An efficient and private RFID authentication protocol supporting ownership transfer

Radio Frequency IDentification (RFID) systems are getting pervasively deployed in many daily life applications. But this increased usage of RFID systems brings some serious problems together, security and privacy. In some applications, ownership transfer of RFID labels is sine qua non need. Specifically, the owner of RFID tag might be required to change several times during its lifetime. Besides, after ownership transfer, the authentication protocol should also prevent the old owner to trace the tags and disallow the new owner to trace old transactions of the tags. On the other hand, while achieving privacy and security concerns, the computation complexity should be considered. In order to resolve these issues, numerous authentication protocols have been proposed in the literature. Many of them failed and their computation load on the server side is very high. Motivated by this need, we propose an RFID mutual authentication protocol to provide ownership transfer. In our protocol, the server needs only a constant-time complexity for identification when the tag and server are synchronized. In case of ownership transfer, our protocol preserves both old and new owners’ privacy. Our protocol is backward untraceable against a strong adversary who compromise tag, and also forward untraceable under an assumption

A Study on the Ethical Implementation of Radio Frequncy Identification Technology in Retail

Long checkout lines at the grocery store can be very frustrating. Thanks to point-of-sale technology though, those lines aren\u27t nearly as long as they could be. Point-of-sale technologies have been developed and implemented worldwide to help reduce the amount of time it takes a consumer to pay for products at the cash register. These technologies have also aided retailers and manufacturers in achieving higher levels of efficiency. Bar codes, for example, were first developed to decrease the amount of time required to purchase an item, improve the tracking of inventory, accelerate the acquisition of important statistical data, and facilitate market research. Now, retail store owners have their eyes on a more modem and advanced point-of-sale technology- radio frequency identification (RFID). Unlike manually scanning a bar code, this recently developed point-of-sale technology uses a tiny chip to wirelessly transmit data to a reader computer. RFID promises greater efficiency in retail than the bar code with respect to purchase time, inventory tracking capability, collection of important statistical data, and valuable market research. All of this could add up to greater profits for retail businesses, cheaper prices for consumers, and less time spent standing in line at the checkout. Although these promises sound beneficial, the use of RFID technology might also create privacy concerns for consumers. Many American consumers are not aware of the vast amount of personal data businesses gather on their customers, or what exactly they do with it. RFID technology will increase the retailer\u27s ability to gather and store personal information on consumers. This raises the possibility for invasion of consumer privacy Therefore, this research paper was initiated to answer the question of whether or not radio frequency identification technology has the potential to invade consumer privacy rights. The aim of this research was to study how to ethically implement RFID technology into retail in a way that protects consumers against the invasion of their privacy. It first looked at Universal Product Code technology in the development of today\u27s bar codes. Then, it defined radio frequency identification technology. It discussed the importance of carefully examining this, as well as any, new technology and centered on the controversy that surrounds RFID. It examined privacy and security concerns for the retail consumer and explored the value of a consumer\u27s personal information. It also focused on the debate over restrictions, current laws on consumer privacy, and proposed legislation on RFID technology. From this study, the researcher deduced that RFID technology had the potential to invade consumer privacy rights. It was also found that a consumer\u27s personal, identifiable information was protected under the Constitution as private property. It was concluded that a set of protective guidelines was necessary for the security of a consumer\u27s personal, identifiable information. Therefore, a proposed plan for ethically implementing radio frequency identification technology into a retail business was created. This plan included a Consumer Bill of Rights for Radio Frequency Identification Tagging, Technology Awareness Policy, and Point-of-Sale Protection Progra

Where Will Consumers Find Privacy Protection From RFIDs?: A Case for Federal Legislation

With the birth of RFID technology, businesses gained the ability to tag products with practically invisible computer chips that relay information about consumer behavior to remote databases. Such tagging permits retailers and manufacturers to track the purchases, identities, and movements of their customers. In the absence of enforceable regulations, society risks being subjected to an unprecedented level of Orwellian surveillance. This iBrief addresses consumer privacy concerns stemming from the proliferation of RFID technology. It discusses why tort law, state legislation, FTC guidelines, and proposed regulations are insufficient methods to alleviate consumer privacy concerns and suggests amending various federal privacy laws, thereby prohibiting the underlying RFID tracking behavior

A secure and private RFID authentication protocol based on quadratic residue

Radio Frequency IDentification based systems are getting pervasively deployed in many real-life applications in various settings for identification and authentication of remote objects. However, the messages that are transmitted over a insecure channel, are vulnerable to security and privacy concerns such as data privacy, location privacy of tag owner and etc. Recently, Yeh et al.'s proposed a RFID authentication protocol based on quadratic residue which is claimed to provide location privacy and prevent possible attacks. In this paper, we formally analyzed the protocol and we proved that the protocol provides destructive privacy according to Vaudenay privacy model. Moreover, we proposed a unilateral authentication protocol and we prove that our protocol satisfies higher privacy level such as narrow strong privacy. Besides, we proposed an enhanced version of our proposed protocol, which has same privacy level as Yeh at al protocol, but has reader authentication against stronger adversaries. Furthermore, the enhanced version of our protocol uses smaller number of cryptographic operations when compared to Yeh at al protocol and it is also cost efficient at the server and tag side and requires O(1) complexity to identify a RFID tag