This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification
Aug. 2012 (vol. 23 no. 8)
pp. 1536-1550
Basel Alomair, King Abdulaziz City for Science and Technology (KACST), Riyadh
Andrew Clark, University of Washington, Seattle
Jorge Cuellar, Corporate Research and Technologies, CT T DE IT1, CERT, Munich
Radha Poovendran, Unversity of Washington, Seattle
In RFID literature, most “privacy-preserving” protocols require the reader to search all tags in the system in order to identify a single tag. In another class of protocols, the search complexity is reduced to be logarithmic in the number of tags, but it comes with two major drawbacks: it requires a large communication overhead over the fragile wireless channel, and the compromise of a tag in the system reveals secret information about other, uncompromised, tags in the same system. In this work, we take a different approach to address time complexity of private identification in large-scale RFID systems. We utilize the special architecture of RFID systems to propose a symmetric-key privacy-preserving authentication protocol for RFID systems with constant-time identification. Instead of increasing communication overhead, the existence of a large storage device in RFID systems, the database, is utilized for improving the time efficiency of tag identification.

[1] B. Alomair, A. Clark, J. Cuellar, and R. Poovendran, "Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification," Proc. 40th Ann. IEEE/IFIP Int'l Conf. Dependable Systems and Networks (DSN '10), pp. 1-10, 2010.
[2] S. Garfinkel, A. Juels, and R. Pappu, "RFID Privacy: An Overview of Problems and Proposed Solutions," IEEE Security & Privacy Magazine, vol. 3, no. 3, pp. 34-43, May/June 2005.
[3] B. Preneel, "Using Cryptography Well," Printed Handout, http://secappdev.org/handouts/2010Bart, 2010.
[4] M. Ohkubo, K. Suzuki, and S. Kinoshita, "Cryptographic Approach to Privacy-Friendly Tags," Proc. RFID Privacy Workshop, 2003.
[5] G. Avoine, E. Dysli, and P. Oechslin, "Reducing Time Complexity in RFID Systems," Proc. 12th Int'l Workshop Selected Areas in Cryptography (SAC '05), pp. 291-306, 2005.
[6] H.-Y. Chien, "SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity," IEEE Trans. Dependable and Secure Computing, vol. 4, no. 4, pp. 337-340, Oct.-Dec. 2007.
[7] B. Song and C.J. Mitchell, "RFID Authentication Protocol for Low-Cost Tags," Proc. First ACM Conf. Wireless Network Security (WiSec '08), pp. 140-147, 2008.
[8] D. Molnar and D. Wagner, "Privacy and Security in Library RFID: Issues, Practices, and Architectures," Proc. 11th ACM Conf. Computer and Comm. Security (CCS '04), pp. 210-219, 2004.
[9] J. Myung, W. Lee, and J. Srivastava, "Adaptive Binary Splitting for Efficient RFID Tag Anti-Collision," IEEE Comm. Letters, vol. 10, no. 3, pp. 144-146, Mar. 2006.
[10] M. Kodialam and T. Nandagopal, "Fast and Reliable Estimation Schemes in RFID Systems," Proc. MobiCom '06, pp. 322-333, 2006.
[11] G. Khandelwal, K. Lee, A. Yener, and S. Serbetli, "ASAP: A MAC Protocol for Dense and Time-Constrained RFID Systems," EURASIP J. Wireless Comm. and Networking, vol. 2007, no. 2, pp. 1-13, 2007.
[12] L. Lu, J. Han, L. Hu, Y. Liu, and L. Ni, "Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems," Proc. Fifth Ann. IEEE Int'l Conf. Pervasive Computing and Comm. (PerCom '07), pp. 13-22, 2007.
[13] W. Wang, Y. Li, L. Hu, and L. Lu, "Storage-Awareness: RFID Private Authentication Based on Sparse Tree," Proc. Third Int'l Workshop Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SECPerU '07), pp. 61-66, 2007.
[14] L. Lu, J. Han, R. Xiao, and Y. Liu, "ACTION: Breaking the Privacy Barrier for RFID Systems," Proc. IEEE INFOCOM '09, pp. 1953-1961, 2009.
[15] G. Avoine, I. Coisel, and T. Martin, "Time Measurement Threatens Privacy-Friendly RFID Authentication Protocols," Proc. Sixth Workshop RFID Security and Privacy (RFIDsec '10), pp. 138-157, 2010.
[16] B. Alomair and R. Poovendran, "Privacy Versus Scalability in Radio Frequency Identification Systems," Computer Comm., vol. 33, no. 18, pp. 2155-2163, 2010.
[17] T. Dimitriou, "A Lightweight RFID Protocol to Protect Against Traceability and Cloning Attacks," Proc. First Int'l Conf. Security and Privacy for Emerging Areas in Comm. Networks (SecureComm '05), pp. 59-66, 2005.
[18] B. Alomair, L. Lazos, and R. Poovendran, "Passive Attacks on a Class of Authentication Protocols for RFID," Proc. 10th Int'l Conf. Information Security and Cryptology (ICISC '07), pp. 102-115, 2007.
[19] B. Alomair and R. Poovendran, "On the Authentication of RFID Systems with Bitwise Operations," Proc. Second IFIP Int'l Conf. New Technologies, Mobility and Security (NTMS '08), pp. 1-6, 2008.
[20] Q. Yao, Y. Qi, J. Han, J. Zhao, X. Li, and Y. Liu, "Randomizing RFID Private Authentication," Proc. Seventh Ann. IEEE Int'l Conf. Pervasive Computing and Comm. (PerCom '09), pp. 1-10, 2009.
[21] L. Lu, Y. Liu, and X. Li, "Refresh: Weak Privacy Model for Rfid Systems," Proc. IEEE INFOCOM '10, pp. 1-9, 2010.
[22] B. Alomair, L. Lazos, and R. Poovendran, "Securing Low-Cost RFID Systems: An Unconditionally Secure Approach," J. Computer Security, vol. 19, no. 2, pp. 229-256, 2011.
[23] A. Juels, "Minimalist Cryptography for Low-Cost RFID Tags," Proc. Int'l Conf. Security in Comm. Networks, pp. 149-164, 2005.
[24] B. Song and C.J. Mitchell, "Scalable RFID Pseudonym Protocol," Proc. Third Int'l Conf. Network and System Security (NSS '09), pp. 216-224, 2009.
[25] I. Erguler and E. Anarim, "Scalability and Security Conflict for RFID Authentication Protocols," Technical Report 2010/018, Cryptology ePrint Archive, IACR, 2010.
[26] I. Erguler and E. Anarim, "Attacks on an Efficient RFID Authentication Protocol," Proc. 10th IEEE Int'l Conf. Computer and Information Technology (CIT '10), pp. 1065-1069, 2010.
[27] G. Tsudik, "YA-TRAP: Yet Another Trivial RFID Authentication Protocol," Proc. Fourth Ann. IEEE Int'l Conf. Pervasive Computing and Comm. (PerCom '06), pp. 640-643, 2006.
[28] K. Ouafi and R. Phan, "Privacy of Recent RFID Authentication Protocols," Proc. Fourth Int'l Conf. Information Security Practice and Experience (ISPEC '08), pp. 263-277, 2008.
[29] T. Lim, T. Li, and Y. Li, "A Security and Performance Evaluation of Hash-Based RFID Protocols," Proc. Fourth Int'l Conf. Information Security and Cryptology (Inscrypt '08), pp. 406-424, 2008.
[30] J.H. Cheon, J. Hong, and G. Tsudik, "Reducing RFID Reader Load with the Meet-in-the-Middle Strategy," Technical Report 2009/092, Cryptology ePrint Archive, IACR, 2009.
[31] J. Wu and D. Stinson, "A Highly Scalable RFID Authentication Protocol," Proc. 14th Australasian Conf. Information Security and Privacy (ACISP '09), pp. 360-376, 2009.
[32] G. Avoine, "Adversarial Model for Radio Frequency Identification," Technical Report LASEC-REPORT-2005-001, Swiss Fed. Inst. of Technology (EPFL), Security and Cryptography Laboratory (LASEC), 2005.
[33] A. Juels and S. Weis, "Defining Strong Privacy for RFID," Proc. Fifth Ann. IEEE Int'l Conf. Pervasive Computing and Comm. (PerCom '07), pp. 342-347, 2007.
[34] C. Ma, Y. Li, R. Deng, and T. Li, "RFID Privacy: Relation Between Two Notions, Minimal Condition, and Efficient Construction," Proc. 16th ACM Conf. Computer and Comm. Security (CCS '09), pp. 54-65, 2009.
[35] B. Alomair, L. Lazos, and R. Poovendran, "Securing Low-Cost RFID Systems: An Unconditionally Secure Approach," Proc. The Asia Workshop Radio Frequency Identification System Security (RFIDsec '10), pp. 1-17, 2010.
[36] http://ti.com/rfid/shtmldoc-center-datasheets.shtml , 2012.
[37] J. Becla and K.-T. Lim, "Report from the First Workshop on Extremely Large Databases," Data Science J., vol. 7, pp. 1-13, 2008.
[38] A. Juels, "RFID Security and Privacy: A Research Survey," IEEE J. Selected Areas in Comm., vol. 24, no. 2, pp. 381-394, Feb. 2006.
[39] D. Zanetti, B. Danev, and S. Čapkun, "Physical-Layer Identification of UHF RFID Tags," Proc. MobiCom '10, pp. 353-364, 2010.
[40] "Rfid, Privacy, and Corporate Data," RFID J., 2003.
[41] M. O'Neill, "Low-Cost SHA-1 Hash Function Architecture for RFID Tags," Proc. Fourth Workshop RFID Security (RFIDsec '08), 2008.
[42] E.B. Kavun and T. Yalcin, "A Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications," Proc. Sixth Int'l Workshop RFID Security (RFIDsec '10), pp. 258-269, 2010.
[43] W. Feller, An Introduction to Probability Theory and Its Applications. Wiley India Pvt. Ltd., 2008.

Index Terms:
RFID, privacy, authentication, identification, scalability.
Citation:
Basel Alomair, Andrew Clark, Jorge Cuellar, Radha Poovendran, "Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification," IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 8, pp. 1536-1550, Aug. 2012, doi:10.1109/TPDS.2011.290
Usage of this product signifies your acceptance of the Terms of Use.