (Springer, 2005), pp. 293–308
A. Juels, S.A. Weis, Defining Strong Privacy for RFID. Cryptology ePrint Archive, Report 2006/137, 2006
J. Katz, in Efficient Cryptographic Protocols Based on the Hardness of Learning Parity with Noise. in S.D. Galbraith. Cryptography and Coding, 11th IMA International Conference, Cirencester, UK, 18–20 Dec 2007, Proceedings. Lecture Notes in Computer Science, vol. 4887 (Springer, 2007), pp. 1–15
J. Katz, J.S. Shin, Parallel and concurrent security of the HB and HB+ protocols. in Advances in Cryptology — EUROCRYPT 2006, ed. by S. Vaudenay. 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, St. Petersburg, Russia, 28 May –1 June 2006, Proceedings. Lecture Notes in Computer Science, vol. 4004 (Springer, 2006), pp. 73–87
J. Katz, A, Smith, Analyzing the HB and HB+ Protocols in the “Large Error” Case. Cryptology ePrint Archive, Report 2006/326, 2006
I. Kirschenbaum, A. Wool, How to Build a Low-Cost, Extended-Range RFID Skimmer. Cryptology ePrint Archive, Report 2006/054, 2006
O. Kömmerling, M.G. Kuhn, in Design Principles for Tamper-Resistant Smartcard Processors. Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, Chicago, IL, 10–11 May 1999
P.C. Kocher, in Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. 16th Annual International Cryptology Conference, Santa Barbara, CA, USA, Proceedings, 18–22 Aug 1996. Lecture Notes in Computer Science, vol. 1109 (Springer, 1996), pp. 104–113
C.H. Lim, T. Kwon, in Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer. 8th International Conference on Information and Communications Security (ICICS), Raleigh, NC, USA, 4–7 Dec 2006. Lecture Notes in Computer Science, vol. 4307 (Springer, 2006), pp. 1–20
S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks Revealing the Secrets of Smart Cards. (Springer, Berlin, 2007)
D. Molnar, D. Wagner, in Privacy and Security in Library RFID: Issues, Practices, and Architectures. Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington, DC, USA, 25–29 Oct 2004 (ACM Press, 2004), pp. 210–219
M. Neve, E. Peeters, D. Samyde, J.-J. Quisquater, in Memories: A Survey of Their Secure Uses in Smart Cards. Proceedings of the Second IEEE International Security in Storage Workshop, Washington, DC, USA, 31 Oct 2003 (IEEE Computer Society, 2003), pp. 62–72
C.Y. Ng, W. Susilo, Y. Mu, R. Safavi-Naini, in New Privacy Results on Synchronized RFID Authentication Protocols Against Tag Tracing. Proceedings of ESORICS, Saint Malo, France, 21–25 Sept 2009. Lecture Notes in Computer Science, vol. 5789 (Springer, 2009), pp. 321–336
C.Y. Ng, W. Susilo, Y. Mu, R. Safavi-Naini, RFID privacy models revisited. In Jajodia and Lopez (28), pp. 251–256
NXP Semiconductors. MIFARE Application Directory (MAD) — List of Registered Applications. http://www.nxp.com/acrobat/other/identification/mad_overview_042008. pdf, Apr 2008
NXP Semiconductors. MIFARE Smartcard ICs. http://www.mifare.net/products/ smartcardics/, Sept 2008
Octopus Holdings. Web site of Octopus Holdings. http://www.octopus.com.hk/en/, June 2008
S. Micali, O. Goldreich, S. Goldwasser, How to construct random functions. J. ACM 33(4), 792–807 (1986)
M. Ohkubo, K. Suzuki, S. Kinoshita, in Cryptographic Approach to “Privacy-Friendly” Tags. Presented at the RFID Privacy Workshop (MIT, Cambridge, MA, 15 Nov 2003); rfidprivacy.ex.com/2003/agenda.php
M. Ohkubo, K. Suzuki, S. Kinoshita, in Efficient Hash-Chain Based RFID Privacy Protection Scheme. International Conference on Ubiquitous Computing (UbiComp), Workshop Privacy: Current Status and Future Directions, Tokyo, Japan, 11–14 Sept 2005
K. Ouafi, R. Overbeck, S. Vaudenay, On the security of HB# against a man-in-the-middle attack. in Advances in Cryptology — ASIACRYPT 2008, ed. by J. Pieprzyk. 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, 7–11 Dec 2008, Proceedings. Lecture Notes in Computer Science, vol. 5350 (Springer, 2008), pp. 108–124
R.-I. Paise, S. Vaudenay, in Mutual Authentication in RFID: Security and Privacy. ASIACCS’08: Proceedings of the 2008 ACM Symposium on Information, Alexandria, VA, USA, 27–31 Oct 2008, Computer and Communications Security (ACM Press, 2008), pp. 292–299
D.C. Ranasinghe, D.W. Engels, P.H. Cole, in Security and Privacy: Modest Proposals for Low-Cost RFID Systems. Auto-ID Labs Research Workshop, Zurich, Switzerland, 23–24 Sept 2004
É. Levieil, P.-A. Fouque, in An Improved LPN Algorithm. Security and Cryptography for Networks, 5th International Conference, SCN 2006, Maiori, Italy, 6–8 Sept 2006, Proceedings. Lecture Notes in Computer Science, (Springer, 2006), pp. 348–359
A.-R. Sadeghi, I. Visconti, C. Wachsmann, in User Privacy in Transport Systems Based on RFID E-tickets. International Workshop on Privacy in Location-Based Applications (PiLBA), Malaga, Spain, 9 Oct 2008
A.-R. Sadeghi, I. Visconti, C. Wachsmann, in Anonymizer-Enabled Security and Privacy for RFID. The 8th International Conference in Cryptography and Network Security, 12–14 Dec 2009, Kanazawa, Ishikawa, Japan. Lecture Notes in Computer Science (Springer, 2009)
A.-R. Sadeghi, I. Visconti, C. Wachsmann, in Location Privacy in RFID Applications. Privacy in Location-Based Applications — Research Issues and Emerging Trends. Lecture Notes in Computer Science, vol. 5599 (Springer, Aug 2009), pp. 127–150
J. Saito, J.-C. Ryou, K. Sakurai, in Enhancing Privacy of Universal Re-encryption Scheme for RFID Tags. International Conference on Embedded and Ubiquitous Computing (EUC), Aizu-Wakamatsu City, Japan, Aug 2004, Proceedings. Lecture Notes in Computer Science, vol. 3207 (Springer, 2004), pp. 879–890
S.P. Skorobogatov, R.J. Anderson, in Optical Fault Induction Attacks. 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002), Redwood Shores, CA, USA, 13–15 Aug 2002, Revised Papers. Lecture Notes in Computer Science, vol. 2523 (Springer Verlag, 2002), pp. 31–48
B. Song, C.J. Mitchell, RFID Authentication Protocol for Low-Cost Tags. Proceedings of the First ACM Conference on Wireless Network Security, Alexandria, VA, USA, 31 Mar-2 Apr 2008 (ACM Press, 2008), pp. 140–147
Sony Global. Web site of Sony FeliCa. http://www.sony.net/Products/felica/, June 2008
Spirtech. CALYPSO functional specification: Card application, version 1.3. http://calypso.spirtech.net/, Oct 2005
G. Tsudik, in YA-TRAP: Yet Another Trivial RFID Authentication Protocol. Proceedings of the 4th Annual IEEE International Conference on Pervasive Computing and Communications Workshops, Pisa, Italy, 13–17 Mar 2006 . Lecture Notes in Computer Science, vol. 2802 (IEEE Computer Society, 2006), pp. 640–643
P. Tuyls, L. Batina, in RFID-Tags for Anti-counterfeiting. The Cryptographers’ Track at the RSA Conference, San Jose, CA, USA, 13–17 Feb 2006, Proceedings. Lecture Notes on Computer Science, vol. 3860 (Springer, 2006), pp. 115–131
P. Tuyls, B. Škoriç, Tom Kevenaar (eds.), Security with Noisy Data — On Private Biometrics, Secure Key Storage, and Anti-Counterfeiting (Springer, New York, NY, 2007).
S. Vaudenay, in On Privacy Models for RFID. 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Sarawak, Malaysia, 2–6 Dec 2007 Proceedings. Lecture Notes in Computer Science, vol. 4833 (Springer, 2007), pp. 68–87
S.A. Weis, S.E. Sarma, R.L. Rivest, D.W. Engels, in Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. 1st International Conference on Security in Pervasive Computing, Boppard, Germany, 12–14 Mar 2003 Revised Papers. Lecture Notes in Computer Science, vol. 2802 (Springer, 2003), pp. 50–59
Acknowledgments
We wish to thank Frederik Armknecht, Paolo D’Arco, and Alessandra Scafuro for several useful discussions about RFID privacy notions. This work has been supported in part by the European Commission through the FP7 programme under contract 216646 ECRYPT II, 238811 UNIQUE, and 215270 FRONTS, in part by the Ateneo Italo-Tedesco under Program Vigoni and by the MIUR Project PRIN 2008 “PEPPER: Privacy E Protezione di dati PERsonali” (prot. 2008SY2PH4).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Sadeghi, AR., Visconti, I., Wachsmann, C. (2010). Enhancing RFID Security and Privacy by Physically Unclonable Functions. In: Sadeghi, AR., Naccache, D. (eds) Towards Hardware-Intrinsic Security. Information Security and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14452-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-14452-3_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14451-6
Online ISBN: 978-3-642-14452-3
eBook Packages: Computer ScienceComputer Science (R0)