On Certificate Revocation and Validation
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Certificate Revocation and Certificate Update
Certificate Revocation and Certificate Update
Disabling RFID tags with visible confirmation: clipped tags are silenced
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
YA-TRAP: Yet Another Trivial RFID Authentication Protocol
PERCOMW '06 Proceedings of the 4th annual IEEE international conference on Pervasive Computing and Communications Workshops
Security and Privacy Issues in E-passports
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Secure Device Pairing based on a Visual Channel (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
HAPADEP: Human-Assisted Pure Audio Device Pairing
ISC '08 Proceedings of the 11th international conference on Information Security
Proceedings of the 15th ACM conference on Computer and communications security
Privacy-preserving revocation checking
International Journal of Information Security
A low-resource public-key identification scheme for RFID tags and sensor nodes
Proceedings of the second ACM conference on Wireless network security
Serial hook-ups: a comparative usability study of secure device pairing methods
Proceedings of the 5th Symposium on Usable Privacy and Security
Treat 'em like other devices: user authentication of multiple personal RFID tags
Proceedings of the 5th Symposium on Usable Privacy and Security
Caveat eptor: A comparative study of secure device pairing methods
PERCOM '09 Proceedings of the 2009 IEEE International Conference on Pervasive Computing and Communications
The Factor Structure of the System Usability Scale
HCD 09 Proceedings of the 1st International Conference on Human Centered Design: Held as Part of HCI International 2009
Vulnerabilities in first-generation RFID-enabled credit cards
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Readers behaving badly: reader revocation in PKI-based RFID systems
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Crossing borders: security and privacy issues of the european e-passport
IWSEC'06 Proceedings of the 1st international conference on Security
Can Jannie verify? Usability of display-equipped RFID tags for security purposes
Journal of Computer Security - Research in Computer Security and Privacy: Emerging Trends
Hi-index | 0.00 |
Recent emergence of RFID tags capable of performing public key operations motivates new RFID applications, including electronic travel documents, identification cards and payment instruments. In this context, public key certificates form the cornerstone of the overall system security. In this paper, we argue that one of the prominent challenges is how to handle revocation and expiration checking of RFID reader certificates. This is an important issue considering that these high-end RFID tags are geared for applications such as e-documents and contactless payment instruments. Furthermore, the problem is unique to public key-based RFID systems, since a passive RFID tag has no clock and thus cannot use time-based off-line methods.In this paper, we address the problem of reader certificate expiration and revocation in PKI-based RFID systems. We begin by observing an important distinguishing feature of personal RFID tags used in authentication, access control or payment applications --the involvement of a human user. We take advantage of the user's awareness and presence to construct a simple, efficient, secure and most importantly feasible solution. We evaluate the usability and practical security of our solution via user studies and discuss its feasibility.