A New RFID Privacy Model

This paper critically examines some recently proposed RFID privacy models. It shows that some models suffer from weaknesses such as insufficient generality and unrealistic assumptions regarding the adversary's ability to corrupt tags. We propose a new RFID privacy model that is based on the notion of indistinguishability and that does not suffer from the identified drawbacks. We demonstrate the easy applicability of our model by applying it to multiple existing RFID protocols.

[1]  Yi Mu,et al.  New Privacy Results on Synchronized RFID Authentication Protocols against Tag Tracing , 2009, ESORICS.

[2]  Ivan Visconti,et al.  Revisiting DoS Attacks and Privacy in RFID-Enabled Networks , 2009, ALGOSENSORS.

[3]  Sébastien Canard,et al.  Privacy-Preserving RFID Systems: Model and Constructions , 2010, IACR Cryptol. ePrint Arch..

[4]  Marc Girault,et al.  Security of privacy-preserving RFID systems , 2010, 2010 IEEE International Conference on RFID-Technology and Applications.

[5]  Ahmad-Reza Sadeghi,et al.  User Privacy in Transport Systems Based on RFID E-Tickets , 2008, PiLBA.

[6]  Marc Fischlin,et al.  Identification Protocols Secure against Reset Attacks , 2001, EUROCRYPT.

[7]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[8]  Amit Sahai,et al.  Resettably Secure Computation , 2009, EUROCRYPT.

[9]  Andreas Pashalidis,et al.  Relations Among Privacy Notions , 2009, Financial Cryptography.

[10]  Christof Paar,et al.  New Methods for Cost-Effective Side-Channel Attacks on Cryptographic RFIDs , 2009 .

[11]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[12]  Ahmad-Reza Sadeghi,et al.  Anonymizer-Enabled Security and Privacy for RFID , 2009, CANS.

[13]  Paul C. van Oorschot,et al.  CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud , 2008, ESORICS.

[14]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[15]  Frederik Armknecht,et al.  Impossibility Results for RFID Privacy Notions , 2010, Trans. Comput. Sci..

[16]  Julien Bringer,et al.  Efficient zero-knowledge identification schemes which respect privacy , 2009, ASIACCS '09.

[17]  Ivan Damgård,et al.  RFID Security: Tradeoffs between Security and Efficiency , 2008, CT-RSA.

[18]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[19]  Thomas Plos,et al.  Evaluation of the Detached Power Supply as Side-Channel Analysis Countermeasure for Passive UHF RFID Tags , 2009, CT-RSA.

[20]  Michael Hutter,et al.  RFID and Its Vulnerability to Faults , 2008, CHES.

[21]  Mike Burmester,et al.  Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols , 2006, 2006 Securecomm and Workshops.

[22]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[23]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[24]  Serge Vaudenay,et al.  Mutual authentication in RFID: security and privacy , 2008, ASIACCS '08.

[25]  Yi Mu,et al.  RFID Privacy Models Revisited , 2008, ESORICS.

[26]  Ahmad-Reza Sadeghi,et al.  Efficient RFID Security and Privacy with Anonymizers , 2009 .

[27]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[28]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[29]  Sasa Radomirovic,et al.  On a new formal proof model for RFID location privacy , 2009, Inf. Process. Lett..

[30]  Yunlei Zhao,et al.  A New Framework for RFID Privacy , 2010, ESORICS.