Like many high-tech device, RFID system has become a necessary technology that every company would like to adopt. While this widely used technology brings convenience to our society, it also raises considerable threats among persons due to their privacy concerns. Many authentication protocols based on symmetric challenge-response scheme have been developed in order to ensure the privacy of the users is preserved. However, many of the existing schemes cannot protect tag privacy in the presence of compromised or malicious RFID readers. In this paper, we investigate the possible security and privacy threats to RFID system. We then propose and implement a new approach to authenticate smarts tags without exposing their owners’ identities and activities patterns, in the attacking scenario of various outsider attacks, and readers or tags compromises. Extensive implementation and experiments have also been conducted to validate the feasibility of the proposed method.
We would like to thank Chuang Wang for many useful discussions on EC computations, and uses of operations in WM-ECC library.
[1] T. I. Corp, “Ti celebrates 10 year aniversary of rfid, http://www.ti.com/rfid/docs/manuals/rfidnews/tiris_nl20.pdf.” RFID News, Issue 20, Texas Instruments., 2000.
[2] D. B. S. Sarma and K. Ashton, “The networked physical world - proposals for engineering the next generation of computing, commerce & automatic identification. white paper, mit: Auto-id center,,” Oct 2000.
[3] A. Juels, “Rfid security and privacy: a research survey,” Selected Areas in Communications, IEEE Journal on, vol. 24, no. 2, pp. 381–394, 2006.
[4] M. R. Rieback, B. Crispo, and A. S. Tanenbaum, “Keep on blockin’ in the free world: Personal access control for low-cost rfid tags,” in Security Protocols Workshop, pp. 51–59, 2005.
[5] A. Juels, R. L. Rivest, and M. Szydlo, “The blocker tag: selective blocking of rfid tags for consumer privacy,” in CCS ’03: Proceedings of the 10th ACM conference on Computer and communications security, (New York, NY, USA), pp. 103–111, ACM Press, 2003.
[6] Y. Nohara, S. Inoue, K. Baba, and H. Yasuura, “Quantitative evaluation of unlinkable id matching schemes,” in WPES ’05: Proceedings of the 2005 ACM workshop on Privacy in the electronic society, (New York, NY, USA), pp. 55–60, ACM, 2005.
[7] B. Song and C. J. Mitchell, “Rfid authentication protocol for low-cost tags,” in WiSec ’08: Proceedings of the first ACM conference on Wireless network security, (New York, NY, USA), pp. 140–147, ACM, 2008.
[8] S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, “Security and privacy aspects of low-cost radio frequency identification systems,” in Security in Pervasive Computing, vol. 2802 of Lecture Notes in Computer Science, pp. 201–212, 2004.
[9] Food and D. Association, “Combating counterfeit drugs: A report of the food and drug,” tech. rep., Administration Annual Update, May 18, 2005.
[10] K. Koscher, A. Juels, and T. Kohno, “Epc rfid tags in security applications: Passport cards, enhanced drivers licenses, and beyond,”
[11] D. Molnar and D. Wagner, “Privacy for rfid through trusted computing,” in In Procs. Workshop on Privacy in the Electronic Society WPES05, pp. 31–34, Press, 2005.
[12] T. Dimitriou, “A lightweight rfid protocol to protect against traceability and cloning attacks,” September, 2005.
[13] G. Tsudik, “Ya-trap: yet another trivial rfid authentication protocol,” pp. 4 pp.+, 2006.
[14] C. Research, “Recommended elliptic curve domain parameter,” tech. rep., Certicom Copr., September 20, 2005.
[15] R. v. B. M. W. E. B. David Gay, Phil Levis and D. Culler, “The nesc language: A holistic approach to networked embedded systems,” In Programming Language Design and Implementation (PLDI), June 2003.