A cross layer approach to preserve privacy in RFID ISO/IEC 15693 systems

This paper presents an implementation of a cross layer approach to preserve privacy in the “Internet of Things” based on RFID and especially ISO/IEC 15693 standard, preventing from threats like eavesdropping, skimming or tracking of tags. We merge a solution at physical layer with a noisy reader which secures the communication from tag to reader, with a simple challenge-response protocol implemented with a lightweight symmetric block cipher PRESENT requiring only 1570 gates. The use of unique identifier has been safeguarded to ensure backward compatibility and a simple ownership transfer giving back to the user a full control on his tags. Backward and forward privacy are always preserved whereas after sale services and electronic warranties remain possible.

[1]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[2]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[3]  Gerhard P. Hancke,et al.  Eavesdropping Attacks on High-Frequency RFID Tokens , 2008 .

[4]  F. Schoute,et al.  Dynamic Frame Length ALOHA , 1983, IEEE Trans. Commun..

[5]  Jacques Reverdy,et al.  RFID Noisy Reader How to Prevent from Eavesdropping on the Communication? , 2007, CHES.

[6]  Andrew S. Tanenbaum,et al.  Keep on Blockin' in the Free World: Personal Access Control for Low-Cost RFID Tags , 2005, Security Protocols Workshop.

[7]  Tassos Dimitriou,et al.  A secure and efficient RFID protocol that could make big brother (partially) obsolete , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[8]  Jacques Stern,et al.  On the Fly Authentication and Signature Schemes Based on Groups of Unknown Order , 2006, Journal of Cryptology.

[9]  Iwen Coisel Data Synchronization in Privacy-Preserving RFID Authentication Schemes , 2008 .

[10]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[11]  Christof Paar,et al.  New Designs in Lightweight Symmetric Encryption , 2008 .

[12]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[13]  Christof Paar,et al.  A Survey of Lightweight-Cryptography Implementations , 2007, IEEE Design & Test of Computers.

[14]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.