Scalable RFID security protocols supporting tag ownership transfer

We identify privacy, security and performance requirements for radio frequency identification (RFID) protocols, as well as additional functional requirements such as tag ownership transfer. Many previously proposed protocols suffer from scalability issues because they require a linear search to identify or authenticate a tag. In support of scalability, some RFID protocols, however, only require constant time for tag identification, but, unfortunately, all previously proposed schemes of this type have serious shortcomings. We propose a novel scalable RFID authentication protocol based on the scheme presented in Song and Mitchell (2009) [1], that takes constant time to authenticate a tag. We also propose secret update protocols for tag ownership and authorisation transfer. The proposed protocols possess the identified privacy, security and performance properties and meet the requirements for secure ownership transfer identified here.

[1]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[2]  David A. Wagner,et al.  A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags , 2005, IACR Cryptol. ePrint Arch..

[3]  Tsuyoshi Takagi,et al.  An Efficient and Secure RFID Security Method with Ownership Transfer , 2006, 2006 International Conference on Computational Intelligence and Security.

[4]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[5]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[6]  Mikhail Nesterenko,et al.  RFID security without extensive cryptography , 2005, SASN '05.

[7]  Gene Tsudik A Family of Dunces: Trivial RFID Identification and Authentication Protocols , 2007, Privacy Enhancing Technologies.

[8]  István Vajda,et al.  Lightweight Authentication Protocols for Low-Cost RFID Tags , 2003 .

[9]  Stephen A. Weis Security and Privacy in Radio-Frequency Identification Devices , 2003 .

[10]  Philippe Oechslin,et al.  A scalable and provably secure hash-based RFID protocol , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[11]  Emin Anarim,et al.  Scalability and Security Conflict for RFID Authentication Protocols , 2011, Wirel. Pers. Commun..

[12]  A. Acquisti,et al.  Digital privacy : theory, technologies, and practices , 2007 .

[13]  Sasa Radomirovic,et al.  Attacks on RFID Protocols , 2008, IACR Cryptol. ePrint Arch..

[14]  Boyeon Song Server Impersonation Attacks on RFID Protocols , 2008, 2008 The Second International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies.

[15]  T. Sejnowski,et al.  RFID authentication protocol for low-cost tags , 2001 .

[16]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[17]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[18]  Gene Tsudik,et al.  YA-TRAP: yet another trivial RFID authentication protocol , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[19]  Mike Burmester,et al.  Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries , 2008, Int. J. Appl. Cryptogr..

[20]  Raphael C.-W. Phan,et al.  Traceable Privacy of Recent Provably-Secure RFID Protocols , 2008, ACNS.

[21]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[22]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[23]  Robert H. Deng,et al.  Attacks and improvements to an RIFD mutual authentication protocol and its extensions , 2009, WiSec '09.

[24]  Chris J. Mitchell,et al.  Scalable RFID Pseudonym Protocol , 2009, 2009 Third International Conference on Network and System Security.

[25]  Gildas Avoine Cryptography in radio frequency identification and fair exchange protocols , 2005 .

[26]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[27]  Adi Shamir SQUASH - A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags , 2008, FSE.

[28]  Ted Taekyoung Kwon,et al.  Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer , 2006, ICICS.

[29]  Sepideh Fouladgar An Efficient Delegation and Transfer of Ownership Protocol for RFID tags , 2007 .

[30]  Yan Zhang,et al.  Security in RFID and Sensor Networks , 2009 .

[31]  Hossam Afifi,et al.  A Simple Privacy Protecting Scheme Enabling Delegation and Ownership Transfer for RFID Tags , 2007, J. Commun..

[32]  Andre B. Bondi,et al.  Characteristics of scalability and their impact on performance , 2000, WOSP '00.

[33]  Kwangjo Kim,et al.  Enhancing Security of EPCGlobal Gen-2 RFID against Traceability and Cloning , 2006 .

[34]  Costas Lambrinoudakis,et al.  RFID: Technological Issues and Privacy Concerns , 2007 .