Privacy in RFID systems

Radio-Frequency IDentification (RFID) is the current trend allowing the identification and/or authentication of objects or persons without physical contact. The rise of RFID systems has brought up major concerns on privacy. Indeed nowadays, when such a system is deployed, informed customers yearn for guarantees that their privacy will not be threatened. One formal way to perform this task is to evaluate the privacy level of the RFID system with an adversary model. However, if the chosen model does not reflect the assumptions and requirements of the analyzed system, it may misevaluate its privacy level. Therefore, selecting the most appropriate model among all the existing ones is not an easy task. In parallel, authentication for RFID is a booming research topic, where the challenge is to develop secure protocols using the most lightweight cryptography, yet ensuring privacy. This led to the publication of hundred of RFID authentication protocols during the last decade. This thesis investigates the problems of privacy in RFID systems and the solutions to assess their privacy level. The first step of this research is the thorough analysis of the eight most well-known RFID privacy models, which demonstrates that none of these models is comprehensive enough to compare protocols meaningfully. Subsequently, further investigations on data protection give rise to two new kinds of attack that threaten the privacy-friendliness of RFID protocols, namely time attacks and compromised readers. These results lead to the proposal of a new privacy model that is operational where the previous ones were not. Finally, the thesis addresses the privacy question in broader IT environments, namely ubiquitous computing systems, and lays the foundation stones in the development of a standardized privacy certification that would assess the privacy level of such systems.