A New RFID Privacy Model

Hermans, Jens; Pashalidis, Andreas; Vercauteren, Fréderik; Preneel, Bart

doi:10.1007/978-3-642-23822-2_31

Cited by 91 publications

(86 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We have further shown that IND-CCA security alone could fail to reach this level of privacy. This shows a separation between our privacy model and the one from [22]. However, the question whether this separation is significant remains open.…”

Section: Resultsmentioning

confidence: 74%

Strong Privacy for RFID Systems from Plaintext-Aware Encryption

Ouafi

Vaudenay

2012

Cryptology and Network Security

View full text Add to dashboard Cite

Abstract. The Vaudenay model for RFID privacy from Asiacrypt 2007 suffers from the impossibility to address strong privacy. It has however been shown by Ng et al. at ESORICS 2008 that the impossibility result leads to no practical threat, so that the definition from 2007 may be unnecessarily strong. This paper proposes a slight change in the definition of privacy from the Vaudenay model (Asiacrypt 2007). Then, we show that by adding a plaintext-aware assumption on the public-key cryptosystem, the proposed protocol always achieves strong privacy with our new definitions.

show abstract

Section: Resultsmentioning

confidence: 74%

Strong Privacy for RFID Systems from Plaintext-Aware Encryption

Ouafi

Vaudenay

2012

Cryptology and Network Security

View full text Add to dashboard Cite

show abstract

“…People already suggested to protect location privacy [33], but this suffers from severe limitations as shown in [1,27]. Anonymity could also be considered in a way similar to RFID protocols [37,32,23]. One proposal is made in [22] but without terrorist fraud protection.…”

Section: Resultsmentioning

confidence: 99%

Towards Secure Distance Bounding

Boureanu

Mitrokotsa

Vaudenay

2014

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. Relay attacks (and, more generally, man-in-the-middle attacks) are a serious threat against many access control and payment schemes. In this work, we present distance-bounding protocols, how these can deter relay attacks, and the security models formalizing these protocols. We show several pitfalls making existing protocols insecure (or at least, vulnerable, in some cases). Then, we introduce the SKI protocol which enjoys resistance to all popular attack-models and features provable security. As far as we know, this is the first protocol with such all-encompassing security guarantees. Why Distance-Bounding?It is well known that a chess beginner can win against a chess grand-master easily by defeating two grand-masters concurrently, taking different colors in both games, and relaying the move of one master to the other. This is a pure relay attack where two masters play against each other while each of them thinks he is playing against a beginner.In real life, relay attacks find applications in access control. For instance, a car with a wireless key can be opened by relaying the communication between the key (the token) and the car. RFID-based access control to buildings can also be subject to relay attacks [21]. The same goes for (contactless) credit-card payments: a customer may try to pay for something on a malicious terminal which relays to a fake card paying for something more expensive [15].To defeat relay attacks, Brands and Chaum [9] introduced the notion of distance bounding protocol. This relies on the fact that information is local and it cannot travel faster than light. So, an RFID reader can identify when participants are close enough because the round-trip communication time has been small enough. The idea is that a prover holding a key x proves to a verifier that he is close to him. Ideally, this notion should behave like a traditional interactive proof system in the sense that it must satisfy:-completeness (i.e., an honest prover close to the verifier will pass the protocol with high probability)This invited paper summarizes results from [4,5,6,7,8].

show abstract

“…The most general and prominent model for privacy is the simulation-based privacy notion in [17] which was enriched in [15]. Hermans et al [14] presented a simpler privacy model which we call the HPVP model. [14] Distance Hijacking.…”

Section: Definition 2 ([18]) We Consider the Following Honest-provermentioning

confidence: 99%

“…Hermans et al [14] presented a simpler privacy model which we call the HPVP model. [14] Distance Hijacking. In distance hijacking [7], the prover is malicious, running an algorithm A and we add a honest prover P(sk P ′ , pk V ) with another identity P ′ associated to pk P ′ .…”

Section: Definition 2 ([18]) We Consider the Following Honest-provermentioning

confidence: 99%