Skip to main content
Springer Nature Link
Log in

Impossibility Results for RFID Privacy Notions

  • Chapter
Transactions on Computational Science XI

Part of the book series: Lecture Notes in Computer Science ((TCOMPUTATSCIE,volume 6480))

  • 659 Accesses

Abstract

RFID systems have become increasingly popular and are already used in many real-life applications. Although very useful, RFIDs introduce privacy risks since they carry identifying information that can be traced. Hence, several RFID privacy models have been proposed. However, they are often incomparable and in part do not reflect the capabilities of real-world adversaries. Recently, Paise and Vaudenay presented a general RFID security and privacy model that abstracts and unifies most previous approaches. This model defines mutual authentication (between RFID tags and readers) and several privacy notions that capture adversaries with different tag corruption behavior and capabilities.

In this paper, we revisit the model proposed by Paise and Vaudenay and investigate some subtle issues such as tag corruption aspects. We show that in their formal definitions tag corruption discloses the temporary memory of tags and leads to the impossibility of achieving both mutual authentication and any reasonable notion of RFID privacy in their model. Moreover, we show that the strongest privacy notion (narrow-strong privacy) cannot be achieved simultaneously with reader authentication even under the strong assumption that tag corruption does not disclose temporary tag states. Further, we show other impossibility results that hold if the adversary can manipulate an RFID tag such that it resets its state or when tags are stateless.

Although our results are shown on the privacy definition by Paise and Vaudenay, they give insight to the difficulties of setting up a mature security and privacy model for RFID systems that aims at fulfilling the sophisticated requirements of real-life applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
€32.70 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (France)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 42.79
Price includes VAT (France)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 52.74
Price includes VAT (France)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Armknecht, F., Sadeghi, A.R., Visconti, I., Wachsmann, C.: On RFID privacy with mutual authentication and tag corruption. In: Zhou, J. (ed.) ACNS 2010. LNCS, vol. 6123, pp. 493–510. Springer, Heidelberg (2010)

    Google Scholar 

  2. Atmel Corporation: Innovative IDIC solutions (2007), http://www.atmel.com/dyn/resources/prod_documents/doc4602.pdf

  3. Avoine, G.: Adversarial model for radio frequency identification. ePrint, Report 2005/049 (2005)

    Google Scholar 

  4. Avoine, G., Lauradoux, C., Martin, T.: When compromised readers meet RFID. In: The 5th Workshop on RFID Security (RFIDSec) (2009)

    Google Scholar 

  5. Bellare, M., Fischlin, M., Goldwasser, S., Micali, S.: Identification protocols secure against reset attacks. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 495–511. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  6. Blundo, C., Persiano, G., Sadeghi, A.R., Visconti, I.: Improved security notions and protocols for non-transferable identification. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 364–378. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  7. Bringer, J., Chabanne, H., Icart, T.: Efficient zero-knowledge identification schemes which respect privacy. In: Proceedings of ASIACCS 2009, pp. 195–205. ACM Press, New York (2009)

    Chapter  Google Scholar 

  8. Burmester, M., van Le, T., de Medeiros, B.: Universally composable and forward-secure RFID authentication and authenticated key exchange. In: Proc. of ASIACCS, pp. 242–252. ACM Press, New York (2007)

    Google Scholar 

  9. Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge (extended abstract). In: STOC, pp. 235–244 (2000)

    Google Scholar 

  10. D’Arco, P., Scafuro, A., Visconti, I.: Revisiting DoS Attacks and Privacy in RFID-Enabled Networks. In: Dolev, S. (ed.) ALGOSENSORS 2009. LNCS, vol. 5804, pp. 76–87. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  11. D’Arco, P., Scafuro, A., Visconti, I.: Semi-destructive privacy in DoS-enabled RFID systems. In: The 5th Workshop on RFID Security (RFIDSec) (2009)

    Google Scholar 

  12. Deng, R.H., Li, Y., Yao, A.C., Yung, M., Zhao, Y.: A new framework for RFID privacy. ePrint, Report 2010/059 (2010)

    Google Scholar 

  13. Deng, Y., Lin, D.: Instance-dependent verifiable random functions and their application to simultaneous resettability. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 148–168. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  14. EPCglobal Inc.: (April 2008), http://www.epcglobalinc.org/

  15. Garcia, F., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Wichers Schreur, R., Jacobs, B.: Dismantling MIFARE Classic. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 97–114. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  16. Garcia, F.D., van Rossum, P.: Modeling privacy for off-line RFID systems. In: The 5th Workshop on RFID Security (RFIDSec) (2009)

    Google Scholar 

  17. Goyal, V., Sahai, A.: Resettably secure computation. In: EUROCRYPT, pp. 54–71 (2009)

    Google Scholar 

  18. Hutter, M., Schmidt, J.M., Plos, T.: RFID and its vulnerability to faults. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 363–379. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  19. I.C.A. Organization: Machine Readable Travel Documents, Doc 9303, Part 1 Machine Readable Passports, 5th edn (2003)

    Google Scholar 

  20. Juels, A.: RFID security and privacy: A research survey. Journal of Selected Areas in Communication 24(2), 381–395 (2006)

    Article  MathSciNet  Google Scholar 

  21. Juels, A., Weis, S.A.: Defining strong privacy for RFID. ePrint, Report 2006/137 (2006)

    Google Scholar 

  22. Kasper, T., Oswald, D., Paar, C.: New methods for cost-effective side-channel attacks on cryptographic RFIDs. In: The 5th Workshop on RFID Security (RFIDSec) (2009)

    Google Scholar 

  23. Kirschenbaum, I., Wool, A.: How to build a low-cost, extended-range RFID skimmer. ePrint, Report 2006/054 (2006)

    Google Scholar 

  24. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)

    MATH  Google Scholar 

  25. Ng, C.Y., Susilo, W., Mu, Y., Safavi-Naini, R.: New privacy results on synchronized RFID authentication protocols against tag tracing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 321–336. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  26. Ng, C.Y., Susilo, W., Mu, Y., Safavi-Naini, R.: RFID privacy models revisited. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 251–256. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  27. Nithyanand, R., Tsudik, G., Uzun, E.: Readers behaving badly: Reader revocation in PKI-based RFID systems. ePrint, Report 2009/465 (2009)

    Google Scholar 

  28. NXP Semiconductors: MIFARE (May 2007), http://mifare.net/

  29. NXP Semiconductors: MIFARE smartcard ICs (April 2010), http://www.mifare.net/products/smartcardics/

  30. Paise, R.I., Vaudenay, S.: Mutual authentication in RFID: Security and privacy. In: Proc. of ASIACCS, pp. 292–299. ACM Press, New York (2008)

    Chapter  Google Scholar 

  31. Sadeghi, A.R., Visconti, I., Wachsmann, C.: User privacy in transport systems based on RFID e-tickets. In: International Workshop on Privacy in Location-Based Applications (PiLBA) (2008)

    Google Scholar 

  32. Sadeghi, A.R., Visconti, I., Wachsmann, C.: Anonymizer-enabled security and privacy for RFID. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 134–153. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  33. Sadeghi, A.R., Visconti, I., Wachsmann, C.: Efficient RFID security and privacy with anonymizers. In: The 5th Workshop on RFID Security (RFIDSec) (2009)

    Google Scholar 

  34. Sadeghi, A.R., Visconti, I., Wachsmann, C.: Location privacy in RFID applications. In: Bettini, C., Jajodia, S., Samarati, P., Wang, X.S. (eds.) Privacy in Location-Based Applications. LNCS, vol. 5599, pp. 127–150. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  35. Sadeghi, A.R., Visconti, I., Wachsmann, C.: Enhancing RFID Security and Privacy by Physically Unclonable Functions. Springer, Heidelberg (2010)

    Google Scholar 

  36. Sadeghi, A.R., Visconti, I., Wachsmann, C.: PUF-enhanced RFID security and privacy. In: Workshop on Secure Component and System Identification (SECSI) (2010)

    Google Scholar 

  37. Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  38. Weis, S.A., et al.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., et al. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 50–59. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Mannheim, Germany

    Frederik Armknecht

  2. Horst Görtz Institute for IT-Security (HGI), Ruhr-University Bochum, Germany

    Ahmad-Reza Sadeghi & Christian Wachsmann

  3. Dipartimento di Informatica ed Applicazioni, University of Salerno, Italy

    Alessandra Scafuro & Ivan Visconti

Authors
  1. Frederik Armknecht
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alessandra Scafuro
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ivan Visconti
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Christian Wachsmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Calgary , 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  2. Exascala Ltd. , Unit 9, 97 Rickman Drive, B15 2AL, Birmingham, UK

    C. J. Kenneth Tan

  3. DCOMP/UFS - Federal University of Sergipe , Aracaju, SE, Brazil

    Edward David Moreno

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Armknecht, F., Sadeghi, AR., Scafuro, A., Visconti, I., Wachsmann, C. (2010). Impossibility Results for RFID Privacy Notions. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science XI. Lecture Notes in Computer Science, vol 6480. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17697-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17697-5_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17696-8

  • Online ISBN: 978-3-642-17697-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation