Untangling RFID Privacy Models

Coisel, Iwen; Martin, Tania

doi:10.1155/2013/710275

Cited by 32 publications

(21 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One might expect that there should be easier approaches to obtaining secure authentication and key exchange protocols. Indeed, it seems that this problem, and even approaches offering enhanced privacy, have been discussed for a long time in the RFID community-see, for example, [Jue06] for an early survey and [CM13] for a more recent one. Identifying specific protocol solutions from that area and discussing their security and efficiency features, however, is beyond the scope of our analysis of PLAID here.…”

Section: Resultsmentioning

confidence: 99%

Unpicking PLAID: a cryptographic analysis of an ISO-standards-track authentication protocol

Degabriele

Fehr

Fischlin

et al. 2016

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Abstract. The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast-track standardization process for ISO/IEC 25185-1. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We discuss potential countermeasures to our attacks and comment on our experiences with the standardization process of PLAID.

show abstract

Section: Resultsmentioning

confidence: 99%

Unpicking PLAID: a cryptographic analysis of an ISO-standards-track authentication protocol

Degabriele

Fehr

Fischlin

et al. 2016

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…He/she can also retransmit the messages maliciously to interrogate the tag or the back-end server in order to impersonate the reader or the victim tag. Several security and privacy issues and adversarial models are addressed in [22,19,5,31,15] in details. In this paper, we consider the following security and privacy notions in the security analysis of authentication protocols.…”

Section: Definition 5 (Discrete Logarithm Problem) Dlp Is Described Amentioning

confidence: 99%

Security Attacks and Enhancements to Chaotic Map-Based RFID Authentication Protocols

Kardaş

Genç

2017

Wireless Pers Commun

View full text Add to dashboard Cite

Radio Frequency IDentification (RFID) technology has been increasingly integrated into numerous applications for authentication of objects or individuals. However, because of its limited computation power, RFID technology may cause several security and privacy issues such as tracking the owner of the tag, cloning of the tags and etc. Recently, two chaotic map-based authentication protocols have been proposed for low-cost RFID tags in order to eliminate these issues. In this paper, we give the security analysis of these protocols and uncover their weaknesses. We prove that these protocols are vulnerable to tag tracing, tag impersonation and de-synchronization attacks. The attack complexity of an adversary is polynomial and the success probability of these attacks are substantial. Moreover, we also propose an improved RFID authentication protocol that employs Chebyshev chaotic maps and complies with the EPCglobal Class 1 Generation 2 standard. Finally, we show that our protocol is resistant against those security issues.

show abstract

“…If the normal execution securely updates the secret key of the reader and tag, this results in the privacy of the challenge tags for the type 2a and 2b protocols. The adversary A 3 can obtain the secret key of the target tag and easily break the privacy for type 0 protocols (e.g., SK-based protocol [9,5]). …”

Section: The Modified Forward Privacy Modelmentioning

confidence: 99%

“…Since 2003, many RFID authentication protocols have been investigated and several protocols have been shown to be insecure (see [5]). The security of these protocols is evaluated by using a cryptographic security model and one of the goals of the RFID authentication protocol is to satisfy this model.…”

Section: Introductionmentioning

confidence: 99%

“…In particular, their result showed that authentication protocols which have a key update mechanism and resynchronization property, satisfy only wide-weak privacy, which can be achieved by protocols in which the secret key is always fixed. Coisel and Martin suspected that the provable security level of the SK-based protocol [9] (which does not require any secret key update) and O-FRAP (key update mechanism is clearly shown) are equivalent [5].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Forward Privacy Model for RFID Authentication Protocols

Moriyama

Ohkubo

Matsuo

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper, we propose a new variant of indistinguishabilitybased security model for the RFID authentication protocol, which allows an adversary to obtain an authentication result and secret key of a target tag. Ng et al. showed that symmetric-key based RFID authentication protocols cannot be resilient to the above information leakage simultaneously in the Paise-Vaudenay security model. We review the existing result and extend the Juels-Weis security model to satisfy these properties by using a suitable restriction. Moreover, we give two example protocols that satisfy the modified security model.

show abstract

Untangling RFID Privacy Models

Cited by 32 publications

References 28 publications

Unpicking PLAID: a cryptographic analysis of an ISO-standards-track authentication protocol

Unpicking PLAID: a cryptographic analysis of an ISO-standards-track authentication protocol

Security Attacks and Enhancements to Chaotic Map-Based RFID Authentication Protocols

A Forward Privacy Model for RFID Authentication Protocols

Contact Info

Product

Resources

About