Table of Contents Author Guidelines Submit a Manuscript
Journal of Computer Networks and Communications
Volume 2013, Article ID 710275, 26 pages
http://dx.doi.org/10.1155/2013/710275
Research Article

Untangling RFID Privacy Models

ICTEAM/Crypto Group and ICTEAM/GSI, Université Catholique de Louvain, 1348 Louvain-la-Neuve, Belgium

Received 25 May 2012; Accepted 24 July 2012

Academic Editor: Agusti Solanas

Copyright © 2013 Iwen Coisel and Tania Martin. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. EPCglobal. Class-1 Generation 2 UHF Air Interface Protocol Standard Version 1. 2. 0: Gen 2, 2008, http://www.epcglobalinc.org/standards/.
  2. Infineon, Contactless SLE 66 Family, http://www.infineon.com/.
  3. NXP Semiconductors, DESFire Tags, http://www.nxp.com/.
  4. A. Cavoukian, Privacy-by-Design, http://privacybydesign.ca/.
  5. Viviane Reding. Commission recommendation of 12. 05. 2009—SEC(2009) 585/586, on the implementation of privacy and data protection principles in applications supported by radio-frequency identification, 2009.
  6. G. Avoine, E. Dysli, and P. Oechslin, “Reducing time complexity in RFID systems,” in Proceedings of the 12th International Conference on Selected Areas in Cryptography (SAC '05), vol. 3897 of Lecture Notes in Computer Science, pp. 291–306, Springer, Kingston, Canada, 2005.
  7. G. Avoine and P. Oechslin, “A scalable and provably secure hash-based RFID protocol,” in Proceedings of the 3rd IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW '05) Workshops, pp. 110–114, IEEE, Kauai Island, Hawaii, USA, March 2005. View at Publisher · View at Google Scholar · View at Scopus
  8. D. Molnar and D. Wagner, “Privacy and security in library RFID issues, practices, and architectures,” in Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS '04), pp. 210–219, ACM, Washington, DC, USA, October 2004. View at Scopus
  9. G. Avoine, “Adversary model for radio frequency identification,” LASEC-REPORT 2005-001, Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC), Lausanne, Switzerland, 2005. View at Google Scholar
  10. M. Burmester, T. van Le, B. de Medeiros, and G. Tsudik, “Universally composable RFID identification and authentication protocols,” ACM Transactions on Information and System Security, vol. 12, no. 4, article 21, 2009. View at Publisher · View at Google Scholar · View at Scopus
  11. S. Canard, I. Coisel, J. Etrog, and M. Girault, “Privacy-preserving RFID systems: model and constructions,” Cryptology ePrint Archive, Report 2010/405, 2010.
  12. R. H. Deng, Y. Li, M. Yung, and Y. Zhao, “A new framework for RFID Privacy,” in Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS '10), vol. 6345 of Lecture Notes in Computer Science, pp. 1–18, Springer, Athens, Greece, 2010.
  13. T. van Deursen, S. Mauw, and S. Radomirović, “Untraceability of RFID protocols,” in Proceedings of the 2nd IFIP WG 11.2 International Conference on Information Security Theory and Practices: Smart Devices, Convergence and Next Generation Networks (WISTP '08), vol. 5019 of Lecture Notes in Computer Science, pp. 1–15, Springer, Sevilla, Spain, May 2008.
  14. J.-H. Ha, S.-J. Moon, J. Zhou, and J.-C. Ha, “A new formal proof model for RFID location privacy,” in Proceedings of the 13th European Symposium on Research in Computer Security (ESORICS '08), vol. 5283 of Lecture Notes in Computer Science, pp. 267–281, Springer, Malaga, Spain, 2008.
  15. J. Hermans, A. Pashalidis, F. Vercauteren, and B. Preneel, “A new RFID privacy model,” in Proceedings of the 16th European Symposium on Research in Computer Security (ESORICS '11), vol. 6879 of Lecture Notes in Computer Science, pp. 568–587, Springer, Leuven, Belgium, 2011.
  16. A. Juels and S. A. Weis, “Defining strong privacy for RFID,” in Proceedings of the 5th Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom '07), pp. 342–347, IEEE, New York, NY, USA, March 2007. View at Publisher · View at Google Scholar · View at Scopus
  17. J. Lai, R. H. Deng, and Y. Li, “Revisiting unpredictability-based RFID privacy models,” in Proceedings of the 8th International Conference on Applied Cryptography and Network Security (ACNS '10), vol. 6123 of Lecture Notes in Computer Science, pp. 475–492, Springer, Beijing, China, 2010.
  18. T. van Le, M. Burmester, and B. de Medeiros, “Universally composable and forward-secure RFID authentication and authenticated key exchange,” in Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS '07), pp. 242–252, ACM, Singapore, March 2007. View at Publisher · View at Google Scholar · View at Scopus
  19. C. Ma, Y. Li, R. H. Deng, and T. Li, “RFID privacy: relation between two notions, minimal condition, and efficient construction,” in Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS '09), pp. 54–65, ACM, Chicago, Ill, USA, November 2009. View at Publisher · View at Google Scholar · View at Scopus
  20. K. Ouafi, Security and privacy in RFID systems [Ph.D. thesis], EPFL, Lausanne, Switzerland, 2011.
  21. R.-I. Paise and S. Vaudenay, “Mutual authentication in RFID: security and privacy,” in Proceedings of the 3rd ACM Symposium on Information, Computer and Communications Security (ASIACCS '08), pp. 292–299, ACM, Tokyo, Japan, March 2008. View at Publisher · View at Google Scholar · View at Scopus
  22. S. Vaudenay, “On privacy models for RFID,” in Proceedings of 13th International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT '07), vol. 4833 of Lecture Notes in Computer Science, pp. 68–87, Springer, Kuching, Malaysia, December 2007.
  23. C. Su, Y. Li, Y. Zhao, R. H. Deng, Y. Zhao, and J. Zhou, “A survey on privacy frameworks for RFID authentication,” IEICE Transactions on Information and Systems, vol. 95, no. 1, pp. 2–11, 2012. View at Publisher · View at Google Scholar
  24. S. Canard and I. Coisel, “Data synchronization in privacy-preserving RFID authentication schemes,” in Proceedings of the 4th Workshop on RFID Security (RFIDSec '08), Budapest, Hungary, July 2008.
  25. S. Bocchetti, Security and privacy in RFID protocols [M.S. thesis], Università degli Studi di Napoli Federico II, Naples, Italy, 2006.
  26. F. Armknecht, A. R. Sadeghi, A. Scafuro, I. Visconti, and C. Wachsmann, “Impossibility results for RFID privacy notions,” Transaction on Computational Science XI, vol. 6480, pp. 39–63, 2010. View at Publisher · View at Google Scholar · View at Scopus
  27. M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations among notions of security for public-key encryption schemes,” in Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '98), vol. 1462 of Lecture Notes in Computer Science, pp. 26–45, Springer, Santa Barbara, Calif, USA, 1998.
  28. G. Avoine, I. Coisel, and T. Martin, “Time measurement threatens privacy-friendly RFID authentication protocols,” in Proceedings of the 6th International Conference on Radio Frequency Identification: Security and Privacy Issues (RFIDSec '10), vol. 6370 of Lecture Notes in Computer Science, pp. 138–157, Springer, Istanbul, Turkey, 2010.
  29. P. D'Arco, A. Scafuro, and I. Visconti, “Revisiting DoS attacks and privacy in RFID-enabled networks,” in Proceedings of the 5th International Workshop on Algorithmic Aspects of Wireless Sensor Networks (ALGOSENSORS '09), vol. 5804 of Lecture Notes in Computer Science, pp. 76–87, Springer, Rhodes, Greece, 2009.
  30. F. D. Garcia and P. van Rossum, “Modeling privacy for off-line RFID systems,” in Proceedings of the 9th Smart Card Research and Advanced Applications (CARDIS '10), vol. 6035 of Lecture Notes in Computer Science, pp. 194–208, Springer, Passau, Germany, 2010.
  31. R. Canetti, “Universally Composable Security: A New Paradigm for Cryptographic Protocols,” Cryptology ePrint Archive, Report 2000/067, 2000.
  32. R. Canetti, “Security and Composition of Cryptographic Protocols: A Tutorial,” Cryptology ePrint Archive, Report 2006/465, 2006.
  33. D. Dolev and A. C. Yao, “On the security of public key protocols,” IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 1983. View at Publisher · View at Google Scholar · View at Scopus
  34. F. D. Garcia, I. Hasuo, W. Pieters, and P. van Rossum, “Provable anonymity,” in ACM Workshop on Formal Methods in Security Engineering (FMSE '05), pp. 63–72, ACM, Alexandria, VA, USA, November 2005. View at Scopus
  35. S. Mauw, J. H. S. Verschuren, and E. P. de Vink, “A formalization of anonymity and onion routing,” in Proceedings of the 9th European Symposium on Research in Computer Security (ESORICS '04), vol. 3193 of Lecture Notes in Computer Science, pp. 109–124, Springer, Sophia Antipolis, France, 2004.
  36. S. Canard, I. Coisel, and M. Girault, “Security of privacy-preserving RFID systems,” in Proceedings of IEEE International Conference on RFID-Technology and Applications (RFID-TA '10), pp. 269–274, IEEE, Guangzhou, China, June 2010. View at Publisher · View at Google Scholar · View at Scopus
  37. International Organization for Standardization, ISO/IEC, 9798: Information technology—Security techniques—Entity authentication, 1991–2010.
  38. M. Ohkubo, K. Suzuki, and S. Kinoshita, “Cryptographic approach to “privacy-friendly” tags,” in RFID Privacy Workshop, MIT, Cambridge, Mass, USA, November 2003.
  39. T. Dimitriou, “A lightweight RFID protocol to protect against traceability and cloning attacks,” in Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm '05), pp. 59–66, IEEE, Athens, Greece, September 2005. View at Publisher · View at Google Scholar · View at Scopus
  40. T. van Deursen, Security of RFID protocols [Ph.D. thesis], University of Luxembourg, Walferdange, Luxembourg, 2011.
  41. G. P. Hancke, “Practical eavesdropping and skimming attacks on high-frequency RFID tokens,” Journal of Computer Security, vol. 19, no. 2, pp. 259–288, 2011. View at Publisher · View at Google Scholar · View at Scopus
  42. D. Moriyama, S. Matsuo, and M. Ohkubo, “Relation among the security models for RFID authentication protocol,” in ECRYPT Workshop on Lightweight Cryptography, Louvain-la-Neuve, Belgium, 2011.
  43. G. Avoine, B. Martin, and T. Martin, “Tree-based RFID authentication protocols are definitively not privacy-friendly,” in Proceedings of the 6th International Conference on Radio Frequency Identification: Security and Privacy Issues (RFIDSec '10), vol. 6370 of Lecture Notes in Computer Science, pp. 103–122, Springer, Istanbul, Turkey, 2010.
  44. K. Ouafi and R. C. W. Phan, “Traceable privacy of recent provably-secure RFID protocols,” in Proceedings of the 6th International Conference on Applied Cryptography and Network Security (ACNS '08), vol. 5037 of Lecture Notes in Computer Science, pp. 479–489, Springer, New York City, NY, USA, June 2008.