RFID security and privacy: a research survey

This paper surveys recent technical research on the problems of privacy and security for radio frequency identification (RFID). RFID tags are small, wireless devices that help identify objects and people. Thanks to dropping cost, they are likely to proliferate into the billions in the next several years-and eventually into the trillions. RFID tags track objects in supply chains, and are working their way into the pockets, belongings, and even the bodies of consumers. This survey examines approaches proposed by scientists for privacy protection and integrity assurance in RFID systems, and treats the social and technical context of their work. While geared toward the nonspecialist, the survey may also serve as a reference for specialist readers.

[1]  Marc Langheinrich,et al.  Scanning with a Purpose - Supporting the Fair Information Principles in RFID Protocols , 2004, UCS.

[2]  Kazuo Takaragi,et al.  An Ultra Small Individual Recognition Security Chip , 2001, IEEE Micro.

[3]  Laura Quilter,et al.  Radio Frequency Identification and Privacy with Information Goods , 2004 .

[4]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[5]  Avishai Wool,et al.  Picking Virtual Pockets using Relay Attacks on Contactless Smartcard , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[6]  István Vajda,et al.  Lightweight Authentication Protocols for Low-Cost RFID Tags , 2003 .

[7]  A. Juels,et al.  Universal Re-encryption for Mixnets , 2004, CT-RSA.

[8]  Andrew S. Tanenbaum,et al.  Keep on Blockin' in the Free World: Personal Access Control for Low-Cost RFID Tags , 2005, Security Protocols Workshop.

[9]  Min Wang,et al.  A Flexible, Low-Overhead Ubiquitous System for Medication Monitoring , 2003 .

[10]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[11]  Daniel W. Engels,et al.  RFID Systems and Security and Privacy Implications , 2002, CHES.

[12]  Stephen A. Weis Security parallels between people and pervasive devices , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[13]  Ari Juels,et al.  Soft blocking: flexible blocker tags on the cheap , 2004, WPES '04.

[14]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[15]  Mary Lou Ingeholm,et al.  RFID in healthcare. , 2006, Journal of AHIMA.

[16]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[17]  Sozo Inoue,et al.  RFID Privacy Using User-Controllable Uniqueness , 2003 .

[18]  David A. Wagner,et al.  Security and Privacy Issues in E-passports , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[19]  Abigail Sellen,et al.  Security and Trust in Mobile Interactions: A Study of Users' Perceptions and Reasoning , 2004, UbiComp.

[20]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[21]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[22]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[23]  Gerhard P. Hancke,et al.  A Practical Relay Attack on ISO 14443 Proximity Cards , 2005 .

[24]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[25]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[26]  Frédéric Thiesse,et al.  Extending the EPC network: the potential of RFID in anti-counterfeiting , 2005, SAC '05.

[27]  David A. Wagner,et al.  Privacy for RFID through trusted computing , 2005, WPES '05.

[28]  David A. Wagner,et al.  A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags , 2005, IACR Cryptol. ePrint Arch..

[29]  Markus Jakobsson,et al.  Security Weaknesses in Bluetooth , 2001, CT-RSA.

[30]  Ari Juels Strengthening EPC tags against cloning , 2005, WiSe '05.

[31]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[32]  Matthew Green,et al.  Security Analysis of a Cryptographically-Enabled RFID Device , 2005, USENIX Security Symposium.

[33]  Tinker Ready,et al.  The color of money. , 2003, Nature medicine.

[34]  Ari Juels,et al.  "Yoking-proofs" for RFID tags , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[35]  Sarah Spiekermann,et al.  Perceived Control : Scales for Privacy in Ubiquitous Computing , 2005 .

[36]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[37]  Ross Stapleton-Gray Would Macy's Scan Gimbels? Competitive Intelligence and RFID , 2003 .

[38]  Philippe Oechslin,et al.  A scalable and provably secure hash-based RFID protocol , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[39]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[40]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[41]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[42]  Gildas Avoine,et al.  Privacy Issues in RFID Banknote Protection Schemes , 2004, CARDIS.

[43]  G G Moseley STRAIGHT FROM THE SHOULDER. , 1919, California state journal of medicine.

[44]  Simson L. Garfinkel,et al.  RFID: Applications, Security, and Privacy , 2005 .

[45]  Bing Jiang,et al.  I Sense a Disturbance in the Force: Unobtrusive Detection of Interactions with RFID-tagged Objects , 2004, UbiComp.

[46]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[47]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[48]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[49]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[50]  Matthew J. B. Robshaw,et al.  An Active Attack Against HB +-A Provably Secure Lightweight Authentication Protocol , 2022 .

[51]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[52]  Paul F. Syverson,et al.  High-Power Proxies for Enhancing RFID Privacy and Utility , 2005, Privacy Enhancing Technologies.

[53]  Gildas Avoine Adversarial Model for Radio Frequency Identification , 2005, IACR Cryptol. ePrint Arch..

[54]  Bing Jiang,et al.  Some Methods for Privacy in RFID Communication , 2004, ESAS.

[55]  Jan Camenisch,et al.  Untraceable RFID tags via insubvertible encryption , 2005, CCS '05.

[56]  Laura Quilter,et al.  Radio frequency Id and privacy with information goods , 2004, WPES '04.

[57]  Günter Karjoth,et al.  Disabling RFID tags with visible confirmation: clipped tags are silenced , 2005, WPES '05.

[58]  Ari Juels,et al.  Squealing Euros: Privacy Protection in RFID-Enabled Banknotes , 2003, Financial Cryptography.

[59]  Simson L. Garfinkel,et al.  RFID privacy: an overview of problems and proposed solutions , 2005, IEEE Security & Privacy Magazine.