Ecole d'ingénieur et centre de recherche en Sciences du numérique

Information confinement, privacy, and security in RFID systems

Di Pietro, Roberto;Molva, Refik

ESORICS 2007, 12th European Symposium On Research In Computer Security, September 24-26, 2007, Dresden, Germany / Also published in LNCS, Volume 4734/2008, ISBN: 978-3-540-74834-2

This paper describes an identification and authentication protocol for RFID tags with two contributions aiming at enhancing the security and privacy of RFID based systems. First, we assume that some of the servers storing the information related to the tags can be compromised. In order to protect the tags from potentially malicious servers, we devise a technique that makes RFID identification server-dependent, providing a different unique secret key shared by each pair of tag and server. The proposed solution requires the tag to store only a single secret key, regardless of the number of servers, thus fitting the constraints on tag's memory. Second, we provide a probabilistic tag identification scheme that requires the server to perform simple bitwise operations, thus speeding up the identification process. The proposed tag identification protocol assures privacy, mutual authentication and resilience to both DoS and replay attacks. Finally, each of the two schemes described in this paper can be independently implemented to enhance the security of existing RFID protocols.

Document Doi Bibtex

Titre:Information confinement, privacy, and security in RFID systems
Type:Conférence
Langue:English
Ville:Dresden
Pays:ALLEMAGNE
Date:
Département:Sécurité numérique
Eurecom ref:2368
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in ESORICS 2007, 12th European Symposium On Research In Computer Security, September 24-26, 2007, Dresden, Germany / Also published in LNCS, Volume 4734/2008, ISBN: 978-3-540-74834-2 and is available at : http://dx.doi.org/10.1007/978-3-540-74835-9_13
Bibtex: @inproceedings{EURECOM+2368, doi = {http://dx.doi.org/10.1007/978-3-540-74835-9_13}, year = {2007}, title = {{I}nformation confinement, privacy, and security in {RFID} systems}, author = {{D}i {P}ietro, {R}oberto and {M}olva, {R}efik}, booktitle = {{ESORICS} 2007, 12th {E}uropean {S}ymposium {O}n {R}esearch {I}n {C}omputer {S}ecurity, {S}eptember 24-26, 2007, {D}resden, {G}ermany / {A}lso published in {LNCS}, {V}olume 4734/2008, {ISBN}: 978-3-540-74834-2}, address = {{D}resden, {ALLEMAGNE}}, month = {09}, url = {http://www.eurecom.fr/publication/2368} }
Voir aussi: