Untraceable RFID tags via insubvertible encryption

We introduce a new cryptographic primitive, called insubvertible encryption, that produces ciphertexts which can be randomized without the need of any key material. Unlike plain universal re-encryption schemes, insubvertible encryption prevents against adversarial exploitation of hidden channels, by including certificates proving that the ciphertext can only be decrypted by authorized parties.The scheme can be applied to RFID tags, providing strong protection against tracing. This enables post-sale applications of manufacturer-issued RFID tags while preserving the privacy of consumers. The functionality required of the RFID tags is minimal, namely that they be re-writable (many-writable). No cryptographic capabilities are required of the tags themselves, as the readers perform all necessary computations.

[1]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[2]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[3]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[4]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[5]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[6]  A. Juels,et al.  Universal Re-encryption for Mixnets , 2004, CT-RSA.

[7]  Frederik Vercauteren,et al.  A comparison of MNT curves and supersingular curves , 2006, Applicable Algebra in Engineering, Communication and Computing.

[8]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[9]  Mike Scott,et al.  Authenticated ID-based Key Exchange and remote log-in with simple token and PIN number , 2002, IACR Cryptol. ePrint Arch..

[10]  Gildas Avoine,et al.  Privacy Issues in RFID Banknote Protection Schemes , 2004, CARDIS.

[11]  Ari Juels,et al.  Squealing Euros: Privacy Protection in RFID-Enabled Banknotes , 2003, Financial Cryptography.

[12]  A. Miyaji,et al.  New Explicit Conditions of Elliptic Curve Traces for FR-Reduction , 2001 .

[13]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[14]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2004, Journal of Cryptology.

[15]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[16]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[17]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[18]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[19]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[20]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[21]  Birgit Pfitzmann,et al.  Composition and integrity preservation of secure reactive systems , 2000, CCS.

[22]  Steven D. Galbraith,et al.  Easy decision-Diffie-Hellman groups , 2004, IACR Cryptol. ePrint Arch..

[23]  V. Nechaev Complexity of a determinate algorithm for the discrete logarithm , 1994 .

[24]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[25]  Paulo S. L. M. Barreto,et al.  Constructing Elliptic Curves with Prescribed Embedding Degrees , 2002, SCN.

[26]  Sarah Spiekermann,et al.  Maintaining Privacy in Rfid Enabled Environments - Proposal for a Disable-Model , 2005 .

[27]  Jaecheol Ryou,et al.  Enhancing Privacy of Universal Re-encryption Scheme for RFID Tags , 2004, EUC.

[28]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[29]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.