Privacy and security in library RFID: issues, practices, and architectures
Proceedings of the 11th ACM conference on Computer and communications security
A Scalable and Provably Secure Hash-Based RFID Protocol
PERCOMW '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops
A Lightweight RFID Protocol to protect against Traceability and Cloning attacks
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Universally composable and forward-secure RFID authentication and authenticated key exchange
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Defining Strong Privacy for RFID
PERCOMW '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops
Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries
International Journal of Applied Cryptography
A low-resource public-key identification scheme for RFID tags and sensor nodes
Proceedings of the second ACM conference on Wireless network security
Efficient zero-knowledge identification schemes which respect privacy
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Untraceability of RFID protocols
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Lighten encryption schemes for secure and private RFID systems
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Reducing time complexity in RFID systems
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Extending an RFID security and privacy model by considering forward untraceability
STM'10 Proceedings of the 6th international conference on Security and trust management
A privacy-restoring mechanism for offline RFID systems
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Secure multiple group ownership transfer protocol for mobile RFID
Electronic Commerce Research and Applications
A state-aware RFID privacy model with reader corruption
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Unbalanced states violates RFID privacy
Journal of Intelligent Manufacturing
Hi-index | 0.04 |
Privacy is one of the most important security concerns in radio frequency identification. The publication of hundred RFID-based authentication protocols during the last decade raised the need of designing a dedicated privacy model. An important step has been done with the model of Vaudenay that combines early models into a unified and powerful one. In particular, this model addresses the case where an adversary is able to know whether or not the protocol execution succeeded. This modelizes the fact that the adversary may get information from a side channel about the termination of the protocol, e.g., she notices that the access is granted to the RFID-tag holder. We go one step forward in this paper and stress that the adversary may also have access to a side channel that leaks the computational time of the reader. This modelizes an adversary who measures how long it takes to grant the access. Although this channel could be seen as an implementation flaw, we consider that it is always risky to require the implementation to solve what the design should deal with. This new channel enables to demonstrate that many key-reference protocols are not as privacy-friendly as they claim to be, e.g., WSRE, OSK, C2, O-FRAP, O-FRAKE,... We then introduce the TIMEFUL oracle in the model of Vaudenay, which allows to analyze the resistance of the protocols to time-based attacks as soon as the design phase. Finally, we suggest some methods that make RFID-based authentication protocols immune to such attacks.