User-aided reader revocation in PKI-based RFID systems

Recent emergence of RFID tags capable of performing public key operations motivates new RFID applications, including electronic travel documents, identification cards and payment instruments. In this context, public key certificates form the cornerstone of the overall system security. In this paper,...

Full description

Saved in:
Bibliographic Details
Published in:Journal of computer security 2011-01, Vol.19 (6), p.1147-1172
Main Authors: Nithyanand, Rishab, Tsudik, Gene, Uzun, Ersin
Format: Article
Language:English
Subjects:
Certificates
Computer information security
Electronics
Expiration
Mathematical models
Radio frequency identification
Readers
Tags
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 1172
container_issue 6
container_start_page 1147
container_title Journal of computer security
container_volume 19
creator Nithyanand, Rishab
Tsudik, Gene
Uzun, Ersin
description Recent emergence of RFID tags capable of performing public key operations motivates new RFID applications, including electronic travel documents, identification cards and payment instruments. In this context, public key certificates form the cornerstone of the overall system security. In this paper, we argue that one of the prominent challenges is how to handle revocation and expiration checking of RFID reader certificates. This is an important issue considering that these high-end RFID tags are geared for applications such as e-documents and contactless payment instruments. Furthermore, the problem is unique to public key-based RFID systems, since a passive RFID tag has no clock and thus cannot use (time-based) off-line methods.In this paper, we address the problem of reader certificate expiration and revocation in PKI-based RFID systems. We begin by observing an important distinguishing feature of personal RFID tags used in authentication, access control or payment applications the involvement of a human user. We take advantage of the user's awareness and presence to construct a simple, efficient, secure and (most importantly) feasible solution. We evaluate the usability and practical security of our solution via user studies and discuss its feasibility.
doi_str_mv 10.3233/JCS-2011-0435
format article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1010888679</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1010888679</sourcerecordid><originalsourceid>FETCH-LOGICAL-c226t-4b6e60a02117f410fba0b81b1d3f0d050ae7d40796ebcfed68bd788b8a331e643</originalsourceid><addsrcrecordid>eNotkMFLwzAYxYMoOKdH7z16iX5J2iQ9ynRzOlDUgbeQNF-hsq4zXyfsv7dlnt7h_XgPfoxdC7hVUqm759kHlyAEh1wVJ2wirCm4LWV-yiZQSs2lNF_n7ILoG0AKUdoJ02vCxH0TMWYJfcQ0xG9X-b7ptlmzzd5eljx4Gur3-fIhowP12NIlO6v9hvDqP6dsPX_8nD3x1etiObtf8UpK3fM8aNTgxzNT5wLq4CFYEURUNUQowKOJOZhSY6hqjNqGaKwN1islUOdqym6Ou7vU_eyRetc2VOFm47fY7ckJEGCt1aYcUH5Eq9QRJazdLjWtT4cBcqMfN_hxox83-lF_76dWng</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1010888679</pqid></control><display><type>article</type><title>User-aided reader revocation in PKI-based RFID systems</title><source>EBSCOhost Business Source Ultimate</source><creator>Nithyanand, Rishab ; Tsudik, Gene ; Uzun, Ersin</creator><contributor>Gritzalis, Dimitris</contributor><creatorcontrib>Nithyanand, Rishab ; Tsudik, Gene ; Uzun, Ersin ; Gritzalis, Dimitris</creatorcontrib><description>Recent emergence of RFID tags capable of performing public key operations motivates new RFID applications, including electronic travel documents, identification cards and payment instruments. In this context, public key certificates form the cornerstone of the overall system security. In this paper, we argue that one of the prominent challenges is how to handle revocation and expiration checking of RFID reader certificates. This is an important issue considering that these high-end RFID tags are geared for applications such as e-documents and contactless payment instruments. Furthermore, the problem is unique to public key-based RFID systems, since a passive RFID tag has no clock and thus cannot use (time-based) off-line methods.In this paper, we address the problem of reader certificate expiration and revocation in PKI-based RFID systems. We begin by observing an important distinguishing feature of personal RFID tags used in authentication, access control or payment applications the involvement of a human user. We take advantage of the user's awareness and presence to construct a simple, efficient, secure and (most importantly) feasible solution. We evaluate the usability and practical security of our solution via user studies and discuss its feasibility.</description><identifier>ISSN: 0926-227X</identifier><identifier>EISSN: 1875-8924</identifier><identifier>DOI: 10.3233/JCS-2011-0435</identifier><language>eng</language><subject>Certificates ; Computer information security ; Electronics ; Expiration ; Mathematical models ; Radio frequency identification ; Readers ; Tags</subject><ispartof>Journal of computer security, 2011-01, Vol.19 (6), p.1147-1172</ispartof><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27923,27924</link.rule.ids></links><search><contributor>Gritzalis, Dimitris</contributor><creatorcontrib>Nithyanand, Rishab</creatorcontrib><creatorcontrib>Tsudik, Gene</creatorcontrib><creatorcontrib>Uzun, Ersin</creatorcontrib><title>User-aided reader revocation in PKI-based RFID systems</title><title>Journal of computer security</title><description>Recent emergence of RFID tags capable of performing public key operations motivates new RFID applications, including electronic travel documents, identification cards and payment instruments. In this context, public key certificates form the cornerstone of the overall system security. In this paper, we argue that one of the prominent challenges is how to handle revocation and expiration checking of RFID reader certificates. This is an important issue considering that these high-end RFID tags are geared for applications such as e-documents and contactless payment instruments. Furthermore, the problem is unique to public key-based RFID systems, since a passive RFID tag has no clock and thus cannot use (time-based) off-line methods.In this paper, we address the problem of reader certificate expiration and revocation in PKI-based RFID systems. We begin by observing an important distinguishing feature of personal RFID tags used in authentication, access control or payment applications the involvement of a human user. We take advantage of the user's awareness and presence to construct a simple, efficient, secure and (most importantly) feasible solution. We evaluate the usability and practical security of our solution via user studies and discuss its feasibility.</description><subject>Certificates</subject><subject>Computer information security</subject><subject>Electronics</subject><subject>Expiration</subject><subject>Mathematical models</subject><subject>Radio frequency identification</subject><subject>Readers</subject><subject>Tags</subject><issn>0926-227X</issn><issn>1875-8924</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2011</creationdate><recordtype>article</recordtype><recordid>eNotkMFLwzAYxYMoOKdH7z16iX5J2iQ9ynRzOlDUgbeQNF-hsq4zXyfsv7dlnt7h_XgPfoxdC7hVUqm759kHlyAEh1wVJ2wirCm4LWV-yiZQSs2lNF_n7ILoG0AKUdoJ02vCxH0TMWYJfcQ0xG9X-b7ptlmzzd5eljx4Gur3-fIhowP12NIlO6v9hvDqP6dsPX_8nD3x1etiObtf8UpK3fM8aNTgxzNT5wLq4CFYEURUNUQowKOJOZhSY6hqjNqGaKwN1islUOdqym6Ou7vU_eyRetc2VOFm47fY7ckJEGCt1aYcUH5Eq9QRJazdLjWtT4cBcqMfN_hxox83-lF_76dWng</recordid><startdate>20110101</startdate><enddate>20110101</enddate><creator>Nithyanand, Rishab</creator><creator>Tsudik, Gene</creator><creator>Uzun, Ersin</creator><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20110101</creationdate><title>User-aided reader revocation in PKI-based RFID systems</title><author>Nithyanand, Rishab ; Tsudik, Gene ; Uzun, Ersin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c226t-4b6e60a02117f410fba0b81b1d3f0d050ae7d40796ebcfed68bd788b8a331e643</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2011</creationdate><topic>Certificates</topic><topic>Computer information security</topic><topic>Electronics</topic><topic>Expiration</topic><topic>Mathematical models</topic><topic>Radio frequency identification</topic><topic>Readers</topic><topic>Tags</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Nithyanand, Rishab</creatorcontrib><creatorcontrib>Tsudik, Gene</creatorcontrib><creatorcontrib>Uzun, Ersin</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Journal of computer security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Nithyanand, Rishab</au><au>Tsudik, Gene</au><au>Uzun, Ersin</au><au>Gritzalis, Dimitris</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>User-aided reader revocation in PKI-based RFID systems</atitle><jtitle>Journal of computer security</jtitle><date>2011-01-01</date><risdate>2011</risdate><volume>19</volume><issue>6</issue><spage>1147</spage><epage>1172</epage><pages>1147-1172</pages><issn>0926-227X</issn><eissn>1875-8924</eissn><abstract>Recent emergence of RFID tags capable of performing public key operations motivates new RFID applications, including electronic travel documents, identification cards and payment instruments. In this context, public key certificates form the cornerstone of the overall system security. In this paper, we argue that one of the prominent challenges is how to handle revocation and expiration checking of RFID reader certificates. This is an important issue considering that these high-end RFID tags are geared for applications such as e-documents and contactless payment instruments. Furthermore, the problem is unique to public key-based RFID systems, since a passive RFID tag has no clock and thus cannot use (time-based) off-line methods.In this paper, we address the problem of reader certificate expiration and revocation in PKI-based RFID systems. We begin by observing an important distinguishing feature of personal RFID tags used in authentication, access control or payment applications the involvement of a human user. We take advantage of the user's awareness and presence to construct a simple, efficient, secure and (most importantly) feasible solution. We evaluate the usability and practical security of our solution via user studies and discuss its feasibility.</abstract><doi>10.3233/JCS-2011-0435</doi><tpages>26</tpages></addata></record>
fulltext fulltext
identifier ISSN: 0926-227X
ispartof Journal of computer security, 2011-01, Vol.19 (6), p.1147-1172
issn 0926-227X
1875-8924
language eng
recordid cdi_proquest_miscellaneous_1010888679
source EBSCOhost Business Source Ultimate
subjects Certificates
Computer information security
Electronics
Expiration
Mathematical models
Radio frequency identification
Readers
Tags
title User-aided reader revocation in PKI-based RFID systems
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-12T02%3A46%3A18IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=User-aided%20reader%20revocation%20in%20PKI-based%20RFID%20systems&rft.jtitle=Journal%20of%20computer%20security&rft.au=Nithyanand,%20Rishab&rft.date=2011-01-01&rft.volume=19&rft.issue=6&rft.spage=1147&rft.epage=1172&rft.pages=1147-1172&rft.issn=0926-227X&rft.eissn=1875-8924&rft_id=info:doi/10.3233/JCS-2011-0435&rft_dat=%3Cproquest_cross%3E1010888679%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c226t-4b6e60a02117f410fba0b81b1d3f0d050ae7d40796ebcfed68bd788b8a331e643%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1010888679&rft_id=info:pmid/&rfr_iscdi=true