RFID Protocols and Privacy Models for RFID

Faisal Razzak
Politecnico di Torino, e-Lite research group
http://elite.polito.it

RFID Protocol
YA-TRAP [1] , YA-TRAP+ [2]
A Zero knowledge RFID protocol [3]
OSK/AO Schemes [4][5]
Hash-Locks [6]
O-TRAP [7]
Privacy of RFID Protocols.

RFID Protocols & privacy for RFID
protocols

protocols

Yet Another- Trivial RFID Authentication
Protocol.
Inexpensive, untraceable identification of
RFID tags.
Used for Batch Mode.
Inspired by Herzberg work of
anonymous authentication of Mobile
users that move between domains [8].

protocols

Susceptible to trivial DOS attacks.
Implicit assumption that a tag is never
authenticated more than once within the
same interval.

protocols

Focus on post purchase problem to
eliminate trade-of between convenience
and security by ensuring the device
owner control of information leakage.
Explain working ?

protocols

Zero knowledge authentication Message:

Response (If authenticated)

protocols

Can Zero-Knowledge Tags Protect
Privacy? [9]
Augmented Protocol
– Act as a toggle switch.
– Application specific commands could be
added as a fourth instance.
– Changing SSDK .
– More SSDK.

protocols

Setup
Interrogation
Identification

protocols

Deterministic Hash-Locks
Randomized Hash-Locks.

protocols

An optimistic , secure 1-pass anonymous
authentication protocol.
Optimistic means the security overhead is
minimal when the parties are honest.

protocols

Secure Channel

Trusted Reader Tag
Server

protocols

MAC: Hki{.} be a pseudo-random
function.
Kill-keys
Timing Attacks

protocols

MARP1 [10]
MARP2
Auth2 [11]
RIPP-FS [12]

protocols

Execute(R, T , i)
Send (U1, U2, i , m)
Corrupt (T, K)
TestUPriv (U,i)

protocols

t0 max-time tmax0, t1 max-time tmax1
tmax0 < tmax1.
Learning
– Send tj = tmax0 to any T { to, t1}.
Challenge
– Send tj for tmaxo <tj < tmax1.
– If T=t0, response will be PRNG.(Not
validated)
– If T=t1, response will be validated.
HMACKi(tj)
protocols

Cloning.

protocols

Learning
– Send t0 with some rt and t, where t >>>> t0.
– Response = ri, h1 = Hk{00||t||rt}.
– Stops 2nd communication from Reader to
Tag.
Challenge
– Send same t and rt
– If T=t0, response same like before.
– If T=t1, response will be different.
protocols

Learning
– Send query to the tag T0 with random values
rt repeatedly, causing tag to update its value
to well in future.
Challenge
– Passive Role
– Execute Query to see if reader accepts the
tag as valid. If not, then the adversary knows
this is the marked tag.
– Conflict of view

protocols

Protocol modification to analyze if the
current tag counter differ more than d
from the previous counter.
Slowing rate of the responses

protocols

A Zero Knowledge RFID protocol

protocols

Vulnerability in ZK with Shared Keys
Repairing ZK
Power analysis attack [14]
Logical layer silence does not imply RF
silence.

protocols

Deterministic Hash lock
Randomized Hash lock

protocols

Challenge: nonceR
response

protocols

No replay attack .
Like OSK/AO, the tag does not store
internal state on nonceR.
No counter or timestamp that can be
manipulated like YA-TRAP.
It always yeild output unlike ZK.

protocols

1. G Tsudik , YA-TRAP: Yet another trivial RFID authentication
protocolWorkshops, 2006. PerCom Workshops 2006.
2. C Chatmon, T van Le and M Burmester , secure anonymous rfid authentication
protocol Florida State University, 2006
3. Engberg, S.J. and Harning, M.B. and Jensen, C.D., ero-knowledge device
authentication: Privacy & security enhanced RFID preserving business value and
consumer convenience, Second Annual Conference on Privacy, Security, and Trust
, 2004.
4. M. Ohkubo, K. Suzuki, and S. Kinoshita. Cryptographic approach to privacy-
friendly tags. In RFID Privacy Workshop, MIT, USA, 2003.
5. G Avoine and P Oechslin , A scalable and provably secure Hash-based RFID
Protocol, Third IEEE International Conference on Pervasive Computing and
Communications Workshops, 2005.
6. S Weis, S Sarma, R Rivest, D Engels , Security and privacy aspects of low-cost
radio frequency identification systems Security in Pervasive Computing, 2004

protocols

7. M Burmester, T Van Le, B De Medeiros , Provably secure ubiquitous systems:
Universally composable RFID authentication protocol, Securecomm and
Workshops, 2006
8. A.Herzberg, H.Krawczyk and G.Tsudil, On Travaling Incognito, IEE workshop on
Mobile Systems and Applications, December 1994.
9. F. Khan, Can Zero-Knowledge tags protect privacy, RFID Journal, 2005.
10. SC Kim, SS Yeo and S Kim, MARP: Mobile agent for rfid privacy protection, Smart
Card Research and Advanced Applications – Springer
11. CC Tan, B Sheng, and Q Li, Severless search and authentication protocols
for RFID, IEEE transactions on wireless communications, 2008 .
12. M Conti, RD Pietro, LV Mancini, RIPP-FS: An RFID Identification, Privacy
Preserving Protocol with Forward SecrecyA Spognardi - Pervasive Computing and
Communications workshop, 2007
13. A Juels, SA Weis -, Defining Strong privacy for RFID, ACM Transactions on
Information and System 2009
14. Khaled Ouafi and Raphael C. –W. Phan, Privacy of Recent RFID Authentication
Protocols, Information Security Practice and Experience, 2008 - Springer

protocols

Faisal Razzak
Faisal.razzak@polito.it

RFID Protocols and Privacy Models for RFID

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to RFID Protocols and Privacy Models for RFID

Similar to RFID Protocols and Privacy Models for RFID (20)

More from Faisal Razzak

More from Faisal Razzak (6)

Recently uploaded

Recently uploaded (20)

RFID Protocols and Privacy Models for RFID