A Scalable and Untraceable Authentication Protocol for RFID

RFID (Radio Frequency Identification) is recently becoming popular, promising and widespread. In contrast, RFID tags can bring about traceability that causes user privacy and reduces scalability of RFID. Guaranteeing untraceability and scalability at the same time is so critical in order to deploy RFID widely since user privacy should be guaranteed. A large number of RFID protocols were designed in the open literature, but any known protocols do not satisfy untraceability and scalability at the same time to the best of our knowledge. In this paper, we suggest a RFID authentication protocol that guarantees untraceability and scalability together; needless to say preventing several known attacks: replay, spoofing, desyncronization, and cloning by eavesdropping. Our protocol supports ownership transfer and considers multi-tag-reader environment; a reader receives messages from the tags what a reader wants in our protocol. In addition, we address the reason why the item privacy is important, and a way to keep it securely.

[1]  Gene Tsudik,et al.  YA-TRAP: yet another trivial RFID authentication protocol , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[2]  Simson L. Garfinkel,et al.  RFID privacy: an overview of problems and proposed solutions , 2005, IEEE Security & Privacy Magazine.

[3]  Lejla Batina,et al.  RFID-Tags for Anti-counterfeiting , 2006, CT-RSA.

[4]  Dongho Won,et al.  Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment , 2005, SPC.

[5]  Dong Hoon Lee,et al.  Efficient Authentication for Low-Cost RFID Systems , 2005, ICCSA.

[6]  Philippe Oechslin,et al.  A scalable and provably secure hash-based RFID protocol , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[7]  Frank Stajano Security in Pervasive Computing , 2003, SPC.

[8]  Patrick Chi-leung Hui,et al.  Cryptography and authentication on RFID passive tags for apparel products , 2006, Comput. Ind..

[9]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[10]  David A. Wagner,et al.  A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags , 2005, IACR Cryptol. ePrint Arch..

[11]  David Pointcheval Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings , 2006, CT-RSA.

[12]  David Taniar,et al.  Computational Science and Its Applications - ICCSA 2005, International Conference, Singapore, May 9-12, 2005, Proceedings, Part I , 2005, ICCSA.

[13]  Kwangjo Kim,et al.  Mutual Authentication Protocol for Low-cost RFID , 2005, CRYPTO 2005.

[14]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[15]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[16]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[17]  A. Juels,et al.  Universal Re-encryption for Mixnets , 2004, CT-RSA.

[18]  S.A. Weis RFID privacy workshop , 2004, IEEE Security & Privacy Magazine.

[19]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[20]  Tatsuaki Okamoto Topics in Cryptology – CT-RSA 2004 , 2004, Lecture Notes in Computer Science.

[21]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .