posted on 2011-03-01, 15:25authored byKhaled Ouafi, Raphael C.-W. Phan
Privacy is a major concern in RFID systems, especially with
widespread deployment of wireless-enabled interconnected personal de-
vices e.g. PDAs and mobile phones, credit cards, e-passports, even cloth-
ing and tires. An RFID authentication protocol should not only allow
a legitimate reader to authenticate a tag but it should also protect the
privacy of the tag against unauthorized tracing: an adversary should not
be able to get any useful information about the tag for tracking or dis-
covering the tag's identity. In this paper, we analyze the privacy of some
recently proposed RFID authentication protocols (2006 and 2007) and
show attacks on them that compromise their privacy. Our attacks con-
sider the simplest adversaries that do not corrupt nor open the tags. We
describe our attacks against a general untraceability model; from expe-
rience we view this endeavour as a good practice to keep in mind when
designing and analyzing security protocols.
History
School
Mechanical, Electrical and Manufacturing Engineering
Citation
OUAFI, K. and PHAN, R.C.-W., 2008. Privacy of recent RFID authentication protocols. IN: Chen, L., Mu, Y. and Susilo, W. (eds.) 4th International Conference, ISPEC, Sydney, Australia, April 21-23, pp. 263-277