Article

Radio frequency identification and privacy with information goods

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Sarma, Weis and Engels [19] proposed the re-labelling of tags in order to avert their tracking. Innoue and Yasuura [10] and Good et al. [6] proposed some variants of this approach. The use of pseudonyms has been also proposed [11] and re-encryption has been also considered [13]. ...
Chapter
Full-text available
The deployment of the RFID technology can put the privacy of its users in jeopardy. With the aim of averting the fears of the RFID potential users, a plethora of security and privacy methods have been designed. However, due to the important growth of this technology, scalability problems have arisen and the proper deployment of the technology has become a challenge. In this chapter, we provide a brief overview of the most relevant methods for providing security and privacy to the users of the RFID technology. We pay a special attention to the hash locks proposal and we recall a method based on the distribution of RFID readers, with the aim to provide security and privacy in a scalable fashion. In order to test our method, we have developed a simulator that is presented in this chapter. By using this simulator we study the distribution of several kinds of readers on a variety of scenarios, and we report some of the obtained results.
... but the old one remain their for further use. There are various works done based on this idea like Good et al. [6] proposed the idea of rewrite RFID tags with a new random number on each checkout. It presents a solution for clandestine scanning of library books. ...
Conference Paper
Full-text available
This paper presents the recent technical research on the problems of privacy and security for radio frequency identification (RFID). RFID technology is already used widely and is increasingly becoming a part of daily life. However, issues regarding security and privacy with respect to RFID technology have not been resolved satisfactorily. There are huge number of challenges, which must be overcome to resolve RFID security and privacy issues. It is because of the many constraints attached to the provision of security and privacy in RFID systems. These challenges are chiefly technical and economic in nature but also include ethical and social issues. Along with meeting the security and privacy needs of RFID technology, solutions must be inexpensive, practical, reliable, scalable, flexible, inter-organizational, and long lasting. This paper reviews the approaches which had been proposed by scientists for privacy protection and integrity assurance in RFID systems, and treats the social and technical context of their work. This paper can be useful as a reference for non specialist, as well as for specialist readers.
... Beyond hardware-based techniques [11,19], many researchers have looked into the problem in order to design protocols which allow authorised persons to identify the tags without an adversary being able to trace them. Among them, the principal players are Avoine [1,2,3], Feldhofer [9,10], Juels [12,16,17,18,19], Molnar and Wagner [13,20], Ohkubo [21], and Weis [24,27,26,28]. Most schemes are 3-round protocols (or can be reduced to this type of protocol) as described inFig. ...
Article
Radio Frequency Identification (RFID) systems aim to identify objects in open environments with neither physical nor visual contact. They consist of transponders inserted into objects, of readers, and usually of a database which contains information about the objects. The key point is that authorised readers must be able to identify tags without an adversary being able to trace them. Traceability is often underestimated by advocates of the technology and sometimes exaggerated by its detractors. Whatever the true picture, this problem is a reality when it blocks the deployment of this technology and some companies, faced with being boycotted, have already abandoned its use. Using cryptographic primitives to thwart the traceability issues is an approach which has been explored for several years. However, the research carried out up to now has not provided satisfactory results as no universal formalism has been defined. In this paper, we propose an adversarial model suitable for RFID environments. We define the notions of existential and universal untraceability and we model the access to the communication channels from a set of oracles.
... Privacy is an issue that could hinder the wider use of RFID. For example [11] discusses the privacy concerns when using RFID to tag information goods where the secrecy of ownership is legally protected. Similar problems could occur in applications like banknotes, medicines, cloths, etc. ...
... Privacy is an issue that could hinder the wider use of RFID. For example [11] discusses the privacy concerns when using RFID to tag information goods where the secrecy of ownership is legally protected. Similar problems could occur in applications like banknotes, medicines, cloths, etc. ...
Article
Many security and privacy protocols for RFID systems have been proposed [8, 13, 19, 20]. In most cases these protocols are evaluated in terms of security based on some model. Often the model was introduced by the creator of the protocol, in some cases borrowing parameters from the protocol for model parameters. Moreover, the models that are discussed may represent only one aspect of the necessary security services that are needed in an RFID system. Here we describe several of the security requirements that are needed in an RFID system. Further, we model these requirements. These models incorporate security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity. We also construct less restrictive versions of many of these models to reflect the security needed for some less security-intensive RFID applications. Finally, we compare our model to Juels' models [13], Avoine's models [4] and Ohkubo et al.'s models [20].
... A few reference papers are [26, 73, 113, 117, 136, 178]. For further views on the risk of using tags, we suggest the reader to have a look at some other papers, for example [15, 19, 72, 96, 112, 118, 122, 134, 156]. We also suggest the reading of the master thesis of Yang [111] and Hjorth [103], and the quite innovative master thesis of Weis [176]. ...
Article
This PhD thesis focuses on fair exchange protocols and radio frequency identification protocols. Fair exchange stems from a daily life problem: how can two people exchange objects (material or immaterial) fairly, that is, without anyone being hurt in the exchange? More formally, if Alice and Bob each have objects mA and mB respectively, then the exchange is fair if, at the end of the protocol, both Alice and Bob have received mB and mA respectively, or neither Alice nor Bob have received the expected information, even partially. Ensuring fairness in an exchange is impossible without introducing additional assumptions. Thus, we propose two approaches to overcome this problem. The first consists in attaching to each person, a guardian angel, that is, a security module conceived by a trustworthy authority and whose behavior cannot deviate from the established rules. In such a model, the fairness of the exchange can be ensured with a probability as close to 1 as desired, implying however a communication complexity cost. We then use results from the distributed algorithm to generalize this approach for n people. Finally, we propose a second approach that consists in no more considering the exchange in an isolated manner, but to replace it in its context, in the heart of a network, where each person in the pair has a few honest neighbors. In this framework, fairness can lie on these neighbors, who are solicited only in the case of a conflict during the exchange. We then look into Radio Frequency Identification (RFID), which consists in remotely identifying objects or subjects having a transponder. The great achievements that radio frequency identification has made today, lies essentially on the willingness to develop low cost and small size transponders. Consequently, they have limited computation and storage capabilities. Due to this reason, many questions have been asked regarding RFID's potential and limitations, more precisely in terms of security and privacy. Since this is a recent problem, the works presented in this document first outline completely the framework by introducing certain basic concepts. In particular, we present and classify threats, we show the link between traceability and the communication model, and we analyze existing RFID protocols. We also present the complexity issues due to key management. We show that the solution proposed by Molnar and Wagner has weaknesses and we propose another solution based on time-memory trade-offs. Finally, we continue our time-memory trade-off analysis by proposing a method based on checkpoints, which allows detecting false alarms in a probabilistic manner. Cette thèse de doctorat s'intéresse aux protocoles d'échange équitable et aux protocoles d'identification par radiofréquence. L'échange équitable provient d'un problème de la vie de tous les jours : comment deux personnes peuvent-elles s'échanger des objets (matériels ou immatériels) de manière équitable, c'est-à-dire de telle sorte qu'aucune des deux personnes ne soit lésée dans l'échange ? De manière plus formelle, si Alice et Bob possèdent respectivement les objets mA et mB, alors l'échange est équitable si, à la fin du protocole, soit Alice et Bob ont obtenu respectivement mB et mA, soit ni Alice ni Bob n'a obtenu l'information attendue, ne serait-ce que partiellement. Assurer l'équité d'un échange est impossible sans ajouter des hypothèses supplémentaires. Nous proposons alors deux approches pour aborder ce problème. La première consiste à adjoindre à chaque personne un ange gardien, c'est-à-dire un module de sécurité élaboré par une autorité de confiance et dont le comportement ne peut dévier des règles établies. Dans un tel modèle, l'équité de l'échange peut être assurée avec une probabilité aussi proche de 1 que l'on souhaite, impliquant cependant un coût en terme de complexité. Nous utilisons ensuite des résultats de l'algorithmique distribuée pour généraliser cette approche à n personnes. Enfin, nous proposons une seconde approche qui consiste à ne plus considérer l'échange de manière isolée, mais à le replacer dans son contexte, au centre d'un réseau, où chacune des deux personnes possède certains voisins honnêtes. Dans ce cadre, l'équité peut reposer sur ces voisins, qui ne seront sollicités qu'en cas de conflit durant l'échange. Nous nous intéressons ensuite à l'identification par radiofréquence (RFID), qui consiste à identifier à distance des objets ou sujets munis d'un transpondeur. L'essor que connaît aujourd'hui cette technologie repose essentiellement sur la volonté de développer des transpondeurs à bas coût et de faible taille, ne disposant par conséquent que de faibles capacités de calcul et de stockage. Pour cette raison, de délicates questions se posent sur le potentiel et les limites de la RFID, notamment en termes de sécurité et de vie privée. Parce que cette problématique est très récente, les travaux présentés dans ce document défrichent avant tout le terrain en posant certains concepts de base. En particulier, nous exhibons et classifions les menaces, nous montrons le lien entre traçabilité et modèle de communication, et nous analysons les protocoles RFID existants. Nous présentons également les problèmes de complexit é engendrés par la gestion des clefs. Nous montrons que la solution proposée par Molnar et Wagner présente des faiblesses et suggérons une autre solution reposant sur les compromis temps-mémoire. Enfin, nous poursuivons notre analyse des compromis temps-mémoire en proposant une méthode qui repose sur des points de contrôle, qui permettent de détecter de manière probabiliste les fausses alarmes.
... Beyond hardware-based techniques [11,20], many researchers have looked into the problem in order to design protocols which allow authorised persons to identify the tags without an adversary being able to trace them. Among them, the principal players are Avoine [1][2][3], Feldhofer [9,10], Juels [12,[16][17][18][19][20][21], Molnar and Wagner [13,18,22], Ohkubo [23,24], Saito and Sakurai [26,27], and Weis [21,28,[30][31][32]. ...
Article
Radio Frequency Identification (RFID) systems aim to identify objects in open environments with neither physical nor visual contact. They consist of transponders inserted into objects, of readers, and usually of a database which contains information about the objects. The key point is that authorised readers must be able to identify tags without an adversary being able to trace them. Traceability is often underestimated by advocates of the technology and sometimes exaggerated by its detractors. Whatever the true picture, this problem is a reality when it blocks the deployment of this technology and some companies, faced with being boycotted, have already abandoned its use. Using cryptographic primitives to thwart the traceability issues is an approach which has been explored for several years. However, the research carried out up to now has not provided satisfactory results as no universal formalism has been defined. In this paper, we propose an adversary model suitable for RFID environments. We define the notions of existential and universal untraceability and we model the access to the communication channels from a set of oracles. We show that our formalisation fits the problem being considered and allows a formal analysis of the protocols in terms of traceability. We use our model on several well-known RFID protocols and we show that most of them have weaknesses and are vulnerable to traceability.
... , proposing ways that users can physically alter tags to limit their data emission and obtain physical confirmation of their changed state. As a remedy for clandestine scanning of library books, Good et al. [40] propose the idea of relabeling RFID tags with random identifiers on checkout. ...
Article
Full-text available
This paper surveys recent technical research on the problems of privacy and security for radio frequency identification (RFID). RFID tags are small, wireless devices that help identify objects and people. Thanks to dropping cost, they are likely to proliferate into the billions in the next several years-and eventually into the trillions. RFID tags track objects in supply chains, and are working their way into the pockets, belongings, and even the bodies of consumers. This survey examines approaches proposed by scientists for privacy protection and integrity assurance in RFID systems, and treats the social and technical context of their work. While geared toward the nonspecialist, the survey may also serve as a reference for specialist readers.
Conference Paper
The RFID technology is now widely used and combined with everyday life. RFID Tag is a wireless device used to identify individuals and objects, in fact, it is a combination of the chip and antenna that sends the necessary information to an RFID Reader. On the other hand, an RFID Reader converts received radio waves into digital information and then provides facilities such as sending data to the computer and processing them. Radio frequency identification is a comprehensive processing technology that has led to a revolution in industry and medicine as an alternative to commercial barcodes. RFID Tag is used to tracking commodities and personal assets in the chain stores and even the human body and medical science. However, security and privacy problems have not yet been solved satisfactorily. There are many technical and economic challenges in this direction. In this paper, some of the latest technical research on privacy and security problems has been investigated in radio-frequency identification and security bit method, and it has been shown that in order to achieve this level of individual security, multiple technologies of RFID security development should combine with each other. These solutions should be cheap, efficient, reliable, flexible and long-term. Keywords—Radio Frequency Identification (RFID), Counterfeit, Electronic Product Code (EPC), Privacy, Security, Security bit method.
Article
Full-text available
The prevalence of Radio Frequency Identification (RFID) technology requires Privacy-Preserving Authentication (PPA) protocols to prevent privacy leakage during authentication. Existing PPA protocols employ the per-tag authentication, in which the reader has to sequentially authenticate the tags within the detecting region. Such a processing pattern becomes a bottleneck in current RFID enabled systems, especially for those batch-type processing applications. In this paper, we propose an efficient authentication protocol, which leverages the collaboration among multiple tags for accelerating the authentication speed. We also find that the collision, usually being considered as a negative factor, is helpful media to enable collaborative authentication among tags. Our protocol, termed as Multiple-tags privacy-preserving Authentication Protocol (MAP), authenticates a batch of tags concurrently with strong privacy and high efficiency. The analytical and simulation results show that the efficiency of MAP is better than O() and asymptotically approaches O(1).
Conference Paper
Recently the concern about security and privacy issues of RFID tags have emerged just because of the vital information in the operation of the RFID system at open radio frequency circumstance. To overcome these threats, this paper presents a mutual authentication mechanism, renewing the tag's key value in each process, which can solve the problem such as privacy or wiretapping, replay attack, forward security, synchronization indistinguishability or location track and ownership transfer. In view of the cost of tags, we only utilize the symmetric encryption in RFID authentication protocol. Analysis shows that this approach is of good security and privacy, low cost, and high efficiency.
Conference Paper
The ubiquitous adoption of RFID technology is becoming integral part of our life. The stringent behavior of RFID system makes it more prone to impendence situations. Consequently, it needs more enduring and testing to become less susceptible to attacks without compromising the crucial key factors like, memory, cost, speed, computation and handling. An approach without concerning all these factors is not an acceptable approach. In this paper, we present a more persistent solution that provides security without compromising the crucial key factors and addressing all security issues like eavesdropping, tracking, cloning and replay attacks.
Conference Paper
Novel metal oxide semiconductor field effect transistor (MOSFET) architectures aimed at sub 1 V operation with enhanced current driving capability are reported. In our design, the planar channel region in a conventional MOSFET is replaced by an array of isolated Si wires. Directional metal coverage of the two sidewalls and the top surface of each Si wire help achieve enhanced gate control. Sub 1 V operation is achieved by reducing cross-sectional wire diameters to ~0.05 μm. Since the conventional optical lithography techniques lack patterning resolution at this scale, a mix and match approach with interferometric lithography was employed. Super-resolution capability of interferometric lithography was applied to pattern nanoscale Si wires, while optical lithography was used to pattern non-critical device levels. Drain current versus gate voltage measurements of planar and wire MOSFETs demonstrated the superiority of the multiple nanowire gate design. Increasing the number of 0.05 μm diameter wires significantly increased current flow in the channel region without sacrificing the low-voltage operation. The mix and match approach for patterning critical level nanoscale features represents a low-cost complement to optical lithography
ResearchGate has not been able to resolve any references for this publication.