A New Unpredictability-Based RFID Privacy Model

Ind-privacy and unp-privacy, later refined to unp*-privacy, are two different classes of privacy models for RFID authentication protocols. These models have captured the major anonymity and untraceability related attacks regarding RFID authentication protocols with privacy, and existing work indicates that unp*-privacy seems to be a stronger notion when compared with ind-privacy. In this paper, we continue studying the RFID privacy models, and there are two folds regarding our results. First of all, we describe a new traceability attack and show that schemes proven secure in unp*-privacy may not be secure against this new and practical type of traceability attacks. We then propose a new unpredictability-based privacy model to capture this new type of attacks. Secondly, we show that this new model, where we called it the unp τ -privacy, is stronger than both unp*-privacy and ind-privacy.

[1]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, PerCom Workshops.

[2]  Robert H. Deng,et al.  RFID privacy: relation between two notions, minimal condition, and efficient construction , 2009, CCS.

[3]  David Taniar,et al.  Computational Science and Its Applications - ICCSA 2005, International Conference, Singapore, May 9-12, 2005, Proceedings, Part I , 2005, ICCSA.

[4]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[5]  Robert H. Deng,et al.  On two RFID privacy notions and their relations , 2008, TSEC.

[6]  Duncan S. Wong,et al.  An Efficient Single-Slow-Phase Mutually Authenticated RFID Distance Bounding Protocol with Tag Privacy , 2012, ICICS.

[7]  Gene Tsudik,et al.  Universally Composable RFID Identification and Authentication Protocols , 2009, TSEC.

[8]  Yi Mu,et al.  RFID Privacy Models Revisited , 2008, ESORICS.

[9]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[10]  Moti Yung,et al.  Computer Security – ESORICS 2012 , 2012, Lecture Notes in Computer Science.

[11]  Gildas Avoine,et al.  The Swiss-Knife RFID Distance Bounding Protocol , 2008, ICISC.

[12]  Vijay Atluri,et al.  Computer Security – ESORICS 2011 , 2011, Lecture Notes in Computer Science.

[13]  Frederik Vercauteren,et al.  A New RFID Privacy Model , 2011, ESORICS.

[14]  Yunlei Zhao,et al.  A New Framework for RFID Privacy , 2010, ESORICS.

[15]  Serge Vaudenay,et al.  Mutual authentication in RFID: security and privacy , 2008, ASIACCS '08.

[16]  JaeCheol Ha,et al.  A New Formal Proof Model for RFID Location Privacy , 2008, ESORICS.

[17]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[18]  Martín Abadi,et al.  Code-Carrying Authorization , 2008, ESORICS.

[19]  Bhavani M. Thuraisingham Editorial SACMAT 2007 , 2010, TSEC.

[20]  Miyako Ohkubo,et al.  Relations among Notions of Privacy for RFID Authentication Protocols , 2012, ESORICS.

[21]  Frank Stajano Security in Pervasive Computing , 2003, SPC.

[22]  Kaoru Kurosawa,et al.  Advances in Cryptology - ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2-6, 2007, Proceedings , 2007, International Conference on the Theory and Application of Cryptology and Information Security.

[23]  Bart Preneel,et al.  Computer Security - ESORICS 2010, 15th European Symposium on Research in Computer Security, Athens, Greece, September 20-22, 2010. Proceedings , 2010, ESORICS.

[24]  Jianying Zhou,et al.  Information and Communications Security , 2013, Lecture Notes in Computer Science.

[25]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[26]  Raphael C.-W. Phan,et al.  Traceable Privacy of Recent Provably-Secure RFID Protocols , 2008, ACNS.

[27]  Dong Hoon Lee,et al.  Efficient Authentication for Low-Cost RFID Systems , 2005, ICCSA.