• PDF / 526,932 Bytes
• 15 Pages / 430 x 660 pts Page_size
• 50 Downloads / 221 Views

DOWNLOAD

REPORT

ract. We propose a model and definition for anonymous (group) identification that is well suited for RFID systems. This is based on the definition of Juels and Weis of strong privacy for RFID tags, where we add requirements for completeness and soundness. We also propose a weaker and more realistic definition of privacy. For the case where tags hold independent keys, we prove a conjecture by Juels and Weis, namely in a strongly private and sound RFID system using only symmetric cryptography, a reader must access virtually all keys in the system when reading a tag. It was already known from work by Molnar, Soppera and Wagner that when keys are dependent, the reader only needs to access a logarithmic number of keys, but at a cost in terms of privacy: For that system, privacy is lost if an adversary corrupts just a single tag. We propose protocols offering a new range of tradeoffs between security and efficiency. For instance, the number of keys accessed by a reader to read a tag can be significantly smaller than the number of tags while retaining soundness and privacy, as long as we assume suitable limitations on the adversary.

1

Introduction

RFID tags are small wireless devices that react to electromagnetic fields generated by an RFID reader; they can emit some prestored information and can also do computation. The computing power one can assume an RFID tag to have, however, is severely limited in many applications by requirements for extremely low price tags. RFID technology holds great promise in many scenarios, but can also lead to serious privacy problems, for instance because it becomes possible to track the behavior and whereabouts of people carrying tagged items. Several research works have proposed protocols for addressing the privacy problem in RFID systems. However, until recently, not much work has addressed formal definitions of security for RFID systems. In [9], Juels and Weis propose a definition of what they call ”strong privacy” (based on earlier work by Avoine [2]). Strong privacy is indeed a strong notion, primarily because the adversary is given a lot of power: He can corrupt any number of tags (but not the reader) and read their contents, he can eavesdrop and schedule the tag/reader communication any way he wants, and he can himself select the tags whose privacy he wants to break. In independent work, Burmester, Le and Medeiros T. Malkin (Ed.): CT-RSA 2008, LNCS 4964, pp. 318–332, 2008. c Springer-Verlag Berlin Heidelberg 2008 

RFID Security: Tradeoffs between Security and Efficiency

319

propose a security definition based on Canetti’s Universal Composability framework [6] and they also propose a protocol secure in their model [14]. The work of Juels and Weis only addresses privacy, that is, making sure that the communication of a tag does not allow an external adversary to determine the identity of the tag. Of course, another natural requirement is that a reader should be able to determine whether the tag it reads is valid and not fabricated by an adversary, for instance. Indeed, if this was not required,

Recommend Documents

Panel: RFID Security and Privacy

173 42 12MB

RFID. Security and Privacy 7th International Workshop, RFIDSec 2011,

150 6 3MB

Low-Cost and Strong-Security RFID Authentication Protocol

170 116 437KB

A Salient Missing Link in RFID Security Protocols

99 59 311KB

Database Security and Security Patterns

200 108 13MB

Security

173 106 9MB

Security

147 50 49MB

Security

153 11 3MB

Security

150 96 15MB

Wireless Communications under Hostile Jamming: Security and Efficiency

164 111 5MB

Security

186 11 26MB

Security

181 7 2MB