Privacy-Friendly Authentication in RFID Systems: On Sublinear Protocols Based on Symmetric-Key Cryptography

The recent advent of ubiquitous technologies has raised an important concern for citizens: the need to protect their privacy. So far, this wish was not heard of industrials, but national and international regulation authorities, as the European Commission recently published some guidelines to enforc...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on mobile computing 2013-10, Vol.12 (10), p.2037-2049
Main Authors: Avoine, G., Bingol, M. A., Carpent, X., Yalcin, S. B. O.
Format: Magazinearticle
Language:English
Subjects:
attacks
Authentication
complexity
Complexity theory
Control
Cryptography
Customers
Guidelines
Privacy
Protocols
Radio frequency identification
Radiofrequency identification
RFID
Transportation
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The recent advent of ubiquitous technologies has raised an important concern for citizens: the need to protect their privacy. So far, this wish was not heard of industrials, but national and international regulation authorities, as the European Commission recently published some guidelines to enforce customers' privacy in RFID systems: "Privacy by designâ is the way to be followed as stated in EC Recommendation of 12.5.2009. Research on privacy is an active domain but there is still a wide gap between theory and everyday life's applications. Filling this gap will require academia to design protocols and algorithms that fit the real-life constraints. In this paper, we provide a comprehensive analysis of privacy-friendly authentication protocols devoted to RFID that: 1) are based on well-established symmetric-key cryptographic building blocks; 2) require a reader complexity lower than O(N) where N is the number of provers in the system. These two properties are sine qua non conditions for deploying privacy-friendly authentication protocols in large-scale applications, for example, access control in mass transportation. We describe existing protocols fulfilling these requirements and point out their drawbacks and weaknesses. We especially introduce attacks on CHT, CTI,YA-TRAP*, and the variant of OSK/AO with mutual authentication. We also raise that some protocols, such as O-RAP, O-FRAP, and OSK/BF, are not resistant to timing attacks. Finally, we select some candidates that are, according to our criteria, the most appropriate ones for practical uses.
ISSN:1536-1233
1558-0660
DOI:10.1109/TMC.2012.174