Refresh: weak privacy model for RFID systems

Authors:
Li Lu;Yunhao Liu;Xiang-Yang Li
Affiliations:
School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu;Department of Computer Science and Engineering, Hong Kong University of Science and Technology, Hong Kong, P.R. China;Dept. of Computer Science, TongJi University, China, and Dept. of Computer Science, Illinois Institute of Technology, Chicago, IL
Venue:
INFOCOM'10 Proceedings of the 29th conference on Information communications
Year:
2010

Citing 16
Cited 3

Random oracles are practical: a paradigm for designing efficient protocols

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
LANDMARC: Indoor Location Sensing Using Active RFID

PERCOM '03 Proceedings of the First IEEE International Conference on Pervasive Computing and Communications
Privacy and security in library RFID: issues, practices, and architectures

Proceedings of the 11th ACM conference on Computer and communications security
A Scalable and Provably Secure Hash-Based RFID Protocol

PERCOMW '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops
YA-TRAP: Yet Another Trivial RFID Authentication Protocol

PERCOMW '06 Proceedings of the 4th annual IEEE international conference on Pervasive Computing and Communications Workshops
A Secure and Efficient RFID Protocol that could make Big Brother (partially) Obsolete

PERCOM '06 Proceedings of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications
A Lightweight RFID Protocol to protect against Traceability and Cloning attacks

SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Protecting RFID communications in supply chains

ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems

PERCOM '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications
Defining Strong Privacy for RFID

PERCOMW '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops
Physical Access Control for Captured RFID Data

IEEE Pervasive Computing
Mutual authentication in RFID: security and privacy

Proceedings of the 2008 ACM symposium on Information, computer and communications security
On privacy models for RFID

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags

SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
A cryptanalytic time-memory trade-off

IEEE Transactions on Information Theory
RFID security and privacy: a research survey

IEEE Journal on Selected Areas in Communications

Informative counting: fine-grained batch authentication for large-scale RFID systems

Proceedings of the fourteenth ACM international symposium on Mobile ad hoc networking and computing
Fast tag searching protocol for large-scale RFID systems

IEEE/ACM Transactions on Networking (TON)
Approaching the time lower bound on cloned-tag identification for large RFID systems

Ad Hoc Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Privacy-Preserving Authentication (PPA) is crucial for Radio Frequency Identifcation (RFID)-enabled applications. Without appropriate formal privacy models, it is difficult for existing PPA schemes to explicitly prove their privacy. Even worse, RFID systems cannot discover potential security flaws that are vulnerable to new attacking patterns. Recently, researchers propose a formal model, termed as Strong Privacy, which strictly requires tags randomly generate their output. Adopting the Strong Privacy model, PPA schemes have to employ brute-force search in tags' authentications, which incurs unacceptable overhead and delay to large-scale RFID systems. Instead of adopting Strong Privacy, most PPA schemes improve the authentication efficiency at the cost of the privacy degradation. Due to the lack of proper formal models, it cannot be theoretically proven that the degraded PPA schemes can achieve acceptable privacy in practical RFID systems. To address these issues, we propose a weak privacy model, Refresh, for designing PPA schemes with high efficiency as well as acceptable privacy. Based on Refresh, we show that many well-known PPA schemes do not provide satisfied privacy protection, even though they achieve relatively high authentication efficiency. We further propose a Light-weight privAcy-preServing authenTication scheme, LAST, which can guarantee the privacy based on the Refresh model and realize O(1) authentication efficiency, simultaneously.