PUF-enhanced offline RFID security and privacy

Authors:
SüLeyman Kardaş;Serkan ÇElik;Muhammet YıLdıZ;Albert Levi
Affiliations:
TíBİTAK BİLGEM UEKAE, Kocaeli, Turkey and Sabancı University, Faculty of Engineering and Natural Sciences, İstanbul, Turkey;TíBİTAK BİLGEM UEKAE, Kocaeli, Turkey and Sabancı University, Faculty of Engineering and Natural Sciences, İstanbul, Turkey;TíBİTAK BİLGEM UEKAE, Kocaeli, Turkey and Sabancı University, Faculty of Engineering and Natural Sciences, İstanbul, Turkey;Sabancı University, Faculty of Engineering and Natural Sciences, İstanbul, Turkey
Venue:
Journal of Network and Computer Applications
Year:
2012

Citing 19
Cited 2

Controlled Physical Random Functions

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Physical unclonable functions for device authentication and secret key generation

Proceedings of the 44th annual Design Automation Conference
Mutual authentication in RFID: security and privacy

Proceedings of the 2008 ACM symposium on Information, computer and communications security
Towards Robust Low Cost Authentication for Pervasive Devices

PERCOM '08 Proceedings of the 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications
Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data

SIAM Journal on Computing
FPGA Intrinsic PUFs and Their Use for IP Protection

CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
A New Formal Proof Model for RFID Location Privacy

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Defining strong privacy for RFID

ACM Transactions on Information and System Security (TISSEC)
On privacy models for RFID

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Untraceability of RFID protocols

WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Hardware intrinsic security from D flip-flops

Proceedings of the fifth ACM workshop on Scalable trusted computing
A new framework for RFID privacy

ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Revisiting unpredictability-based RFID privacy models

ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
A new RFID privacy model

ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Read-proof hardware from protective coatings

CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
RFID-Tags for anti-counterfeiting

CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
A privacy-restoring mechanism for offline RFID systems

Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
A novel RFID distance bounding protocol based on physically unclonable functions

RFIDSec'11 Proceedings of the 7th international conference on RFID Security and Privacy
Secure and Serverless RFID Authentication and Search Protocols

IEEE Transactions on Wireless Communications

Approaching the time lower bound on cloned-tag identification for large RFID systems

Ad Hoc Networks
KEDGEN2: A key establishment and derivation protocol for EPC Gen2 RFID systems

Journal of Network and Computer Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

RFID (Radio Frequency IDentification) based communication solutions have been widely used nowadays for mobile environments such as access control for secure system, ticketing systems for transportation, and sport events. These systems usually depend on readers that are not continuously connected to a secure backend system. Thus, the readers should be able to perform their duties even in offline mode, which generally requires the management by the readers of the susceptible data. The use of RFID may cause several security and privacy issues such as traceability of tag owner, malicious eavesdropping and cloning of tags. Besides, when a reader is compromised by an adversary, the solution to resolve these issues getting worse. In order to handle these issues, several RFID authentication protocols have been recently proposed; but almost none of them provide strong privacy for the tag owner. On the other hand, several frameworks have been proposed to analyze the security and privacy but none of them consider offline RFID system. Motivated by this need, in this paper, we first revisit Vaudenay's model, extend it by considering offline RFID system and introduce the notion of compromise reader attacks. Then, we propose an efficient RFID mutual authentication protocol. Our protocol is based on the use of physically unclonable functions (PUFs) which provide cost-efficient means to the fingerprint chips based on their physical properties. We prove that our protocol provides destructive privacy for tag owner even against reader attacks.