PRICE TO PROVIDE RFID SECURITY AND PRIVACY?
Tim Good, Mohammed Benaissa
2008
Abstract
The applications for Radio frequency identification (RFID) systems are rapidly expanding and privacy concerns have been highlighted. Existing protocols fit into the challenge-response model and either fail in terms of privacy or have security vulnerabilities. A new symmetric key based protocol for RFID, named “PRICE: to Prevent RFID Insecurity Cryptography Essential”, is presented. This provides tag and reader authentication together with secure transfer of the tag’s identifier whilst still remaining within the challenge-response model. A security analysis of the protocol is given together with discussion of areas of weakness. The tag-borne security measures only require a single symmetric cipher encryption primitive.
References
- Agrawal, D., Archambeault, B. , Rao, J., and Rohatgi, P., The EM side-channel(s): Attacks and Assessment Methodologies, CHES 2002, San Francisco, LNCS 2523, pp 29-45, Springer, 2003.
- Chatmon, C., Le, T.v., and Burmester, M., Secure anonymous RFID authentication protocols. Technical Report TR-060112, Florida State University, Dept of Computer Science, Tallahassee, Florida, USA, 2006.
- Dimitriou, T., A Lightweight RFID Protocol to protect against Traceability and Cloning attacks. In IEEE SecureComm05, Sept 5-9, Athens, Greece, Sept 2005.
- Dominikus, S., Oswald, E., and Feldhofer, M., Symmetric authentication for RFID systems in practice. ECRYPT Workshop on RFID and Lightweight Crypto, Graz, Austria, July 14-15, 2005.
- Engberg, S., Harning, M., and Damsgaard-Jensen, C., Zero-knowledge device authentication: Privacy & security enhanced RFID preserving business value and consumer convenience, Conf. on Privacy, Security and Trust - PST, New Brunswick, Canada, Oct. 2004.
- Garfinkel, S.L., Juels, A., and Pappu, R., RFID Privacy: An Overview of Problems and Proposed Solutions. In IEEE Security & Privacy May/June 2005.
- Good, T., and Benaissa, M., Hardware performance of eStream phase-III stream cipher candidates. At SASC 2008 conference, Lausanne, Feb 2008, available www.ecrypt.eu.org/stvl/sasc2008
- Juels, A., RFID Security and Privacy: A Research Survey. In IEEE J. on Selected Areas in Communications, vol. 24 no. 2, pp 381-394, invited paper, Feb 2006.
- Kfir, Z., and Wool, A., Picking virtual pockets using relay attacks on contactless smartcard systems. available at http://eprint.iacr.org/2005/052, 2005.
- Lehtonen, M., Staake, T., Michahelles, F., and Fleisch, E., From Identification to Authentication - A Review of RFID Product Authentication Techniques, RFIDsec06, Graz Austria, July 2006.
- Lockton, V., and Rosenberg, R. S., RFID: The next serious threat to privacy. In Ethics and Information Technology 7:221-231, Springer, 2006.
- Molnar, D., Soppera, A., and Wagner, D., Privacy for RFID through trusted computing. in Proc. Workshop on Privacy in the Electron. Soc., 2005.
- Peris-Lopez, P., Hernandez-Castro, J.C., Tapiador, J.M. E., and Ribagorda, A., LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags. RFIDsec06, Graz Austria, July 2006.
- Peslak, A.R., An Ethical Exploration of Privacy and Radio Frequency Identification. In Journal of Business Ethics 59: 327-345, Springer, 2005.
- Piret, G., and Quisquater, J-J., A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad. CHES 2003, Cologne, Germany, LNCS 2779, pp 77-88, Springer, 2003.
- Tsudik, G., YA-TRAP: Yet Another Trivial RFID Authentication Protocol, IEEE Intl. conf. on Pervasive Computing and Communications, Pisa, March 2006.
- Weis, S.A., Sarma, S.E., Rivest, R.L., and Engels, D.W., Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In Security in Pervasive Computing 2003, LNCS, vol. 2802, pp 201- 212, Springer, 2004.
- Yang, J., Park, J., Lee, H., Ren, K., and Kim, K., Mutual Authentication Protocol for Low-cost RFID, ECRYPT Workshop on RFID and Lightweight Crypto, Graz, Austria, July 14-15, 2005.
Paper Citation
in Harvard Style
Good T. and Benaissa M. (2008). PRICE TO PROVIDE RFID SECURITY AND PRIVACY? . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008) ISBN 978-989-8111-59-3, pages 209-213. DOI: 10.5220/0001925002090213
in Bibtex Style
@conference{secrypt08,
author={Tim Good and Mohammed Benaissa},
title={PRICE TO PROVIDE RFID SECURITY AND PRIVACY?},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)},
year={2008},
pages={209-213},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001925002090213},
isbn={978-989-8111-59-3},
}
in EndNote Style
TY  - CONF 
JO  - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)
TI  - PRICE TO PROVIDE RFID SECURITY AND PRIVACY?
SN  - 978-989-8111-59-3
AU  - Good T. 
AU  - Benaissa M. 
PY  - 2008
SP  - 209
EP  - 213
DO  - 10.5220/0001925002090213