Previous designed synchronization approaches advocate an O(1) search complexity. Although it is efficient, such an approach is vulnerable to Desynchronization Attacks, in which the secret information will become incrementally different between the tag and reader. Either adversary can utilize this to distinguish tags or the legitimate tag and reader cannot authenticate with each other. Even worse, synchronization approaches suffer from replay attacks. To address these problems, we propose a DESynchronization Tolerant RFID private authentication protocol, DEST, which forces a tag to keep its behaviors undistinguishable. DEST provides desynchronization tolerance, replay attack resistance, and forward secrecy. The analysis results show that DEST effectively enhances the privacy protection for RFID private authentication, and provides the same efficiency, O(1), as traditional synchronization approaches.
[1]
Paul Müller,et al.
Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers
,
2004,
IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.
[2]
Ari Juels,et al.
RFID security and privacy: a research survey
,
2006,
IEEE Journal on Selected Areas in Communications.
[3]
Koutarou Suzuki,et al.
Cryptographic Approach to “Privacy-Friendly” Tags
,
2003
.
[4]
Ari Juels,et al.
Minimalist Cryptography for Low-Cost RFID Tags
,
2004,
SCN.
[5]
Yunhao Liu,et al.
Randomizing RFID private authentication
,
2009,
2009 IEEE International Conference on Pervasive Computing and Communications.