Privacy of recent RFID authentication protocols

Khaled Ouafi, Raphael C.W. Phan

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

78 Citations (Scopus)

Abstract

Privacy is a major concern in RFID systems, especially with widespread deployment of wireless-enabled interconnected personal devices e.g. PDAs and mobile phones, credit cards, e-passports, even clothing and tires. An RFID authentication protocol should not only allow a legitimate reader to authenticate a tag but it should also protect the privacy of the tag against unauthorized tracing: an adversary should not be able to get any useful information about the tag for tracking or discovering the tag's identity. In this paper, we analyze the privacy of some recently proposed RFID authentication protocols (2006 and 2007) and show attacks on them that compromise their privacy. Our attacks consider the simplest adversaries that do not corrupt nor open the tags. We describe our attacks against a general untraceability model; from experience we view this endeavour as a good practice to keep in mind when designing and analyzing security protocols.

Original languageEnglish
Title of host publicationInformation Security Practice and Experience - 4th International Conference, ISPEC 2008, Proceedings
Pages263-277
Number of pages15
DOIs
Publication statusPublished - 2008
Externally publishedYes
EventInformation Security Practice and Experience Conference 2008 - Sydney, Australia
Duration: 21 Apr 200823 Apr 2008
Conference number: 4th
https://link.springer.com/book/10.1007/978-3-540-79104-1 (Proceedings)

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4991 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceInformation Security Practice and Experience Conference 2008
Abbreviated titleISPEC 2008
Country/TerritoryAustralia
CitySydney
Period21/04/0823/04/08
Internet address

Keywords

  • Authentication protocols
  • Privacy
  • Provably secure
  • RFID
  • Untraceability

Cite this