Privacy-aware multi-context RFID infrastructure using public key cryptography

We propose a novel RFID infrastructure design, which foresees the usage of a single RFID tag within different contexts and for multiple purposes. We show that an infrastructure for multi-purpose RFID tags to be used in different contexts can be implemented in a privacy-preserving manner. We address security attacks such as impersonation, tracking, and replay. We also introduce spatio-temporal attacks as an important threat against privacy. We propose a methodology to thwart or alleviate these kinds of attacks. We develop our multi-context RFID infrastructure relying on usage of public key cryptography (PKC), which presents more scalable solutions in the sense that the backend servers can identify the tags 75 times faster than best symmetric cipher based systems when there are a million tags in the system. We demonstrate that the requirements for PKC are comparable to those for other cryptographic implementations based on symmetric ciphers proposed for RFID use

Reducing Time Complexity in RFID Systems

Radio frequency identification systems based on low-cost computing devices is the new plaything that every company would like to adopt. Its goal can be either to improve the productivity or to strengthen the security. Specific identification protocols based on symmetric challenge-response have been developed in order to assure the privacy of the device bearers. Although these protocols fit the devices' constraints, they always suffer from a large time complexity. Existing protocols require O(n) cryptographic operations to identify one device among n. Molnar and Wagner suggested a method to reduce this complexity to O(log n). We show that their technique could degrade the privacy if the attacker has the possibility to tamper with at least one device. Because low-cost devices are not tamper-resistant, such an attack could be feasible. We give a detailed analysis of their protocol and evaluate the threat. Next, we extend an approach based on time-memory trade-offs whose goal is to improve Ohkubo, Suzuki, and Kinoshita's protocol. We show that in practice this approach reaches the same performances as Molnar and Wagner's method, without degrading privacy. Radio frequency identification systems based on low-cost computing devices is the new plaything that every company would like to adopt. Its goal can be either to improve the productivity or to strengthen the security. Specific identification protocols based on symmetric challenge-response have been developed in order to assure the privacy of the device bearers. Although these protocols fit the devices' constraints, they always suffer from a large time complexity. Existing protocols require O(n) cryptographic operations to identify one device among n. Molnar and Wagner suggested a method to reduce this complexity to O(log n). We show that their technique could degrade the privacy if the attacker has the possibility to tamper with at least one device. Because low-cost devices are not tamper-resistant, such an attack could be feasible. We give a detailed analysis of their protocol and evaluate the threat. Next, we extend an approach based on time-memory trade-offs whose goal is to improve Ohkubo, Suzuki, and Kinoshita's protocol. We show that in practice this approach reaches the same performances as Molnar and Wagner's method, without degrading privacy

On the Untraceability of Anonymous RFID Authentication Protocol with Constant Key-Lookup

A*Star SER

Security and Privacy Issues in E-passports

Within the next year, travelers from dozens of nations may be carrying a new form of passport in response to a mandate by the United States government. The e-passport, as it is sometimes called, represents a bold initiative in the deployment of two new technologies: Radio-Frequency Identification (RFID) and biometrics. Important in their own right, e-passports are also the harbinger of a wave of next-generation ID cards: several national governments plan to deploy identity cards integrating RFID and biometrics for domestic use. We explore the privacy and security implications of this impending worldwide experiment in next-generation authentication technology. We describe privacy and security issues that apply to e-passports, then analyze these issues in the context of the International Civil Aviation Organization (ICAO) standard for e-passports

Noisy Tags: A Pretty Good Key Exchange Protocol for RFID Tags

Abstract. We propose a protocol that can be used between an RFID tag and a reader to exchange a secret without performing any expensive computation. Similarly to the famous blocker tag suggested by Juels, Rivest, and Szydlo, our scheme makes use of special tags that we call noisy tags. Noisy tags are owned by the reader’s manager and set out within the reader’s field. They are regular RFID tags that generate noise on the public channel between the reader and the queried tag, such that an eavesdropper cannot differentiate the messages sent by the queried tag from the ones sent by the noisy tag. Consequently, she is unable to identify the secret bits that are sent to the reader. Afterwards, the secret shared by the reader and the tag can be used to launch a secure channel in order to protect communications against eavesdroppers. It can also be used to securely refresh a tag’s identifier by, for example, xoring the new identifier with the exchanged secret key. Refreshing tags ’ identifiers improves privacy since it prevents tracking tags.