A Simple Privacy Protecting Scheme Enabling Delegation and Ownership Transfer for RFID Tags

RFID (Radio frequency identification) technology raises many privacy concerns among which the potential tracking of an RFID tag bearer and the eventuality of an illegitimate reading device (reader) collecting information about him. To solve these issues, many RFID privacy protecting protocols assume that readers have continuous connectivity with a centralised on-line database in charge of the identification of a certain amount of tags. However such centralised models can raise scalability and latency problems. Moreover, they are not suitable in applications where connectivity is intermittent. As RFID tags may often change hands, it is also necessary to guarantee the privacy of a new tag owner. In this paper, we introduce a privacy protecting scheme based on pseudonyms that allows an online database to delegate temporarily and in a secure manner the capability to identify tags to selected readers. A reader which receives delegation for a given tag can identify this tag without referring to the on-line database, thus solving possible intermittent connectivity issues and making tag identification more scalable. Our protocol also manages tags ownership transfer without threatening the new owner’s privacy.

[1]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[2]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[3]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[4]  M. Aigner Secure Symmetric Authentication for RFID Tags , 2005 .

[5]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[6]  Ted Taekyoung Kwon,et al.  Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer , 2006, ICICS.

[7]  Melanie R. Rieback,et al.  Security and Privacy of Radio Frequency Identification , 2008 .

[8]  Simson L. Garfinkel,et al.  RFID privacy: an overview of problems and proposed solutions , 2005, IEEE Security & Privacy Magazine.

[9]  Stephen A. Weis Security and Privacy in Radio-Frequency Identification Devices , 2003 .

[10]  Vincent Rijmen,et al.  AES implementation on a grain of sand , 2005 .

[11]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[12]  Berk Sunar,et al.  Energy Comparison of AES and SHA-1 for Ubiquitous Computing , 2006, EUC Workshops.

[13]  Kaan Yuksel,et al.  Universal Hashing for Ultra-Low-Power Cryptographic Hardware Applications , 2004 .

[14]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[15]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[16]  Gene Tsudik,et al.  YA-TRAP: yet another trivial RFID authentication protocol , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[17]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[18]  Tsuyoshi Takagi,et al.  An Efficient and Secure RFID Security Method with Ownership Transfer , 2006, 2006 International Conference on Computational Intelligence and Security.

[19]  David A. Wagner,et al.  A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags , 2005, IACR Cryptol. ePrint Arch..