On Privacy Models for RFID

We provide a formal model for identification schemes. Under this model, we give strong definitions for security and privacy. Our model captures the notion of a powerful adversary who can monitor all communications, trace tags within a limited period of time, corrupt tags, and get side channel information on the reader output. Adversaries who do not have access to this side channel are called narrow adversaries. Depending on restrictions on corruption, adversaries are called strong, destructive, forward, or weak adversaries. We derive some separation results: strong privacy is impossible. Narrow-strong privacy implies key agreement. We also prove some constructions: narrow-strong and forward privacy based on a public-key cryptosystem, narrow-destructive privacy based on a random oracle, and weak privacy based on a pseudorandom function.

[1]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[2]  Phong Q. Nguyen Progress in Cryptology - VIETCRYPT 2006 , 2007 .

[3]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[4]  Byoungcheon Lee,et al.  Information Security and Cryptology - ICISC 2006, 9th International Conference, Busan, Korea, November 30 - December 1, 2006, Proceedings , 2006, ICISC.

[5]  Gene Tsudik,et al.  Security and Privacy in Ad-hoc and Sensor Networks, Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005, Revised Selected Papers , 2005, ESAS.

[6]  Serge Vaudenay RFID Privacy Based on Public-Key Cryptography , 2006, ICISC.

[7]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[8]  Matthew J. B. Robshaw,et al.  Searching for Compact Algorithms: cgen , 2006, VIETCRYPT.

[9]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[10]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[11]  Ted Taekyoung Kwon,et al.  Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer , 2006, ICICS.

[12]  Frank Stajano Security in Pervasive Computing , 2003, SPC.

[13]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[14]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[15]  Matthew J. B. Robshaw,et al.  An Active Attack Against HB +-A Provably Secure Lightweight Authentication Protocol , 2022 .

[16]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[17]  Willi Meier,et al.  TCHo: A Hardware-Oriented Trapdoor Cipher , 2007, ACISP.

[18]  Koutarou Suzuki,et al.  RFID Privacy Issues and Technical Challenges , 2005, IEEE Engineering Management Review.

[19]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[20]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[21]  Ivan Damgård,et al.  RFID Security: Tradeoffs between Security and Efficiency , 2008, CT-RSA.

[22]  Michel Barbeau,et al.  Detecting rogue devices in bluetooth networks using radio frequency fingerprinting , 2006, Communications and Computer Networks.

[23]  Jonathan Katzand,et al.  Parallel and Concurrent Security of the HB and HB + Protocols , 2006 .

[24]  Jacques Stern,et al.  On the Fly Authentication and Signature Schemes Based on Groups of Unknown Order , 2006, Journal of Cryptology.

[25]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[26]  Nigel Davies,et al.  UbiComp 2004: Ubiquitous Computing , 2004, Lecture Notes in Computer Science.

[27]  Jonathan Katz,et al.  Parallel and Concurrent Security of the HB and HB+ Protocols , 2006, EUROCRYPT.

[28]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[29]  Gildas Avoine Cryptography in radio frequency identification and fair exchange protocols , 2005 .

[30]  Serge Vaudenay,et al.  When Stream Cipher Analysis Meets Public-Key Cryptography , 2006, Selected Areas in Cryptography.

[31]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[32]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[33]  Matt Brown,et al.  Invited talk , 2007 .

[34]  Salvatore Bocchetti,et al.  Security and Privacy in RFID Protocols , 2006 .

[35]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[36]  Steven Rudich,et al.  The Use of Interaction in Public Cryptosystems (Extended Abstract) , 1991, CRYPTO.

[37]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[38]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[39]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[40]  Serge Vaudenay,et al.  Mutual authentication in RFID: security and privacy , 2008, ASIACCS '08.

[41]  Marc Girault,et al.  Public Key Authentication with One (Online) Single Addition , 2004, CHES.

[42]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[43]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[44]  Mike Burmester,et al.  Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols , 2006, 2006 Securecomm and Workshops.

[45]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[46]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[47]  Sébastien Canard,et al.  Low-Cost Cryptography for Privacy in RFID Systems , 2006, CARDIS.

[48]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, PerCom Workshops.

[49]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[50]  María Bárbara Álvarez Torres,et al.  On the Move to Meaningful Internet Systems 2004: OTM 2004 Workshops , 2004, Lecture Notes in Computer Science.