RFID security : cryptography and physics perspectives

In this chapter, we provide an overview of mechanisms that are cheap to implement or integrate into RFID tags and that at the same time enhance their security and privacy properties. We emphasize solutions that make use of existing (or expected) functionality on the tag or that are inherently cheap and thus enhance the privacy friendliness of the technology “almost” for free. Technologies described include the use of environmental information (presence of light, temperature, humidity, etc.) to disable or enable the RFID tag, the use of delays to reveal parts of a secret key at different moments in time (this key is used to later establish a secure communication channel), and the idea of a “sticky tag,” which can be used to re-enable a disabled (or killed) tag whenever the user considers it to be safe. We discuss the security and describe usage scenarios for all solutions. Finally, we summarize previous works that use physical principles to provide security and privacy in RFID systems and the security-related functionality in RFID standards.

[1]  David Pointcheval Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings , 2006, CT-RSA.

[2]  Leonid Bolotnyy,et al.  Multi-tag radio frequency identification systems , 2005, Fourth IEEE Workshop on Automatic Identification Advanced Technologies (AutoID'05).

[3]  H. Kitayoshi,et al.  Long range passive RFID-tag for sensor networks , 2005, VTC-2005-Fall. 2005 IEEE 62nd Vehicular Technology Conference, 2005..

[4]  B. Nauta,et al.  High-speed lateral polysilicon photodiode in standard CMOS technology , 2003, ESSDERC '03. 33rd Conference on European Solid-State Device Research, 2003..

[5]  Günter Karjoth,et al.  Disabling RFID tags with visible confirmation: clipped tags are silenced , 2005, WPES '05.

[6]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[7]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[8]  Rick Huhn,et al.  Security Standards for the RFID Market , 2005, IEEE Secur. Priv..

[9]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[10]  Paul F. Syverson,et al.  High-Power Proxies for Enhancing RFID Privacy and Utility , 2005, Privacy Enhancing Technologies.

[11]  Daniel W. Engels,et al.  On the Future of RFID Tags and Protocols , 2003 .

[12]  Matthew Green,et al.  Security Analysis of a Cryptographically-Enabled RFID Device , 2005, USENIX Security Symposium.

[13]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[14]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[15]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[16]  Damith C. Ranasinghe,et al.  Low-Cost RFID Systems: Confronting Security and Privacy , 2005 .

[17]  Hervé Chabanne,et al.  Noisy Cryptographic Protocols for Low-Cost RFID Tags , 2006, IEEE Transactions on Information Theory.

[18]  Sandra Dominikus,et al.  Symmetric Authentication for RFID Systems in Practice , 2005 .

[19]  Ari Juels,et al.  Squealing Euros: Privacy Protection in RFID-Enabled Banknotes , 2003, Financial Cryptography.

[20]  Joshua R. Smith,et al.  Battery-free wireless identification and sensing , 2005, IEEE Pervasive Computing.

[21]  Christof Paar,et al.  E-Passport: The Global Traceability Or How to Feel Like a UPS Package , 2006, WISA.

[22]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[23]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[24]  Simson L. Garfinkel,et al.  RFID privacy: an overview of problems and proposed solutions , 2005, IEEE Security & Privacy Magazine.

[25]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[26]  Bing Jiang,et al.  Some Methods for Privacy in RFID Communication , 2004, ESAS.

[27]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[28]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[29]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[30]  Apinunt Thanachayanont,et al.  Self-powered wireless temperature sensors exploit RFID technology , 2006, IEEE Pervasive Computing.

[31]  Ingrid Verbauwhede,et al.  Small footprint ALU for public-key processors for pervasive security , 2006 .

[32]  Stephen A. Weis Security and Privacy in Radio-Frequency Identification Devices , 2003 .

[33]  K.-L. Wu,et al.  Experimental Study of Radiation Efficiency from an Ingested Source inside a Human Body Model* , 2005, 2005 IEEE Engineering in Medicine and Biology 27th Annual Conference.

[34]  Claude Castelluccia,et al.  Noisy Tags: A Pretty Good Key Exchange Protocol for RFID Tags , 2006, CARDIS.

[35]  Boris Skoric,et al.  ALGSICS - Combining Physics and Cryptography to Enhance Security and Privacy in RFID Systems , 2007, ESAS.

[36]  Daniel W. Engels,et al.  Standardization Requirements within the RFID Class Structure Framework , 2005 .

[37]  Tim Kerins,et al.  Public-Key Cryptography for RFID-Tags , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[38]  Jan Camenisch,et al.  Security in Communication Networks - SCN 2004 , 2004 .

[39]  Lejla Batina,et al.  RFID-Tags for Anti-counterfeiting , 2006, CT-RSA.

[40]  Marc Langheinrich,et al.  Scanning with a Purpose - Supporting the Fair Information Principles in RFID Protocols , 2004, UCS.

[41]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[42]  Kazuo Takaragi,et al.  An Ultra Small Individual Recognition Security Chip , 2001, IEEE Micro.

[43]  Frédéric Thiesse,et al.  Extending the EPC network: the potential of RFID in anti-counterfeiting , 2005, SAC '05.

[44]  Ari Juels,et al.  Soft blocking: flexible blocker tags on the cheap , 2004, WPES '04.

[45]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[46]  Sozo Inoue,et al.  RFID Privacy Using User-Controllable Uniqueness , 2003 .

[47]  Bernard Eydt,et al.  Guidelines for Securing Radio Frequency Identification (RFID) Systems | NIST , 2007 .

[48]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.