Randomizing RFID private authentication

Privacy protection is increasingly important during authentications in Radio Frequency Identification (RFID) systems. In order to achieve high-speed authentication in large-scale RFID systems, researchers propose tree-based approaches, in which any pair of tags share a number of key components. Such designs, being efficient, often fail to achieve forward secrecy and resistance to attacks, such as compromising and desynchronization. Indeed, these attacks may still take effect even after a tag successfully finishes the authentication and key-updating procedure. To address the issue, we propose a lightweight RFID private authentication protocol, RWP, based on the random walk concept. RWP also provides the forward security and temporal resistance to the tracking attack. The analysis results show that RWP effectively enhances the security protection for RFID private authentication, and increases the authentication efficiency from O(logN) to O(1).

[1]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[2]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[3]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[4]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[5]  Vassilis Kostakos,et al.  rfid in pervasive computing: State-of-the-art and outlook , 2009, Pervasive Mob. Comput..

[6]  Yunhao Liu,et al.  Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems , 2007, PerCom.

[7]  Sencun Zhu,et al.  Towards Statistically Strong Source Anonymity for Sensor Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[8]  Sencun Zhu,et al.  Towards Statistically Strong Source Anonymity for Sensor Networks , 2008, INFOCOM.

[9]  Jie Wu,et al.  An Information Model for Geographic Greedy Forwarding in Wireless Ad-Hoc Sensor Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[10]  Franco Zambonelli,et al.  Pervasive pheromone-based interaction with RFID tags , 2007, TAAS.

[11]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[12]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[13]  Lei Hu,et al.  Storage-Awareness: RFID Private Authentication based on Sparse Tree , 2007, Third International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU 2007).

[14]  Gildas Avoine Cryptography in radio frequency identification and fair exchange protocols , 2005 .

[15]  Marcel-Catalin Rosu,et al.  Securing Pocket Hard Drives , 2007, IEEE Pervasive Computing.

[16]  David A. Wagner,et al.  A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags , 2005, IACR Cryptol. ePrint Arch..

[17]  Paul Müller,et al.  Providing Security and Privacy in RFID Systems Using Triggered Hash Chains , 2008, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom).

[18]  Robin Kravets,et al.  Cluster-Based Forwarding for Reliable End-to-End Delivery in Wireless Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[19]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[20]  Weijia Jia,et al.  Network Decoupling: A Methodology for Secure Communications in Wireless Sensor Networks , 2007, IEEE Transactions on Parallel and Distributed Systems.

[21]  Úlfar Erlingsson,et al.  A cool and practical alternative to traditional hash tables , 2006 .

[22]  Philip Robinson,et al.  Trust Context Spaces: An Infrastructure for Pervasive Security in Context-Aware Environments , 2003, SPC.

[23]  Bo Sheng,et al.  Secure and Serverless RFID Authentication and Search Protocols , 2008, IEEE Transactions on Wireless Communications.

[24]  Mikko Lehtonen,et al.  From Identification to Authentication – A Review of RFID Product Authentication Techniques , 2008 .

[25]  Sajal K. Das,et al.  An ubiquitous architectural framework and protocol for object tracking using RFID tags , 2004, The First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, 2004. MOBIQUITOUS 2004..

[26]  Bo Sheng,et al.  Severless Search and Authentication Protocols for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07).

[27]  Tieyan Li,et al.  Randomized Bit Encoding for Stronger Backward Channel Protection in RFID Systems , 2008, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom).

[28]  Lei Hu,et al.  Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07).

[29]  Tassos Dimitriou,et al.  A secure and efficient RFID protocol that could make big brother (partially) obsolete , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[30]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.