Scalable RFID Pseudonym Protocol

In this paper we address the issue of scalability in RFID pseudonym protocols. Many previously proposed protocols suffer from scalability issues because they require a linear search to identify or authenticate a tag. Some RFID protocols, however, only require constant time for tag identification, but, unfortunately, all previously proposed schemes of this type have serious shortcomings. We propose a novel RFID authentication protocol based on the Song-Mitchell protocol, that takes O(1) work to authenticate a tag, and meets the privacy, security and performance requirements identified here. The proposed scheme also supports tag delegation and ownership transfer in an efficient way.

[1]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[2]  Boyeon Song Server Impersonation Attacks on RFID Protocols , 2008, 2008 The Second International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies.

[3]  Stephen A. Weis Security and Privacy in Radio-Frequency Identification Devices , 2003 .

[4]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[5]  Ted Taekyoung Kwon,et al.  Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer , 2006, ICICS.

[6]  Sepideh Fouladgar An Efficient Delegation and Transfer of Ownership Protocol for RFID tags , 2007 .

[7]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[8]  Hossam Afifi,et al.  A Simple Privacy Protecting Scheme Enabling Delegation and Ownership Transfer for RFID Tags , 2007, J. Commun..

[9]  Gene Tsudik A Family of Dunces: Trivial RFID Identification and Authentication Protocols , 2007, Privacy Enhancing Technologies.

[10]  David A. Wagner,et al.  A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags , 2005, IACR Cryptol. ePrint Arch..

[11]  Andre B. Bondi,et al.  Characteristics of scalability and their impact on performance , 2000, WOSP '00.

[12]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[13]  Adi Shamir SQUASH - A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags , 2008, FSE.

[14]  Tsuyoshi Takagi,et al.  An Efficient and Secure RFID Security Method with Ownership Transfer , 2006, 2006 International Conference on Computational Intelligence and Security.

[15]  Kwangjo Kim,et al.  RFID mutual Authentication Scheme based on Synchronized Secret Information , 2006 .

[16]  Sasa Radomirovic,et al.  Attacks on RFID Protocols , 2008, IACR Cryptol. ePrint Arch..

[17]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[18]  Kwangjo Kim,et al.  Enhancing Security of EPCGlobal Gen-2 RFID against Traceability and Cloning , 2006 .

[19]  Gildas Avoine Cryptography in radio frequency identification and fair exchange protocols , 2005 .

[20]  Chris J. Mitchell,et al.  RFID authentication protocol for low-cost tags , 2008, WiSec '08.

[21]  Gene Tsudik,et al.  YA-TRAP: yet another trivial RFID authentication protocol , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[22]  Raphael C.-W. Phan,et al.  Traceable Privacy of Recent Provably-Secure RFID Protocols , 2008, ACNS.

[23]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[24]  Robert H. Deng,et al.  Attacks and improvements to an RIFD mutual authentication protocol and its extensions , 2009, WiSec '09.

[25]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[26]  Mike Burmester,et al.  Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries , 2008, Int. J. Appl. Cryptogr..