Time Measurement Threatens Privacy-Friendly RFID Authentication Protocols

Privacy is one of the most important security concerns in radio frequency identification. The publication of hundred RFID-based authentication protocols during the last decade raised the need of designing a dedicated privacy model. An important step has been done with the model of Vaudenay that combines early models into a unified and powerful one. In particular, this model addresses the case where an adversary is able to know whether or not the protocol execution succeeded. This modelizes the fact that the adversary may get information from a side channel about the termination of the protocol, e.g., she notices that the access is granted to the RFID-tag holder. We go one step forward in this paper and stress that the adversary may also have access to a side channel that leaks the computational time of the reader. This modelizes an adversary who measures how long it takes to grant the access. Although this channel could be seen as an implementation flaw, we consider that it is always risky to require the implementation to solve what the design should deal with. This new channel enables to demonstrate that many key-reference protocols are not as privacy-friendly as they claim to be, e.g., WSRE, OSK, C2, O-FRAP, O-FRAKE,... We then introduce the TIMEFUL oracle in the model of Vaudenay, which allows to analyze the resistance of the protocols to time-based attacks as soon as the design phase. Finally, we suggest some methods that make RFID-based authentication protocols immune to such attacks.

[1]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[2]  Mike Burmester,et al.  Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols , 2006, 2006 Securecomm and Workshops.

[3]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[4]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[5]  Philippe Oechslin,et al.  A scalable and provably secure hash-based RFID protocol , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[6]  Iwen Coisel Data Synchronization in Privacy-Preserving RFID Authentication Schemes , 2008 .

[7]  Basel Alomair,et al.  Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification , 2010, IEEE Transactions on Parallel and Distributed Systems.

[8]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[9]  Sébastien Canard,et al.  Lighten Encryption Schemes for Secure and Private RFID Systems , 2010, Financial Cryptography Workshops.

[10]  Kaoru Kurosawa,et al.  Advances in Cryptology - ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2-6, 2007, Proceedings , 2007, International Conference on the Theory and Application of Cryptology and Information Security.

[11]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[12]  Sjouke Mauw,et al.  Untraceability of RFID Protocols , 2008, WISTP.

[13]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[14]  Martin Feldhofer,et al.  A low-resource public-key identification scheme for RFID tags and sensor nodes , 2009, WiSec '09.

[15]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[16]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[17]  Jiang Wu,et al.  How to improve security and reduce hardware demands of the WIPR RFID protocol , 2009, 2009 IEEE International Conference on RFID.

[18]  Martin Feldhofer,et al.  WIPR Public Key Identi cation on Two Grains of Sand , 2008 .

[19]  Mike Burmester,et al.  Robust, anonymous RFID authentication with constant key-lookup , 2008, ASIACCS '08.

[20]  Kate O'Rourke Animal tracking. , 2003, Journal of the American Veterinary Medical Association.

[21]  Mike Burmester,et al.  Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries , 2008, Int. J. Appl. Cryptogr..

[22]  Frank Stajano Security in Pervasive Computing , 2003, SPC.

[23]  Patel,et al.  Information Security: Theory and Practice , 2008 .

[24]  Julien Bringer,et al.  Efficient zero-knowledge identification schemes which respect privacy , 2009, ASIACCS '09.

[25]  Iwen Coisel Authentification et Anonymat à Bas-coût : Modélisations et Protocoles , 2009 .

[26]  Seung-Ho Shin,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2007, J. Inform. and Commun. Convergence Engineering.

[27]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[28]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[29]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[30]  Philippe Oechslin,et al.  Making a Faster Cryptanalytic Time-Memory Trade-Off , 2003, CRYPTO.