Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification

In RFID literature, most “privacy-preserving” protocols require the reader to search all tags in the system in order to identify a single tag. In another class of protocols, the search complexity is reduced to be logarithmic in the number of tags, but it comes with two major drawbacks: it requires a large communication overhead over the fragile wireless channel, and the compromise of a tag in the system reveals secret information about other, uncompromised, tags in the same system. In this work, we take a different approach to address time complexity of private identification in large-scale RFID systems. We utilize the special architecture of RFID systems to propose a symmetric-key privacy-preserving authentication protocol for RFID systems with constant-time identification. Instead of increasing communication overhead, the existence of a large storage device in RFID systems, the database, is utilized for improving the time efficiency of tag identification.

[1]  C. Chatmon Secure Anonymous RFID Authentication Protocols , 2022 .

[2]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[3]  Jung Hee Cheon,et al.  Reducing RFID reader load with the meet-in-the-middle strategy , 2012, Journal of Communications and Networks.

[4]  Emin Anarim,et al.  Scalability and Security Conflict for RFID Authentication Protocols , 2011, Wirel. Pers. Commun..

[5]  Marc Langheinrich,et al.  Scanning with a Purpose - Supporting the Fair Information Principles in RFID Protocols , 2004, UCS.

[6]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[7]  Gildas Avoine Adversarial Model for Radio Frequency Identification , 2005, IACR Cryptol. ePrint Arch..

[8]  Basel Alomair,et al.  Passive Attacks on a Class of Authentication Protocols for RFID , 2007, ICISC.

[9]  Yingjiu Li,et al.  A Security and Performance Evaluation of Hash-Based RFID Protocols , 2008, Inscrypt.

[10]  S. Ross A First Course in Probability , 1977 .

[11]  Feller William,et al.  An Introduction To Probability Theory And Its Applications , 1950 .

[12]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[13]  William Feller,et al.  An Introduction to Probability Theory and Its Applications, Vol. 2 , 1967 .

[14]  Ari Juels,et al.  Squealing Euros: Privacy Protection in RFID-Enabled Banknotes , 2003, Financial Cryptography.

[15]  Emin Anarim,et al.  Attacks on an Efficient RFID Authentication Protocol , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[16]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[17]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[18]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[19]  Gene Tsudik,et al.  YA-TRAP: yet another trivial RFID authentication protocol , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[20]  Basel Alomair,et al.  Privacy versus scalability in radio frequency identification systems , 2010, Comput. Commun..

[21]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[22]  Murali S. Kodialam,et al.  Fast and reliable estimation schemes in RFID systems , 2006, MobiCom '06.

[23]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[24]  Yunhao Liu,et al.  ACTION: Breaking the Privacy Barrier for RFID Systems , 2009, IEEE INFOCOM 2009.

[25]  Simson L. Garfinkel,et al.  RFID privacy: an overview of problems and proposed solutions , 2005, IEEE Security & Privacy Magazine.

[26]  Gildas Avoine,et al.  Privacy Issues in RFID Banknote Protection Schemes , 2004, CARDIS.

[27]  Jaideep Srivastava,et al.  Adaptive binary splitting for efficient RFID tag anti-collision , 2006, IEEE Communications Letters.

[28]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[29]  Chris J. Mitchell,et al.  Scalable RFID Pseudonym Protocol , 2009, 2009 Third International Conference on Network and System Security.

[30]  Gildas Avoine,et al.  Time Measurement Threatens Privacy-Friendly RFID Authentication Protocols , 2010, RFIDSec.

[31]  Robert H. Deng,et al.  RFID privacy: relation between two notions, minimal condition, and efficient construction , 2009, CCS.

[32]  Roberto Di Pietro,et al.  RIPP-FS: An RFID Identification, Privacy Preserving Protocol with Forward Secrecy. , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[33]  Srdjan Capkun,et al.  Physical-layer identification of UHF RFID tags , 2010, MobiCom.

[34]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[35]  Wonjun Lee,et al.  An Adaptive Memoryless Tag Anti-Collision Protocol for RFID Networks * , 2005 .

[36]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[37]  Basel Alomair,et al.  On the Authentication of RFID Systems with Bitwise Operations , 2008, 2008 New Technologies, Mobility and Security.

[38]  Paul F. Syverson,et al.  High-Power Proxies for Enhancing RFID Privacy and Utility , 2005, Privacy Enhancing Technologies.

[39]  T. Sejnowski,et al.  RFID authentication protocol for low-cost tags , 2001 .

[40]  Lei Hu,et al.  Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07).

[41]  Mike Burmester,et al.  Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries , 2008, Int. J. Appl. Cryptogr..

[42]  Raphael C.-W. Phan,et al.  Privacy of Recent RFID Authentication Protocols , 2008, ISPEC.

[43]  Yunhao Liu,et al.  Randomizing RFID private authentication , 2009, 2009 IEEE International Conference on Pervasive Computing and Communications.

[44]  Chris J. Mitchell,et al.  RFID authentication protocol for low-cost tags , 2008, WiSec '08.

[45]  Maire O'Neill,et al.  Low-Cost SHA-1 Hash Function Architecture for RFID Tags , 2008 .

[46]  Yunhao Liu,et al.  Refresh: Weak Privacy Model for RFID Systems , 2010, 2010 Proceedings IEEE INFOCOM.

[47]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[48]  Lei Hu,et al.  Storage-Awareness: RFID Private Authentication based on Sparse Tree , 2007, Third International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU 2007).

[49]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[50]  Samir Ranjan Das,et al.  Collision avoidance in a dense RFID network , 2006, WiNTECH.

[51]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[52]  Basel Alomair,et al.  Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification , 2012, IEEE Trans. Parallel Distributed Syst..

[53]  Tassos Dimitriou,et al.  A secure and efficient RFID protocol that could make big brother (partially) obsolete , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[54]  Elif Bilge Kavun,et al.  A Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications , 2010, RFIDSec.

[55]  Jacek Becla,et al.  Report from the first Workshop on Extremely Large Databases , 2008, Data Sci. J..

[56]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[57]  Aylin Yener,et al.  ASAP: A MAC Protocol for Dense and Time-Constrained RFID Systems , 2006, 2006 IEEE International Conference on Communications.

[58]  Basel Alomair,et al.  Securing low-cost RFID systems: An unconditionally secure approach , 2011, J. Comput. Secur..

[59]  Bing Liang,et al.  On the Untraceability of Anonymous RFID Authentication Protocol with Constant Key-Lookup , 2009, ICISS.

[60]  Jiang Wu,et al.  A Highly Scalable RFID Authentication Protocol , 2009, ACISP.