Abstract
The privacy problem of many RFID systems has been extensively studied. Yet integrity in RFID has not received much attention as regular computer systems. When we evaluate an identification protocol for an RFID system for anti-counterfeiting, it is important to consider integrity issues. Moreover, many RFID systems are accessed by multiple level trust parties, which makes comprehensive integrity protection even harder. In this paper, we first propose an integrity model for RFID protocols. Then we use the model to analyze the integrity problems in Squealing Euros protocol. Squealing Euros was proposed by Juels and Pappu for RFID enabled banknotes that will support anti-forgery and lawful tracing yet preserve individual’s privacy. We analyze its integrity, we then discuss the problems that arise and propose some solutions to these problems. Then an improved protocol with integrity protection for the law enforcement is constructed, which includes an unforgeable binding between the banknote serial number and the RF ciphertext only readable to law enforcement. This same protocol can be applied in many other applications which require a privacy protecting anti-counterfeiting mechanism.
Similar content being viewed by others
References
RFID Technology and EPC in Retail. Symbol Technologies, Inc, 2004.
Wal-Mart details RFID requirement. RFID Journal, 2003.
Gillette confirms RFID purchase. RFID Journal, 2003.
Staake T, Thiesse F, Fleisch E. Extending the EPC network — The potential of RFID in anti-counterfeiting. In Proc. 2005 ACM Symp. Applied Computing, ACM Press, Santa Fe, USA, 2005, pp. 1607–1612.
Yoshida J. Euro bank notes to embed RFID chips by 2005. EE Times, 2001.
Harris G. Tiny antennas to keep tabs on U.S. drugs. New York Times, 2004.
Kanellos M. E-passports to put new face on old documents. CNET News.Com, 2004, http://news.zdnet.com/2100-9584_22-5313650.html.
Juels A, Pappu R. Squealing euros: Privacy-protection in RFID-enabled banknotes. In Proc. Financial Cryptography, Gosier, Guadeloupe, FWI, LNCS 2742, Springer-Verlag, 2003, pp. 103–121.
Biannual Information on the Counterfeiting of the Euro. ECB Press. 2004.
Baard M. Watchdogs push for RFID laws. Wired News, 2004.
Sarma S E, Weis S A, Engels D W. RFID systems and security and privacy implications. In Proc. Workshop on Cryptographic Hardware and Embedded Systems, San Franciso Bay, USA, LNCS 2523, 2002, pp. 454–470.
Avoine G, Oechslin P. A scalable and provably secure hash based RFID protocol. In Proc. The 2nd IEEE Int. Workshop on Pervasive Computing and Communication Security, Kauai Island, Hawaii, USA, IEEE Computer Society Press, 2005, pp. 110–114.
Juels A. Strengthening EPC tags against cloning. In Proc. the 4th ACM Workshop on Wireless Security, New York City, USA, ACM Press, 2005, pp. 67–76.
Juels A. Minimalist cryptography for low-cost RFID tags. In Proc. The Fourth International Conf. Security in Communication Network, Amalfi, Italy, LNCS 3352, Springer-Verlag, 2004, pp. 149–164.
Ranasinghe D, Engels D, Cole P. Low-cost RFID systems: Confronting security and privacy. In Proc. Auto-ID Labs Research Workshop, Zurich, Switzerland, 2004.
Feldhofer M. A proposal for authentication protocol in a security layer for RFID smart tags. In The 12th IEEE Mediterranean Electrotechnical Conf., 2004, 2: 759–762.
Feldhofer M, Dominikus S, Wolkerstorfer J. Strong authentication for RFID systems using the AES algorithm. In Proc. Workshop on Cryptographic Hardware and Embedded Systems, Joye M, Quisquater J J (eds.), Cambridge, MA, USA, LNCS 3156, Springer-Verlag, 2004, pp. 357–370.
Ohkubo M, Suzuki K, Kinoshita S. Cryptographic approach to “privacy-friendly” tags. In Proc. RFID Privacy Workshop, MIT, MA, USA, 2003.
Avoine G, Oechslin P. RFID traceability: A multilayer problem. In Proc. Financial Cryptography, Roseau, Dominica, LNCS 3570, Springer-Verlag, 2005, pp. 125–140.
Juels A, Rivest R L, Szydlo M. The blocker tag: Selective blocking of RFID tags for consumer privacy. In Proc. the 10th ACM Conf. Computer and Communication Security, ACM Press, 2003, pp. 103–111.
860MHz–930MHz class I radio frequency identification tag: Radio frequency and logical communication interface specification. Technical Report MIT-AUTOID-TR-007, Auto-ID Center, 2002.
Engberg S, Harning M, Damsgaard Jensen C. Zero-knowledge device authentication: Privacy and security enhanced RFID preserving business value and consumer convenience. In Proc. The Second Annual Conference on Privacy, Security and Trust, New Brunswick, Canada, 2004, 89–101.
Molnar D, Wagner D. Privacy and security in library RFID: Issues, practices, and architectures. In Proc. Conference on Computer and Communications Security, Washington DC, USA, ACM Press, 2004, pp. 210–219.
Atmel e5561 data sheet. Atmel Corporation. 2003.
Atmel T5557 data sheet. Atmel Corporation. 2003.
Atmel T5552 data sheet. Atmel Corporation. 2003.
Fujisaki E, Okamoto T. Secure integration of asymmetric and symmetric encryption schemes. In Proc. CRYPTO’99, Santa Barbara, USA, LNCS 1666, Springer-Verlag, 1999, pp. 537–554.
Avoine G. Privacy issues in RFID banknote protection schemes. In Proc. The 6th International Conference on Smart Card Research and Advanced Applications, Toulouse, France, Kluwer, 2004, pp. 33–48.
Blake I, Seroussi G, Smart N. Elliptic Curve Cryptography. Cambridge: Cambridge University Press, 1999.
Boneh D, Lynn B, Shacham H. Short signatures from the Weil pairing. In Proc. ASIACRYPT’01, Gold Coast, Australia, LNCS 2139, Springer-Verlag, 2001, pp. 514–532.
Author information
Authors and Affiliations
Corresponding author
Additional information
This work has been supported by a grant provided by The Lilly Endowment and the Indiana University Pervasive Technology Labs.
Electronic supplementary material
Rights and permissions
About this article
Cite this article
Zhang, X., King, B. An Anti-Counterfeiting RFID Privacy Protection Protocol. J Comput Sci Technol 22, 438–448 (2007). https://doi.org/10.1007/s11390-007-9059-x
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11390-007-9059-x