The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.10 - Oct. (2013 vol.12)
pp: 2037-2049
Gildas Avoine , Universite catholique de Louvain, Louvain-la-Neuve
Muhammed Ali Bingol , Tubitak Bilgem Uekae, Kocaeli
Xavier Carpent , Universite catholique de Louvain, Louvain-la-Neuve
Siddika Berna Ors Yalcin , Istanbul Technical University, Istanbul
ABSTRACT
The recent advent of ubiquitous technologies has raised an important concern for citizens: the need to protect their privacy. So far, this wish was not heard of industrials, but national and international regulation authorities, as the European Commission recently published some guidelines to enforce customers' privacy in RFID systems: "Privacy by designâ is the way to be followed as stated in EC Recommendation of 12.5.2009. Research on privacy is an active domain but there is still a wide gap between theory and everyday life's applications. Filling this gap will require academia to design protocols and algorithms that fit the real-life constraints. In this paper, we provide a comprehensive analysis of privacy-friendly authentication protocols devoted to RFID that: 1) are based on well-established symmetric-key cryptographic building blocks; 2) require a reader complexity lower than $(O(N))$ where $(N)$ is the number of provers in the system. These two properties are sine qua non conditions for deploying privacy-friendly authentication protocols in large-scale applications, for example, access control in mass transportation. We describe existing protocols fulfilling these requirements and point out their drawbacks and weaknesses. We especially introduce attacks on CHT, CTI,YA-TRAP*, and the variant of OSK/AO with mutual authentication. We also raise that some protocols, such as O-RAP, O-FRAP, and OSK/BF, are not resistant to timing attacks. Finally, we select some candidates that are, according to our criteria, the most appropriate ones for practical uses.
INDEX TERMS
Protocols, Privacy, Authentication, Radiofrequency identification, Complexity theory, Cryptography, attacks, Protocols, Privacy, Authentication, Radiofrequency identification, Complexity theory, Cryptography, complexity, RFID, authentication, privacy
CITATION
Gildas Avoine, Muhammed Ali Bingol, Xavier Carpent, Siddika Berna Ors Yalcin, "Privacy-Friendly Authentication in RFID Systems: On Sublinear Protocols Based on Symmetric-Key Cryptography", IEEE Transactions on Mobile Computing, vol.12, no. 10, pp. 2037-2049, Oct. 2013, doi:10.1109/TMC.2012.174
REFERENCES
[1] M. Akgün, M.U. Caglayan, and E. Anarim, "Secure RFID Authentication with Efficient Key-Lookup," Proc. 28th IEEE Global Comm. Conf. (GlobeCom '09), 2009.
[2] B. Alomair, A. Clark, J. Cuellar, and R. Poovendran, "Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification," Proc. 40th Ann. IEEE/IFIP Int'l Conf. Dependable Systems and Networks, 2010.
[3] G. Avoine, "RFID Lounge," http://www.avoine.netrfid, 2013.
[4] B. Alomair, A. Clark, J. Cuellar, and R. Poovendran, "Adversary Model for Radio Frequency Identification," technical report, 2005.
[5] B. Alomair, A. Clark, J. Cuellar, and R. Poovendran, "Cryptography in Radio Frequency Identification and Fair Exchange Protocols," PhD dissertation, Ecole Polytechnique Federale de Lausanne, 2005.
[6] G. Avoine, L. Buttyán, T. Holczer, and I. Vajda, "Group-Based Private Authentication," Proc. IEEE Int'l Workshop Trust, Security, and Privacy for Ubiquitous Computing (TSPUC '07), 2007.
[7] G. Avoine, I. Coisel, and T. Martin, "Time Measurement Threatens Privacy-Friendly RFID Authentication Protocols," Proc. Workshop RFID Security (RFIDSec '10), 2010.
[8] G. Avoine, E. Dysli, and P. Oechslin, "Reducing Time Complexity in RFID Systems," Proc. Int'l Conf. Selected Areas in Cryptography (SAC '05), 2005.
[9] G. Avoine, B. Martin, and T. Martin, "Tree-Based RFID Authentication Protocols Are Definitively Not Privacy-Friendly," Proc. Workshop RFID Security (RFIDSec '10), 2010.
[10] G. Avoine and P. Oechslin, "A Scalable and Provably Secure Hash Based RFID Protocol," Proc. Int'l Workshop Pervasive Computing and Comm. Security (PerSec), 2005.
[11] C. Berbain, O. Billet, J. Etrog, and H. Gilbert, "An Efficient Forward Private RFID Protocol," Proc. Conf. Computer and Comm. Security (CCS '09), 2009.
[12] M. Beye and T. Veugen, "Improved Anonymity for Key-Trees," Proc. Eighth Int'l Conf. Radio Frequency Identification: Security and Privacy Issues, 2012.
[13] O. Billet, J. Etrog, and H. Gilbert, "Lightweight Privacy Preserving Authentication for RFID Using a Stream Cipher," Proc. Int'l Conf. Fast Software Encryption (FSE '10), 2010.
[14] B.H. Bloom, "Space/Time Trade-Offs in Hash Coding with Allowable Errors," Comm. ACM, vol. 37, pp. 422-426, 1970.
[15] J. Bringer, H. Chabanne, and D. Emmanuelle, "${\rm HB}^{++}$ : A Lightweight Authentication Protocol Secure against Some Attacks," Proc. IEEE Int'l Conf. Pervasive Services, Workshop Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU), 2006.
[16] J. Bringer, H. Chabanne, and T. Icart, "Cryptanalysis of EC-RAC, a RFID Identification Protocol," Proc. Seventh Int'l Conf. Cryptology and Network Security (CANS '08), 2008.
[17] A. Broder and M. Mitzenmacher, "Using Multiple Hash Functions to Improve IP Lookups," Proc. IEEE INFOCOM, 2001.
[18] M. Burmester, T.v. Le, and B. de Medeiros, "Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols," Proc. Conf. Security and Privacy for Emerging Areas in Comm. Networks (SecureComm), 2006.
[19] M. Burmester, T.v. Le, and B. de Medeiros, "Universally Composable RFID Identification and Authentication Protocols," ACM Trans. Information and System Security, vol. 12, article 21, 2009.
[20] L. Buttyán, T. Holczer, and I. Vajda, "Optimal Key-Trees for Tree-Based Private Authentication," Proc. Workshop Privacy Enhancing Technologies (PET), 2006.
[21] S. Canard and I. Coisel, "Data Synchronization in Privacy-Preserving RFID Authentication Schemes," Proc. Workshop RFID Security (RFIDSec '08), 2008.
[22] S. Canard, I. Coisel, and M. Girault, "Security of Privacy-Preserving RFID Systems," Proc. IEEE Int'l Conf. RFID-Technology and Applications (RFID-TA '10) 2010.
[23] A. Cavoukian, "Privacy Guidelines for RFID Information Systems (RFID Privacy Guidelines)," Office of the Information and Privacy Commissioner/Ontario, June 2006.
[24] C. Chatmon, T. van Le, and M. Burmester, "Secure Anonymous RFID Authentication Protocols," technical report, 2006.
[25] C.-L. Chen and Y.-Y. Deng, "Conformation of EPC Class 1 Generation 2 Standards RFID System with Mutual Authentication and Privacy Protection," Eng. Applications of Artificial Intelligence, vol. 22, pp. 1284-1291, 2009.
[26] J.H. Cheon, J. Hong, and G. Tsudik, "Reducing RFID Reader Load with the Meet-in-the-Middle Strategy," J. Comm. and Networks, vol. 14, pp. 10-14, 2012.
[27] H.-Y. Chien, "SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity," IEEE Trans. Dependable and Secure Computing, vol. 4, no. 4, pp. 337-340, Oct.-Dec. 2007.
[28] H.-Y. Chien and C.-H. Chen, "Mutual Authentication Protocol for RFID Conforming to EPC Class 1 Generation 2 Standards," Computer Standards & Interfaces, vol. 29, pp. 254-259, 2007.
[29] M. David and N.R. Prasad, "Providing Strong Security and High Privacy in Low-Cost RFID Networks," Proc. Int'l Copf. Security and Privacy in Mobile Information and Comm. Systems, 2009.
[30] W. Diffie and M. Hellman, "Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard," Computer, vol. 10, no. 6, pp. 74-84, June 1977.
[31] T. Dimitriou, "A Lightweight RFID Protocol to Protect against Traceability and Cloning Attacks," Proc. Conf. Security and Privacy for Emerging Areas in Comm. Networks (SecureComm), 2005.
[32] D.N. Duc and K. Kim, "Securing HB+ against GRS Man-in-the-Middle Attack," Proc. Symp. Cryptography and Information Security, 2007.
[33] T. Halevi, N. Saxena, and S. Halevi, "Using HB Family of Protocols for Privacy-Preserving Authentication of RFID Tags in a Population," Proc. Workshop RFID Security (RFIDSec '09), 2009.
[34] D. Han and D. Kwon, "Vulnerability of an RFID Authentication Protocol Conforming to EPC Class 1 Generation 2 Standards," Computer Standards Interfaces, vol. 31, pp. 648-652, 2009.
[35] D. Hein, J. Wolkerstorfer, and N. Felber, "ECC Is Ready for RFID—A Proof in Silicon," Proc. Workshop RFID Security (RFIDSec '08), 2008.
[36] M. Hellman, "A Cryptanalytic Time-Memory Trade-Off," IEEE Trans. Information Theory, vol. 26, no. 4, pp. 401-406, July 1980.
[37] D. Henrici and P. Müller, "Hash-Based Enhancement of Location Privacy for Radio-Frequency Identification Devices Using Varying Identifiers," Proc. Int'l Workshop Pervasive Computing and Comm. Security (PerSec), 2004.
[38] N. Hopper and M. Blum, "Secure Human Identification Protocols," Proc. Seventh Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology, 2001.
[39] M. Hutter, M. Feldhofer, and T. Plos, "An ECDSA Processor for RFID Authentication," Proc. Workshop RFID Security (RFIDSec '10), 2010.
[40] A. Juels, "Minimalist Cryptography for Low-Cost RFID Tags," Proc. Int'l Conf. Security in Comm. Networks (SCN), 2004.
[41] A. Juels and S. Weis, "Authenticating Pervasive Devices with Human Protocols," Proc. Int'l Conf. Advances in Cryptology (CRYPTO '05), 2005.
[42] A. Juels and S. Weis, "Defining Strong Privacy for RFID," Proc. Int'l Conf. Pervasive Computing and Comm. (PerCom), 2007.
[43] T. Karygiannis, B. Eydt, G. Barber, L. Bunn, and T. Phillips, "Guidelines for Securing Radio Frequency Identification (RFID) Systems," NIST Special Publication 800-98, 2007.
[44] L. Lamport, "Password Authentication with Insecure Communication," Comm. ACM, vol. 24, pp. 770-771, 1981.
[45] Y.-C. Lee, Y.-C. Hsieh, P.-S. You, and T.-C. Chen, "A New Ultralightweight RFID Protocol with Mutual Authentication," Proc. WASE Int'l Conf. Information Eng. (ICIE '09), 2009.
[46] Y.K. Lee, K. Sakiyama, L. Batina, and I. Verbauwhede, "Elliptic-Curve-Based Security Processor for RFID," IEEE Trans. Computers, vol. 57, no. 11, pp. 1514-1517, Nov. 2008.
[47] L. Lu, J. Han, L. Hu, Y. Liu, and L. Ni, "Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems," Proc. Int'l Conf. Pervasive Computing and Comm. (PerCom), 2007.
[48] D. Molnar and D. Wagner, "Privacy and Security in Library RFID: Issues, Practices, and Architectures," Proc. Conf. Computer and Comm. Security (CCS '04), 2004.
[49] J. Munilla and A. Peinado, "HB-MP: A Further Step in the HB-Family of Lightweight Authentication Protocols," Computer Networks, vol. 51, pp. 2262-2267, 2007.
[50] D.N. Duc, J. Park, H. Lee, and K. Kim, "Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning," Proc. Symp. Cryptography and Information Security, 2006.
[51] Y. Nohara and S. Inoue, "A Secure and Scalable Identification for Hash-Based RFID Systems Using Updatable Pre-Computation," Proc. Third ACM Conf. Wireless Network Security (WiSec '10), 2010.
[52] Y. Nohara, S. Inoue, and H. Yasuura, "A Secure High-Speed Identification Scheme for RFID Using Bloom Filters," Proc. Third Int'l Conf. Availability, Reliability and Security (AReS), 2008.
[53] K. Nohl and D. Evans, "Quantifying Information Leakage in Tree-Based Hash Protocols," Proc. Int'l Conf. Information and Comm. Security (ICICS '06), 2006.
[54] M. Ohkubo, K. Suzuki, and S. Kinoshita, "Cryptographic Approach to 'Privacy-Friendly' Tags," Proc. RFID Privacy Workshop, 2003.
[55] M. Ohkubo, K. Suzuki, and S. Kinoshita, "Efficient Hash-Chain Based RFID Privacy Protection Scheme," Proc. Int'l Conf. Ubiquitous Computing, Workshop Privacy: Current Status and Future Directions, 2004.
[56] K. Ouafi and R.C.-W. Phan, "Privacy of Recent RFID Authentication Protocols," Proc. Fourth Int'l Conf. Information Security Practice and Experience (ISPEC), 2008.
[57] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, T. Li, and J.C. van der Lubbe, "Weaknesses in Two Recent Lightweight RFID Authentication Protocols," Proc. Workshop RFID Security (RFIDSec '09), 2009.
[58] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, "Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol," Proc. Workshop Information Security Applications (WISA '08), 2008.
[59] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, "Cryptanalysis of a Novel Authentication Protocol Conforming to EPC-C1G2 Standard," Proc. Workshop RFID Security (RFIDSec '07), 2007.
[60] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, "EMAP: An Efficient Mutual Authentication Protocol for Low-Cost RFID Tags," Proc. OTM Federated Conf. Workshop: IS Workshop, 2006.
[61] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, "LMAP: A Real Lightweight Mutual Authentication Protocol for Low-Cost RFID Tags," Proc. Workshop RFID Security (RFIDSec '06), 2006.
[62] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, "M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags," Proc. Int'l Conf. Ubiquitous Intelligence and Computing (UIC '06), 2006.
[63] P. Peris-Lopez, J.C. Hernandez-Castro, J.E. Tapiador, and J.C.A. van der Lubbe, "Cryptanalysis of an EPC Class-1 Generation-2 Standard Compliant Authentication Protocol," Eng. Applications of Artificial Intelligence, vol. 24, pp. 1061-1069, 2011.
[64] V. Reding, "Commission Recommendation of 12.05.2009 - sec(2009) 585/586, on the Implementation of Privacy and Data Protection Principles in Applications Supported by Radio- Frequency Identification," Commission of the European Communities, May 2009.
[65] J. Simitian, "Identity Information Protection Act," California Senate Bill No. 682, 2005.
[66] G. Tsudik, "A Family of Dunces: Trivial RFID Identification and Authentication Protocols," Proc. Workshop Privacy Enhancing Technologies (PET), 2007.
[67] G. Tsudik, "YA-TRAP: Yet Another Trivial RFID Authentication Protocol," Proc. Int'l Conf. Pervasive Computing and Comm. (PerCom), 2006.
[68] T.V. Le, M. Burmester, and B. de Medeiros, "Universally Composable and Forward-Secure RFID Authentication and Authenticated Key Exchange," Proc. ACM Symp. Information, Computer and Comm. Security, 2007.
[69] S. Vaudenay, "On Privacy Models for RFID," Proc. 13th Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology, 2007.
[70] W. Wang, Y. Li, L. Hu, and L. Lu, "Storage-Awareness: RFID Private Authentication Based on Sparse Tree," Proc. Third Int'l Workshop Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2007.
[71] Q. Yao, Y. Qi, J. Han, J. Zhao, X. Li, and Y. Liu, "Randomizing RFID Private Authentication," Proc. IEEE Int'l Conf. Pervasive Computing and Comm. (PerCom), 2009.
[72] K.-H. Yeh, N. Lo, and E. Winata, "An Efficient Ultralightweight Authentication Protocol for RFID Systems," Proc. Workshop RFID Security (RFIDSec Asia '10), 2010.
[73] T.-C. Yeh, Y.-J. Wang, T.-C. Kuo, and S.-S. Wang, "Securing RFID Systems Conforming to EPC Class 1 Generation 2 Standard," Expert System Applications, vol. 37, pp. 7678-7683, 2010.
53 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool