Are RNGs Achilles’ Heel of RFID Security and Privacy Protocols?

Security and privacy concerns have been growing with the increased utilisation of RFID technology in our daily lives. To mitigate these issues, numerous privacy-friendly authentication protocols have been published in the last decade. Random number generators (RNGs) are necessarily used in RFID tags to provide security and privacy. However, low-end RNGs can be the weakest point in a protocol scheme and using them might undesirably cause severe security and privacy problems. On the other hand, having a secure RNG with large entropy might be a trade-off between security and cost for low-cost RFID tags. Furthermore, RNGs used in low-cost RFID tags might not work properly in time. Therefore, we claim that the vulnerability of using an RNG deeply influences the security and privacy level of the RFID system. To the best of our knowledge, this concern has not been considered in the RFID literature. Motivated by this need, in this study, we first revisit Vaudenay’s privacy model which combines the early models and presents a new mature privacy model with different adversary classes. Then, we extend the model by introducing RANDOMEYE privacy, which allows analyzing the security of RNGs in RFID protocols. We further apply our extended model to two existing RFID schemes.

[1]  M. Ufuk Çaglayan,et al.  Extending an RFID Security and Privacy Model by Considering Forward Untraceability , 2010, STM.

[2]  Tieyan Li,et al.  Providing Stronger Authentication at a Low Cost to RFID Tags Operating under the EPCglobal Framework , 2008, 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[3]  Werner Schindler,et al.  Evaluation Criteria for True (Physical) Random Number Generators Used in Cryptographic Applications , 2002, CHES.

[4]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[5]  JaeCheol Ha,et al.  A New Formal Proof Model for RFID Location Privacy , 2008, ESORICS.

[6]  Albert Levi,et al.  DKEM: Secure and efficient Distributed Key Establishment Protocol for Wireless Mesh Networks , 2017, Ad Hoc Networks.

[7]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, PerCom Workshops.

[8]  Fayez W. Zaki,et al.  Energy efficiency of virtual multi-input, multi-output based on sensor selection in wireless sensor networks , 2015, Wirel. Commun. Mob. Comput..

[9]  Gildas Avoine Radio Frequency Identification: Adversary Model and Attacks on Existing Protocols , 2005 .

[10]  Bart Preneel,et al.  Proper RFID Privacy: Model and Protocols , 2014, IEEE Transactions on Mobile Computing.

[11]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[12]  Gildas Avoine Cryptography in radio frequency identification and fair exchange protocols , 2005 .

[13]  T. Sejnowski,et al.  RFID authentication protocol for low-cost tags , 2001 .

[14]  Bill N. Schilit,et al.  Enabling the Internet of Things , 2015, Computer.

[15]  Joaquín García,et al.  A Practical Implementation Attack on Weak Pseudorandom Number Generator Designs for EPC Gen2 Tags , 2011, Wirel. Pers. Commun..

[17]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[18]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[19]  M. Ufuk Çaglayan,et al.  Providing destructive privacy and scalability in RFID systems using PUFs , 2015, Ad Hoc Networks.

[20]  K. Lauter,et al.  The advantages of elliptic curve cryptography for wireless security , 2004, IEEE Wireless Communications.

[21]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[22]  Albert Levi,et al.  K-strong Privacy for Radio Frequency Identification Authentication Protocols Based on Physically Unclonable Functions , 2015, Wirel. Commun. Mob. Comput..

[23]  Bruno Robisson,et al.  Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number Generator , 2012, COSADE.

[24]  Ronen Shaltiel,et al.  True Random Number Generators Secure in a Changing Environment , 2003, CHES.

[25]  Albert Levi,et al.  A New Security and Privacy Framework for RFID in Cloud Computing , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[26]  Jorge Munilla,et al.  EPCGen2 Pseudorandom Number Generators: Analysis of J3Gen , 2013, IACR Cryptol. ePrint Arch..

[27]  Frederik Armknecht,et al.  Lightweight Authentication Protocols on Ultra-Constrained RFIDs - Myths and Facts , 2014, RFIDSec.

[28]  Behzad Abdolmaleki,et al.  Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags , 2014 .

[29]  Sasa Radomirovic,et al.  Insider Attacks and Privacy of RFID Protocols , 2011, EuroPKI.

[30]  Zeeshan Bilal,et al.  Addressing security and privacy issues in low-cost RFID systems , 2015 .

[31]  Keith M. Martin,et al.  Multiple Attacks on Authentication Protocols for Low-Cost RFID Tags , 2015 .

[32]  Robert H. Deng,et al.  Revisiting Unpredictability-Based RFID Privacy Models , 2010, ACNS.

[33]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[34]  M. Ufuk Çaglayan,et al.  Towards Scalable Identification in RFID Systems , 2016, Wirel. Pers. Commun..

[35]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[36]  Nils Ole Tippenhauer,et al.  HAMIDS: Hierarchical Monitoring Intrusion Detection System for Industrial Control Systems , 2016, CPS-SPC '16.

[37]  Juan E. Tapiador,et al.  LAMED - A PRNG for EPC Class-1 Generation-2 RFID specification , 2009, Comput. Stand. Interfaces.

[38]  Gildas Avoine,et al.  Privacy-Friendly Authentication in RFID Systems: On Sublinear Protocols Based on Symmetric-Key Cryptography , 2013, IEEE Transactions on Mobile Computing.

[39]  Bart Jacobs,et al.  Dismantling MIFARE Classic , 2008, ESORICS.

[40]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[41]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[42]  Juan E. Tapiador,et al.  Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol , 2009, WISA.

[43]  Yih-Chun Hu,et al.  A survey of secure wireless ad hoc routing , 2004, IEEE Security & Privacy Magazine.

[44]  Joaquín García,et al.  Remarks on Peinado et al.'s Analysis of J3Gen , 2015, Sensors.

[45]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[46]  Junyu Wang,et al.  A Random Number Generator for Application in RFID Tags , 2008 .

[47]  Jordi Herrera-Joancomartí,et al.  J3Gen: A PRNG for Low-Cost Passive RFID , 2013, Sensors.

[48]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[49]  Ted Taekyoung Kwon,et al.  Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer , 2006, ICICS.

[50]  Daniel W. Engels,et al.  RFID Systems and Security and Privacy Implications , 2002, CHES.

[51]  Gildas Avoine,et al.  Deploying OSK on Low-Resource Mobile Devices , 2013, RFIDSec.

[52]  Gildas Avoine,et al.  Time Measurement Threatens Privacy-Friendly RFID Authentication Protocols , 2010, RFIDSec.