Formal Verification of Privacy for RFID Systems

RFID tags are being widely employed in a variety of applications, ranging from barcode replacement to electronic passports. Their extensive use, however, in combination with their wireless nature, introduces privacy concerns as a tag could leak information about the owner’s behaviour. In this paper we define two privacy notions, unlinkability and forward privacy, using a formal model based on the applied pi calculus, and we show the relationship between them. Then we focus on a generic class of simple privacy protocols, giving sufficient and necessary conditions for unlinkability and forward privacy for this class. These conditions are based on the concept of frame independence that we develop in this paper. Finally, we apply our techniques to two identification protocols, formally proving their privacy guarantees.

[1]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[2]  Flavio D. Garcia,et al.  Modeling Privacy for Off-Line RFID Systems , 2010, CARDIS.

[3]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, PerCom Workshops.

[4]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[5]  Gildas Avoine Cryptography in radio frequency identification and fair exchange protocols , 2005 .

[6]  Raphael C.-W. Phan,et al.  Privacy of Recent RFID Authentication Protocols , 2008, ISPEC.

[7]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[8]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[9]  C. Chatmon Secure Anonymous RFID Authentication Protocols , 2022 .

[10]  Mike Burmester,et al.  Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols , 2006, 2006 Securecomm and Workshops.

[11]  Sjouke Mauw,et al.  Untraceability of RFID Protocols , 2008, WISTP.

[12]  Michael Backes,et al.  Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[13]  Gildas Avoine Radio Frequency Identification: Adversary Model and Attacks on Existing Protocols , 2005 .

[14]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[15]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[16]  Bruno Blanchet,et al.  Automatic proof of strong secrecy for security protocols , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[17]  Mark Ryan,et al.  Analysing Unlinkability and Anonymity Using the Applied Pi Calculus , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[18]  Mark Ryan,et al.  Untraceability in the applied pi-calculus , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[19]  Yu Zhang,et al.  Verifying Anonymous Credential Systems in Applied Pi Calculus , 2009, CANS.

[20]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[21]  David Evans,et al.  Privacy through Noise: A Design Space for Private Identification , 2009, 2009 Annual Computer Security Applications Conference.

[22]  ROBIN MILNER,et al.  Edinburgh Research Explorer A Calculus of Mobile Processes, I , 2003 .

[23]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .