The Community for Technology Leaders
RSS Icon
Issue No.08 - Aug. (2012 vol.23)
pp: 1536-1550
Andrew Clark , University of Washington, Seattle
Jorge Cuellar , Corporate Research and Technologies, CT T DE IT1, CERT, Munich
Basel Alomair , King Abdulaziz City for Science and Technology (KACST), Riyadh
In RFID literature, most “privacy-preserving” protocols require the reader to search all tags in the system in order to identify a single tag. In another class of protocols, the search complexity is reduced to be logarithmic in the number of tags, but it comes with two major drawbacks: it requires a large communication overhead over the fragile wireless channel, and the compromise of a tag in the system reveals secret information about other, uncompromised, tags in the same system. In this work, we take a different approach to address time complexity of private identification in large-scale RFID systems. We utilize the special architecture of RFID systems to propose a symmetric-key privacy-preserving authentication protocol for RFID systems with constant-time identification. Instead of increasing communication overhead, the existence of a large storage device in RFID systems, the database, is utilized for improving the time efficiency of tag identification.
RFID, privacy, authentication, identification, scalability.
Andrew Clark, Jorge Cuellar, Basel Alomair, "Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification", IEEE Transactions on Parallel & Distributed Systems, vol.23, no. 8, pp. 1536-1550, Aug. 2012, doi:10.1109/TPDS.2011.290
[1] B. Alomair, A. Clark, J. Cuellar, and R. Poovendran, "Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification," Proc. 40th Ann. IEEE/IFIP Int'l Conf. Dependable Systems and Networks (DSN '10), pp. 1-10, 2010.
[2] S. Garfinkel, A. Juels, and R. Pappu, "RFID Privacy: An Overview of Problems and Proposed Solutions," IEEE Security & Privacy Magazine, vol. 3, no. 3, pp. 34-43, May/June 2005.
[3] B. Preneel, "Using Cryptography Well," Printed Handout,, 2010.
[4] M. Ohkubo, K. Suzuki, and S. Kinoshita, "Cryptographic Approach to Privacy-Friendly Tags," Proc. RFID Privacy Workshop, 2003.
[5] G. Avoine, E. Dysli, and P. Oechslin, "Reducing Time Complexity in RFID Systems," Proc. 12th Int'l Workshop Selected Areas in Cryptography (SAC '05), pp. 291-306, 2005.
[6] H.-Y. Chien, "SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity," IEEE Trans. Dependable and Secure Computing, vol. 4, no. 4, pp. 337-340, Oct.-Dec. 2007.
[7] B. Song and C.J. Mitchell, "RFID Authentication Protocol for Low-Cost Tags," Proc. First ACM Conf. Wireless Network Security (WiSec '08), pp. 140-147, 2008.
[8] D. Molnar and D. Wagner, "Privacy and Security in Library RFID: Issues, Practices, and Architectures," Proc. 11th ACM Conf. Computer and Comm. Security (CCS '04), pp. 210-219, 2004.
[9] J. Myung, W. Lee, and J. Srivastava, "Adaptive Binary Splitting for Efficient RFID Tag Anti-Collision," IEEE Comm. Letters, vol. 10, no. 3, pp. 144-146, Mar. 2006.
[10] M. Kodialam and T. Nandagopal, "Fast and Reliable Estimation Schemes in RFID Systems," Proc. MobiCom '06, pp. 322-333, 2006.
[11] G. Khandelwal, K. Lee, A. Yener, and S. Serbetli, "ASAP: A MAC Protocol for Dense and Time-Constrained RFID Systems," EURASIP J. Wireless Comm. and Networking, vol. 2007, no. 2, pp. 1-13, 2007.
[12] L. Lu, J. Han, L. Hu, Y. Liu, and L. Ni, "Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems," Proc. Fifth Ann. IEEE Int'l Conf. Pervasive Computing and Comm. (PerCom '07), pp. 13-22, 2007.
[13] W. Wang, Y. Li, L. Hu, and L. Lu, "Storage-Awareness: RFID Private Authentication Based on Sparse Tree," Proc. Third Int'l Workshop Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SECPerU '07), pp. 61-66, 2007.
[14] L. Lu, J. Han, R. Xiao, and Y. Liu, "ACTION: Breaking the Privacy Barrier for RFID Systems," Proc. IEEE INFOCOM '09, pp. 1953-1961, 2009.
[15] G. Avoine, I. Coisel, and T. Martin, "Time Measurement Threatens Privacy-Friendly RFID Authentication Protocols," Proc. Sixth Workshop RFID Security and Privacy (RFIDsec '10), pp. 138-157, 2010.
[16] B. Alomair and R. Poovendran, "Privacy Versus Scalability in Radio Frequency Identification Systems," Computer Comm., vol. 33, no. 18, pp. 2155-2163, 2010.
[17] T. Dimitriou, "A Lightweight RFID Protocol to Protect Against Traceability and Cloning Attacks," Proc. First Int'l Conf. Security and Privacy for Emerging Areas in Comm. Networks (SecureComm '05), pp. 59-66, 2005.
[18] B. Alomair, L. Lazos, and R. Poovendran, "Passive Attacks on a Class of Authentication Protocols for RFID," Proc. 10th Int'l Conf. Information Security and Cryptology (ICISC '07), pp. 102-115, 2007.
[19] B. Alomair and R. Poovendran, "On the Authentication of RFID Systems with Bitwise Operations," Proc. Second IFIP Int'l Conf. New Technologies, Mobility and Security (NTMS '08), pp. 1-6, 2008.
[20] Q. Yao, Y. Qi, J. Han, J. Zhao, X. Li, and Y. Liu, "Randomizing RFID Private Authentication," Proc. Seventh Ann. IEEE Int'l Conf. Pervasive Computing and Comm. (PerCom '09), pp. 1-10, 2009.
[21] L. Lu, Y. Liu, and X. Li, "Refresh: Weak Privacy Model for Rfid Systems," Proc. IEEE INFOCOM '10, pp. 1-9, 2010.
[22] B. Alomair, L. Lazos, and R. Poovendran, "Securing Low-Cost RFID Systems: An Unconditionally Secure Approach," J. Computer Security, vol. 19, no. 2, pp. 229-256, 2011.
[23] A. Juels, "Minimalist Cryptography for Low-Cost RFID Tags," Proc. Int'l Conf. Security in Comm. Networks, pp. 149-164, 2005.
[24] B. Song and C.J. Mitchell, "Scalable RFID Pseudonym Protocol," Proc. Third Int'l Conf. Network and System Security (NSS '09), pp. 216-224, 2009.
[25] I. Erguler and E. Anarim, "Scalability and Security Conflict for RFID Authentication Protocols," Technical Report 2010/018, Cryptology ePrint Archive, IACR, 2010.
[26] I. Erguler and E. Anarim, "Attacks on an Efficient RFID Authentication Protocol," Proc. 10th IEEE Int'l Conf. Computer and Information Technology (CIT '10), pp. 1065-1069, 2010.
[27] G. Tsudik, "YA-TRAP: Yet Another Trivial RFID Authentication Protocol," Proc. Fourth Ann. IEEE Int'l Conf. Pervasive Computing and Comm. (PerCom '06), pp. 640-643, 2006.
[28] K. Ouafi and R. Phan, "Privacy of Recent RFID Authentication Protocols," Proc. Fourth Int'l Conf. Information Security Practice and Experience (ISPEC '08), pp. 263-277, 2008.
[29] T. Lim, T. Li, and Y. Li, "A Security and Performance Evaluation of Hash-Based RFID Protocols," Proc. Fourth Int'l Conf. Information Security and Cryptology (Inscrypt '08), pp. 406-424, 2008.
[30] J.H. Cheon, J. Hong, and G. Tsudik, "Reducing RFID Reader Load with the Meet-in-the-Middle Strategy," Technical Report 2009/092, Cryptology ePrint Archive, IACR, 2009.
[31] J. Wu and D. Stinson, "A Highly Scalable RFID Authentication Protocol," Proc. 14th Australasian Conf. Information Security and Privacy (ACISP '09), pp. 360-376, 2009.
[32] G. Avoine, "Adversarial Model for Radio Frequency Identification," Technical Report LASEC-REPORT-2005-001, Swiss Fed. Inst. of Technology (EPFL), Security and Cryptography Laboratory (LASEC), 2005.
[33] A. Juels and S. Weis, "Defining Strong Privacy for RFID," Proc. Fifth Ann. IEEE Int'l Conf. Pervasive Computing and Comm. (PerCom '07), pp. 342-347, 2007.
[34] C. Ma, Y. Li, R. Deng, and T. Li, "RFID Privacy: Relation Between Two Notions, Minimal Condition, and Efficient Construction," Proc. 16th ACM Conf. Computer and Comm. Security (CCS '09), pp. 54-65, 2009.
[35] B. Alomair, L. Lazos, and R. Poovendran, "Securing Low-Cost RFID Systems: An Unconditionally Secure Approach," Proc. The Asia Workshop Radio Frequency Identification System Security (RFIDsec '10), pp. 1-17, 2010.
[36] , 2012.
[37] J. Becla and K.-T. Lim, "Report from the First Workshop on Extremely Large Databases," Data Science J., vol. 7, pp. 1-13, 2008.
[38] A. Juels, "RFID Security and Privacy: A Research Survey," IEEE J. Selected Areas in Comm., vol. 24, no. 2, pp. 381-394, Feb. 2006.
[39] D. Zanetti, B. Danev, and S. Čapkun, "Physical-Layer Identification of UHF RFID Tags," Proc. MobiCom '10, pp. 353-364, 2010.
[40] "Rfid, Privacy, and Corporate Data," RFID J., 2003.
[41] M. O'Neill, "Low-Cost SHA-1 Hash Function Architecture for RFID Tags," Proc. Fourth Workshop RFID Security (RFIDsec '08), 2008.
[42] E.B. Kavun and T. Yalcin, "A Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications," Proc. Sixth Int'l Workshop RFID Security (RFIDsec '10), pp. 258-269, 2010.
[43] W. Feller, An Introduction to Probability Theory and Its Applications. Wiley India Pvt. Ltd., 2008.
36 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool