Impossibility results for RFID privacy notions

被引：15

作者：

Armknecht F. ^{[1
]}

Sadeghi A.-R. ^{[2
]}

Scafuro A. ^{[3
]}

Visconti I. ^{[3
]}

Wachsmann C. ^{[2
]}

机构：

[1] Horst Görtz Institute for IT-Security (HGI), Ruhr-University Bochum

[2] Dipartimento di Informatica Ed Applicazioni, University of Salerno

来源：

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | 2010年 / 6480卷 / PART 2期

关键词：

Authentication; Privacy; Resettability; RFID; Security;

D O I：

10.1007/978-3-642-17697-5_3

中图分类号：

学科分类号：

摘要：

RFID systems have become increasingly popular and are already used in many real-life applications. Although very useful, RFIDs introduce privacy risks since they carry identifying information that can be traced. Hence, several RFID privacy models have been proposed. However, they are often incomparable and in part do not reflect the capabilities of real-world adversaries. Recently, Paise and Vaudenay presented a general RFID security and privacy model that abstracts and unifies most previous approaches. This model defines mutual authentication (between RFID tags and readers) and several privacy notions that capture adversaries with different tag corruption behavior and capabilities. In this paper, we revisit the model proposed by Paise and Vaudenay and investigate some subtle issues such as tag corruption aspects. We show that in their formal definitions tag corruption discloses the temporary memory of tags and leads to the impossibility of achieving both mutual authentication and any reasonable notion of RFID privacy in their model. Moreover, we show that the strongest privacy notion (narrow-strong privacy) cannot be achieved simultaneously with reader authentication even under the strong assumption that tag corruption does not disclose temporary tag states. Further, we show other impossibility results that hold if the adversary can manipulate an RFID tag such that it resets its state or when tags are stateless. Although our results are shown on the privacy definition by Paise and Vaudenay, they give insight to the difficulties of setting up a mature security and privacy model for RFID systems that aims at fulfilling the sophisticated requirements of real-life applications. © 2010 Springer-Verlag Berlin Heidelberg.

引用

页码：39 / 63

页数：24

共 37 条

[1]

Armknecht F., Sadeghi A.R., Visconti I., Wachsmann C., On RFID privacy with mutual authentication and tag corruption, LNCS, 6123, pp. 493-510, (2010)

[2]

Innovative IDIC Solutions, (2007)

[3]

Avoine G., Adversarial model for radio frequency identification. ePrint, Report 2005/049, (2005)

[4]

Avoine G., Lauradoux C., Martin T., When compromised readers meet RFID, The 5th Workshop on RFID Security (RFIDSec), (2009)

[5]

Bellare M., Fischlin M., Goldwasser S., Micali S., Identification protocols secure against reset attacks, LNCS, 2045, pp. 495-511, (2001)

[6]

Blundo C., Persiano G., Sadeghi A.R., Visconti I., Improved security notions and protocols for non-transferable identification, LNCS, 5283, pp. 364-378, (2008)

[7]

Bringer J., Chabanne H., Icart T., Efficient zero-knowledge identification schemes which respect privacy, Proceedings of ASIACCS 2009, pp. 195-205, (2009)

[8]

Burmester M., Van Le T., De Medeiros B., Universally composable and forward-secure RFID authentication and authenticated key exchange, Proc. of ASIACCS, pp. 242-252, (2007)

[9]

Canetti R., Goldreich O., Goldwasser S., Micali S., Resettable zero-knowledge (extended abstract), STOC, pp. 235-244, (2000)

[10]

D'Arco P., Scafuro A., Visconti I., Revisiting DoS Attacks and Privacy in RFID-Enabled Networks, LNCS, 5804, pp. 76-87, (2009)

← 1 2 3 4 →