Skip to main content
Springer Nature Link
Log in

Insider Attacks and Privacy of RFID Protocols

  • Conference paper
Public Key Infrastructures, Services and Applications (EuroPKI 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7163))

Included in the following conference series:

  • 669 Accesses

Abstract

We discuss insider attacks on RFID protocols with a focus on RFID tag privacy and demonstrate such attacks on published RFID protocols. In particular, we show attacks on a challenge-response protocol with IND-CCA1 encryption and on the randomized hashed GPS protocol.

We then show that IND-CCA2 encryption can be used to prevent insider attacks and present a protocol secure against insider attacks. The protocol is based solely on elliptic-curve operations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Juels, A., Molnar, D., Wagner, D.: Security and privacy issues in e-passports. In: IEEE Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm (2005)

    Google Scholar 

  2. Sadeghi, A.R., Visconti, I., Wachsmann, C.: User privacy in transport systems based on RFID e-tickets. In: PiLBA (2008)

    Google Scholar 

  3. Molnar, D., Wagner, D.: Privacy and security in library RFID: issues, practices, and architectures. In: ACM Conference on Computer and Communications Security (2004)

    Google Scholar 

  4. Quartararo, P.: Permanent RFID garment tracking system (US Patent 005785181A) (1998)

    Google Scholar 

  5. Gollmann, D.: Insider fraud (position paper). In: Security Protocols Workshop, pp. 213–219 (1998)

    Google Scholar 

  6. Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978)

    Article  MATH  Google Scholar 

  7. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. SIGOPS Oper. Syst. Rev. 23(5), 1–13 (1989)

    Article  Google Scholar 

  8. Lowe, G.: Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  9. Lowe, G.: Casper: a compiler for the analysis of security protocols. J. Comput. Secur. 6(1-2), 53–84 (1998)

    Google Scholar 

  10. Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW), pp. 82–96. IEEE Computer Society (2001)

    Google Scholar 

  11. Cremers, C.: Scyther - Semantics and Verification of Security Protocols. Ph.D. dissertation, Eindhoven University of Technology (2006)

    Google Scholar 

  12. Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Bringer, J., Chabanne, H., Icart, T.: Efficient zero-knowledge identification schemes which respect privacy. In: ASIACCS, pp. 195–205 (2009)

    Google Scholar 

  14. Erguler, I., Anarim, E.: Scalability and security conflict for RFID authentication protocols. Cryptology ePrint Archive, Report 2010/018 (2010), http://eprint.iacr.org/

  15. Damgård, I., Pedersen, M.Ø.: RFID Security: Tradeoffs between Security and Efficiency. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 318–332. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  16. Hermans, J., Pashalidis, A., Vercauteren, F., Preneel, B.: A New RFID Privacy Model. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 568–587. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  17. Girault, M., Poupard, G., Stern, J.: On the fly authentication and signature schemes based on groups of unknown order. J. Cryptology 19(4), 463–487 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  18. Lee, Y.K., Batina, L., Singelée, D., Verbauwhede, I.: Low-cost untraceable authentication protocols for RFID. In: 3rd ACM Conference on Wireless Network Security – WiSec 2010 (2010)

    Google Scholar 

  19. Lee, Y., Batina, L., Verbauwhede, I.: Untraceable RFID authentication protocols: Revision of EC-RAC. In: IEEE International Conference on RFID – RFID 2009, Orlando, Florida, USA, pp. 178–185 (April 2009)

    Google Scholar 

  20. Lee, Y.K., Batina, L., Singelée, D., Verbauwhede, I.: Wide–Weak Privacy–Preserving RFID Authentication Protocols. In: Chatzimisios, P., Verikoukis, C., Santamaría, I., Laddomada, M., Hoffmann, O. (eds.) MOBILIGHT 2010. LNICST, vol. 45, pp. 254–267. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  21. Bringer, J., Chabanne, H., Icart, T.: Cryptanalysis of EC-RAC, a RFID Identification Protocol. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 149–161. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  22. Batina, L., Seys, S., Singelee, D., Verbauwhede, I.: Hierarchical ECC-based RFID authentication protocol. In: Workshop on RFID Security – RFIDSec 2011 (to appear, 2011)

    Google Scholar 

  23. Gamal, T.E.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)

    Article  MATH  Google Scholar 

  24. Damgård, I.: Towards Practical Public Key Systems Secure against Chosen Ciphertext Attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992)

    Google Scholar 

  25. Cramer, R., Shoup, V.: A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)

    Google Scholar 

  26. van Deursen, T., Radomirović, S.: Algebraic Attacks on RFID Protocols. In: Markowitch, O., Bilas, A., Hoepman, J.-H., Mitchell, C.J., Quisquater, J.-J. (eds.) WISTP 2009. LNCS, vol. 5746, pp. 38–51. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  27. Icart, T.: How to Hash into Elliptic Curves. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 303–316. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  28. Coron, J.S., Icart, T.: An indifferentiable hash function into elliptic curves. Cryptology ePrint Archive, Report 2009/340 (2009), http://eprint.iacr.org/

  29. Shallue, A., van de Woestijne, C.: Construction of Rational Points on Elliptic Curves over Finite Fields. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 510–524. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  30. Ulas, M.: Rational points on certain hyperelliptic curves over finite fields. Bull. Pol. Acad. Sci. Math. 55(2), 97–104 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  31. Seroussi, G.: Compact representation of elliptic curve points over F2n. Technical report, Research Contribution to IEEE P1363 (1998)

    Google Scholar 

  32. Okamoto, T., Pointcheval, D.: PSEC-3: Provably secure elliptic curve encryption scheme - V3 (Submission to P1363a). In: IEEE P1363a (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Luxembourg, Luxembourg

    Ton van Deursen & Saša Radomirović

Authors
  1. Ton van Deursen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Saša Radomirović
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Twente and Katholieke Universiteit Leuven ESAT-COSIC, Kasteelpark Arenberg 10, 3001, Leuven-Heverlee, Belgium

    Svetla Petkova-Nikova

  2. Katholieke Universiteit Leuven, ESAT/SCD (COSIC), Kasteelpark Arenberg 10, 3001, Leuven-Heverlee, Belgium

    Andreas Pashalidis

  3. Department of Information Systems, University of Regensburg, Universitätsstraße 31, 93053, Regensburg, Germany

    Günther Pernul

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

van Deursen, T., Radomirović, S. (2012). Insider Attacks and Privacy of RFID Protocols. In: Petkova-Nikova, S., Pashalidis, A., Pernul, G. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2011. Lecture Notes in Computer Science, vol 7163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29804-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29804-2_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29803-5

  • Online ISBN: 978-3-642-29804-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics