Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
LANDMARC: Indoor Location Sensing Using Active RFID
PERCOM '03 Proceedings of the First IEEE International Conference on Pervasive Computing and Communications
Privacy and security in library RFID: issues, practices, and architectures
Proceedings of the 11th ACM conference on Computer and communications security
A Scalable and Provably Secure Hash-Based RFID Protocol
PERCOMW '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops
YA-TRAP: Yet Another Trivial RFID Authentication Protocol
PERCOMW '06 Proceedings of the 4th annual IEEE international conference on Pervasive Computing and Communications Workshops
A Secure and Efficient RFID Protocol that could make Big Brother (partially) Obsolete
PERCOM '06 Proceedings of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications
A Lightweight RFID Protocol to protect against Traceability and Cloning attacks
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Protecting RFID communications in supply chains
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems
PERCOM '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications
Defining Strong Privacy for RFID
PERCOMW '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops
Physical Access Control for Captured RFID Data
IEEE Pervasive Computing
Mutual authentication in RFID: security and privacy
Proceedings of the 2008 ACM symposium on Information, computer and communications security
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
A cryptanalytic time-memory trade-off
IEEE Transactions on Information Theory
RFID security and privacy: a research survey
IEEE Journal on Selected Areas in Communications
Informative counting: fine-grained batch authentication for large-scale RFID systems
Proceedings of the fourteenth ACM international symposium on Mobile ad hoc networking and computing
Fast tag searching protocol for large-scale RFID systems
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
Privacy-Preserving Authentication (PPA) is crucial for Radio Frequency Identifcation (RFID)-enabled applications. Without appropriate formal privacy models, it is difficult for existing PPA schemes to explicitly prove their privacy. Even worse, RFID systems cannot discover potential security flaws that are vulnerable to new attacking patterns. Recently, researchers propose a formal model, termed as Strong Privacy, which strictly requires tags randomly generate their output. Adopting the Strong Privacy model, PPA schemes have to employ brute-force search in tags' authentications, which incurs unacceptable overhead and delay to large-scale RFID systems. Instead of adopting Strong Privacy, most PPA schemes improve the authentication efficiency at the cost of the privacy degradation. Due to the lack of proper formal models, it cannot be theoretically proven that the degraded PPA schemes can achieve acceptable privacy in practical RFID systems. To address these issues, we propose a weak privacy model, Refresh, for designing PPA schemes with high efficiency as well as acceptable privacy. Based on Refresh, we show that many well-known PPA schemes do not provide satisfied privacy protection, even though they achieve relatively high authentication efficiency. We further propose a Light-weight privAcy-preServing authenTication scheme, LAST, which can guarantee the privacy based on the Refresh model and realize O(1) authentication efficiency, simultaneously.