Abstract
Designing privacy preserving authentication protocols for massively deployed Radio Frequency IDentification (RFID) systems is a real world challenge that have drawn significant attention from RFID community. This interest yields considerable amount of proposals targeting to overcome the main bottleneck (i.e. the exhaustive search over the list of all tag entries) which appears in the back-end database for large-scale RFID tag deployments. A class of these proposals contains RFID protocols where the server authenticates the tag in a negligible constant/sub-linear time for a more frequent normal state and needs a linear search in a rare abnormal states. In this study, however, we show that such protocols having unbalanced states are subject to side-channel attacks and do not preserve the RFID privacy. To illustrate this brutal security flaw, we conduct our analysis on different RFID protocols.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Alomair B., Poovendran R. (2010) Privacy versus scalability in radio frequency identification systems. Computer Communication, Elsevier 33(18): 2155–2163
Avoine, G. (2005). Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049.
Avoine, G., & Oechslin, P. (2005). RFID traceability: A multilayer problem. In Financial cryptography—FC’05. Lecture notes in computer science (Vol. 3570, pp. 125–140). Springer.
Avoine, G., Coisel, I., & Martin, T. (2010). Time measurement threatens privacy-friendly RFID authentication protocols. In S. O. Yalcin (Ed.), Workshop on RFID Security—RFIDSec’10. Lecture notes in computer science (Vol. 6370, pp. 138–157). Springer.
Burmester, M., Le, T. v., & Medeiros, B. d. (2006). Provably secure ubiquitous systems: Universally composable RFID authentication protocols. In Conference on security and privacy for emerging areas in communication networks—secureComm 2006 (pp. 1–10). IEEE, IEEE Computer Society, Baltimore, Maryland, USA.
Burmester M., de Medeiros B., Motta R. (2008) Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries. International Journal of Applied Cryptography 1(2): 79–90
Chang, J. C., Wu, H. L. (2009). A hybrid RFID protocol against tracking attacks. In Fifth international conference on intelligent information hiding and multimedia signal processing. (pp. 865–868). IEEE, IEEE Computer Society, Los Alamitos, CA, USA.
Cheon, J. H., Hong, J., & Tsudik, G. (2009). Reducing RFID reader load with the meet-in-the-middle strategy. Cryptology ePrint Archive, Report 2009/092.
Chien H. Y., Chen C. H. (2007) Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards. Computer Standars & Interfaces, Elsevier Science Publishers 29(2): 254–259
Dimitriou, T. (2005). A lightweight RFID protocol to protect against traceability and cloning attacks. In Conference on security and privacy for emerging areas in communication networks—secureComm. IEEE, Athens, Greece.
Erguler, I., & Anarim, E. (2010). Scalability and security conflict for RFID authentication protocols. Wireless Personal Communications doi:10.1007/s11277-010-0188-0.
Erguler, I., Akgun, M., & Anarim, E. (2009). Cryptanalysis of a lightweight RFID authentication protocol—LRMAP. In: Western European workshop on research in cryptology—WEWoRC 2009. Graz, Austria.
Erguler, I., Anarim, E., & Saldamli, G. (2011). A salient missing link in rfid security protocols. EURASIP Journal of Wireless Communications and Networking, article id 541283, 2011.
Ha, J., Ha, J., Moon, S., & Boyd, C. (2007a). LRMAP: Lightweight and resynchronous mutual authentication protocol for RFID system. In International conference on ubiquitous convergence technology—ICUCT 2006. Lecture notes in computer science (Vol. 4412, pp. 80–89). Springer.
Ha, J., Moon, S., Nieto, J. M. G., & Boyd, C. (2007b). Low-cost and strong-security rfid authentication protocol. In Proceedings of the 2007 conference on emerging direction in embedded and ubiquitous computing—EUC’07. Lecture notes in computer science. (Vol. 4809, pp. 795–807). Springer.
Henrici, D., & Müller, P. (2004). Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: R. Sandhu & R. Thomas (Eds.), International workshop on pervasive computing and communication security—PerSec 2004 (pp. 149–153). IEEE, IEEE Computer Society, Orlando, Florida, USA.
Juels, A., & Weis, S. (2007). Defining strong privacy for RFID. In International conference on pervasive computing and communications—PerCom 2007 (pp. 342–347). IEEE, IEEE Computer Society, New York City, New York, USA.
Karthikeyan, S., & Nesterenko, M. (2005). RFID security without extensive cryptography. In Workshop on security of ad hoc and sensor networks—SASN’05 (pp. 63–67). ACM, ACM Press, Alexandria, Virginia, USA.
Ling A. P., Masao M. (2011) Selection of model in developing information security criteria for smart grid security system. Journal of Convergence 2(1): 39–46
Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: Issues, practices, and architectures. In B. Pfitzmann & P. Liu (Eds.), Conference on computer and communications security—ACM CCS (pp. 210–219). ACM, ACM Press, Washington, DC, USA.
Nguyen Duc, D., Park, J., Lee, H., & Kim, K. (2006). Enhancing security of EPCglobal Gen-2 RFID tag against traceability and cloning. In Symposium on cryptography and information security. Hiroshima, Japan.
Ohkubo, M., Suzuki, K., & Kinoshita, S. (2003). Cryptographic approach to “privacy-friendly” tags. In RFID privacy workshop. MIT, Massachusetts, USA.
Ouafi, K., & Phan, R. C. W. (2008). Privacy of recent RFID authentication protocols. In L. Chen, Y. Mu & W. Susilo (Eds.), 4th international conference on information security practice and experience—ISPEC 2008. Lecture notes in computer science (Vol. 4991, pp. 263–277). Springer.
Rhee, K., Kwak, J., Kim, S., & Won, D. (2005). Challenge-response based RFID authentication protocol for distributed database environment. In D. Hutter & M. Ullmann (Eds.), International conference on security in pervasive computing—SPC 2005. Lecture notes in computer science (Vol. 3450, pp. 70–84). Springer-Verlag, Boppard, Germany.
Sarkar P., Saha A. (2011) Security enhanced communication in wireless sensor networks using reed-muller codes and partially balanced incomplete block designs. Journal of Convergence 2(1): 23–30
Shaoying, C., Li, Y., Li, T., & Deng, R. (2009). Attacks and improvements to an RFID mutual authentication protocol and its extensions. In D. A. Basin, S. Capkun & W. Lee (Eds.), Proceedings of the 2nd ACM conference on wireless network security—WiSec’09. (pp. 51–58). ACM, ACM Press, Zurich, Switzerland.
Song, B., & Mitchell, C. J. (2008). RFID authentication protocol for low-cost tags. In V. D. Gligor, J. P. Hubaux & R. Poovendran (Eds.), Proceedings of the 1st ACM conference on wireless network security—WiSec’08. (pp. 140–147). ACM, ACM Press, Alexandria, Virginia, USA.
Song, B., & Mitchell, C. J. (2009). Scalable RFID authentication protocol. In 3rd International conference on network and system security—NSS 2009. (pp. 216–224). IEEE, IEEE Computer Society, Gold Coast, Australia.
Song, B., & Mitchell, C. J. (2010). Scalable RFID security protocols supporting tag ownership transfer. Computer Communication, Elsevier doi:10.1016/j.comcom.2010.02.027.
Tsudik, G. (2007). A family of dunces: Trivial RFID identification and authentication protocols. Cryptology ePrint Archive, Report 2006/015.
Vaudenay, S. (2007) On privacy models for RFID. In K. Kurosawa (Ed.) Advances in cryptology–basiacrypt 2007. Lecture notes in computer science (Vol. 4833, pp. 68–87). Springer.
Wang S. J., Tsai Y. R., Shen C. C., Chen P. Y. (2010) Hierarchical key derivation scheme for group-oriented communication systems. International Journal of Information Technology, Communications and Convergence 1(1): 66–76
Weis, S., Sarma, S., Rivest, R., & Engels, D. (2003). Security and privacy aspects of low-cost radio frequency identification systems. In D. Hutter, G. Müller, W. Stephan & M. Ullmann (Eds.), International conference on security in pervasive computing—SPC 2003. Lecture notes in computer science (Vol. 2802, pp. 454–469). Springer.
Xie B., Kumar A., Zhao D., Reddy R., He B. (2010) On secure communication in integrated heterogeneous wireless networks. International Journal of Information Technology, Communications and Convergence 1(1): 4–43
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Erguler, I., Anarim, E. & Saldamli, G. Unbalanced states violates RFID privacy. J Intell Manuf 25, 273–281 (2014). https://doi.org/10.1007/s10845-012-0655-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10845-012-0655-4