A hash-based RFID security protocol for strong privacy protection

RFID (Radio Frequency Identification) tags are small, wireless electronic devices that help identify objects and people. Privacy protection and integrity assurance become rather crucial in the RFID systems, because these RFID tags may have a wide transmission range, making them subject to unauthorized scanning by malicious readers and various other attacks. Hence, Ha et al. proposed an RFID protocol and proved that their protocol can provide the forward privacy service. However, in this paper, it is shown that an attacker can track a target tag by observing unsuccessful previous session of the tag. That is, Ha et al.'s RFID protocol fails to provide the forward privacy protection as claimed. Therefore, to overcome the privacy weaknesses of Ha et al.'s RFID protocol, an RFID protocol based on the cryptographic hash functions is proposed. Moreover, the proposed RFID protocol is evaluated according to both the privacy attribute and the implementation performance.

[1]  Jizhou Sun,et al.  A new design of wearable token system for mobile device security , 2008, IEEE Transactions on Consumer Electronics.

[2]  Jizhou Sun,et al.  An Efficient Modular Exponentiation Algorithm against Simple Power Analysis Attacks , 2007, IEEE Transactions on Consumer Electronics.

[3]  Jonathan Katz,et al.  Parallel and Concurrent Security of the HB and HB+ Protocols , 2006, Journal of Cryptology.

[4]  Henry Holtzman,et al.  OpenTag: Privacy Protection for RFID , 2009, IEEE Pervasive Computing.

[5]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[6]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[7]  Yunlei Zhao,et al.  A New Framework for RFID Privacy , 2010, ESORICS.

[8]  Bruce Schneier,et al.  Side Channel Cryptanalysis of Product Ciphers , 1998, J. Comput. Secur..

[9]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[10]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[11]  Seungjoo Kim,et al.  A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack , 2001, ICISC.

[12]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[13]  Selwyn Piramuthu,et al.  Lightweight Cryptographic Authentication in Passive RFID-Tagged Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[14]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[15]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[16]  Sasa Radomirovic,et al.  On a new formal proof model for RFID location privacy , 2009, Inf. Process. Lett..

[17]  Alfredo De Santis,et al.  On Ultralightweight RFID Authentication Protocols , 2011, IEEE Transactions on Dependable and Secure Computing.

[18]  Robert H. Deng,et al.  RFID privacy: relation between two notions, minimal condition, and efficient construction , 2009, CCS.

[19]  Da-Zhi Sun An error in "On a new formal proof model for RFID location privacy" , 2012, IACR Cryptol. ePrint Arch..

[20]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.