A mobile RFID system is a radio frequency identification technology that allows users to read the information on its tags. Systems that allow free reading of tags with mobile RFID reader devices represent a significant risk to individual privacy because unauthorized individuals may easily obtain personal information from the tags. In addition, the fixed ID values on tags can be used to track users in network segments. Although various solutions have previously been proposed to resolve this RFID privacy problem, most require numerous calculations to be performed on the tags. Therefore, these techniques require active tags with high-capacity embedded processors, which are expensive. In addition, it is not practical to apply these techniques to a mobile RFID system based on passive tags attached to devices because of not only the high price but also the bulkiness of the tags themselves. In this paper, we propose an efficient protocol for authentication, which allows transferring of the heavy calculations to the mobile reader devices, thus requiring only the resulting values to be stored on the tags. This study mainly focuses on improving the limitations of existing RFID authentication protocols, which usually assume active tags. The proposed protocol achieves the same security level and performance that can be obtained through active tags. To evaluate the performance of the proposed protocol, we implemented it using EPC Gen-2 tags, a smartphone, a UHF RF dongle, and a database. The proposed protocol meets various security requirements such as tag protection and location- and traffic-tracking prevention. The proposed protocol also meets other requirements such as lightweightness and the desired level of performance.
[1]
Ronald L. Rivest,et al.
Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems
,
2003,
SPC.
[2]
Ronald L. Rivest,et al.
The blocker tag: selective blocking of RFID tags for consumer privacy
,
2003,
CCS '03.
[3]
David A. Wagner,et al.
Privacy and security in library RFID: issues, practices, and architectures
,
2004,
CCS '04.
[4]
Simson L. Garfinkel,et al.
RFID privacy: an overview of problems and proposed solutions
,
2005,
IEEE Security & Privacy Magazine.
[5]
Chris J. Mitchell,et al.
RFID authentication protocol for low-cost tags
,
2008,
WiSec '08.
[6]
Ari Juels,et al.
Squealing Euros: Privacy Protection in RFID-Enabled Banknotes
,
2003,
Financial Cryptography.
[7]
Ari Juels,et al.
Minimalist Cryptography for Low-Cost RFID Tags
,
2004,
SCN.
[8]
Paul Müller,et al.
Providing Security and Privacy in RFID Systems Using Triggered Hash Chains
,
2008,
2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom).