Untraceability of RFID Protocols

We give an intuitive formal definition of untraceability inthe standard Dolev-Yao intruder model, inspired by existing definitionsof anonymity. We show how to verify whether communication protocolssatisfy the untraceability property and apply our methods to knownRFID protocols. We show a previously unknown attack on a publishedRFID protocol and use our framework to prove that the protocol is notuntraceable.

[1]  Selwyn Piramuthu,et al.  On Existence Proofs for Multiple RFID Tags , 2006, 2006 ACS/IEEE International Conference on Pervasive Services.

[2]  Jaecheol Ryou,et al.  Enhancing Privacy of Universal Re-encryption Scheme for RFID Tags , 2004, EUC.

[3]  Jan Camenisch,et al.  Untraceable RFID tags via insubvertible encryption , 2005, CCS '05.

[4]  Yi Mu,et al.  Emerging Directions in Embedded and Ubiquitous Computing , 2006 .

[5]  Bo Sheng,et al.  Severless Search and Authentication Protocols for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07).

[6]  Kwangjo Kim,et al.  Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning , 2006 .

[7]  Kwangjo Kim,et al.  RFID mutual Authentication Scheme based on Synchronized Secret Information , 2006 .

[8]  Simson L. Garfinkel,et al.  RFID privacy: an overview of problems and proposed solutions , 2005, IEEE Security & Privacy Magazine.

[9]  Kwangjo Kim,et al.  A Scalable and Untraceable Authentication Protocol for RFID , 2006, EUC Workshops.

[10]  Stefan Leue,et al.  Scenarios: Models, Transformations and Tools, International Workshop, Dagstuhl Castle, Germany, September 7-12, 2003, Revised Selected Papers , 2005, Scenarios: Models, Transformations and Tools.

[11]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.

[12]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[13]  Juan E. Tapiador,et al.  RFID Systems: A Survey on Security Threats and Proposed Solutions , 2006, PWC.

[14]  Dong Hoon Lee,et al.  Efficient RFID Authentication Protocol for Ubiquitous Computing Environment , 2005, EUC Workshops.

[15]  Cas J. F. Cremers,et al.  Operational Semantics of Security Protocols , 2003, Scenarios: Models, Transformations and Tools.

[16]  Erik P. de Vink,et al.  A Formalization of Anonymity and Onion Routing , 2004, ESORICS.

[17]  Markus Jakobsson,et al.  Security Weaknesses in Bluetooth , 2001, CT-RSA.

[18]  Josep M. Miret,et al.  A Secure Elliptic Curve-Based RFID Protocol , 2009, Journal of Computer Science and Technology.

[19]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[20]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[21]  John A. Clark,et al.  A Survey of Authentication Protocol Literature , 2010 .

[22]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[23]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[24]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[25]  Gene Tsudik,et al.  YA-TRAP: yet another trivial RFID authentication protocol , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[26]  David Naccache,et al.  Topics in Cryptology — CT-RSA 2001 , 2001, Lecture Notes in Computer Science.

[27]  Tassos Dimitriou,et al.  A secure and efficient RFID protocol that could make big brother (partially) obsolete , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[28]  Colin Cooper,et al.  On the rank of random matrices , 2000, Random Struct. Algorithms.

[29]  J. M. Miret,et al.  An elliptic curve and zero knowledge based forward secure RFID Protocol ⋆ , 2007 .

[30]  Joachim Biskup,et al.  Computer Security - ESORICS 2007, 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, 2007, Proceedings , 2007, ESORICS.

[31]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[32]  Gene Tsudik,et al.  Security and Privacy in Ad-hoc and Sensor Networks, Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005, Revised Selected Papers , 2005, ESAS.

[33]  Stefan Köpsell,et al.  Modelling Unlinkability , 2003, Privacy Enhancing Technologies.

[34]  Frank Stajano Security in Pervasive Computing , 2003, SPC.

[35]  Roberto Di Pietro,et al.  Information Confinement, Privacy, and Security in RFID Systems , 2007, ESORICS.

[36]  Juan E. Tapiador,et al.  Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard , 2009, Comput. Stand. Interfaces.

[37]  C. Chatmon Secure Anonymous RFID Authentication Protocols , 2022 .

[38]  Frank Stajano,et al.  Location Privacy in Bluetooth , 2005, ESAS.

[39]  Kil-Hyun Nam,et al.  Information Security and Cryptology - ICISC 2007, 10th International Conference, Seoul, Korea, November 29-30, 2007, Proceedings , 2007, ICISC.

[40]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[41]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[42]  Laurence T. Yang,et al.  Embedded and Ubiquitous Computing - EUC 2005 Workshops, EUC 2005 Workshops: UISW, NCUS, SecUbiq, USN, and TAUES, Nagasaki, Japan, December 6-9, 2005, Proceedings , 2005, EUC Workshops.

[43]  Gene Tsudik A Family of Dunces: Trivial RFID Identification and Authentication Protocols , 2007, Privacy Enhancing Technologies.

[44]  Elisa Bertino,et al.  Computer Security — ESORICS 96 , 1996, Lecture Notes in Computer Science.

[45]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[46]  DaeHun Nyang,et al.  RFID Authentication Protocol with Strong Resistance Against Traceability and Denial of Service Attacks , 2005, ESAS.

[47]  Dijiang Huang On Measuring Anonymity For Wireless Mobile Ad-hoc Networks , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[48]  Ari Juels,et al.  RFID: security and privacy for five-cent wireless devices (abstract only) , 2004, WiSe '04.

[49]  Wolter Pieters,et al.  Provable anonymity , 2005, FMSE '05.

[50]  Dieter Gollmann,et al.  Computer Security – ESORICS 2004 , 2004, Lecture Notes in Computer Science.

[51]  Basel Alomair,et al.  Passive Attacks on a Class of Authentication Protocols for RFID , 2007, ICISC.

[52]  Bart Jacobs,et al.  Crossing Borders: Security and Privacy Issues of the European e-Passport , 2006, IWSEC.

[53]  David Evans,et al.  Quantifying Information Leakage in Tree-Based Hash Protocols (Short Paper) , 2006, ICICS.