This paper describes an identification and authentication protocol for RFID tags with two contributions aiming at enhancing the security and privacy of RFID based systems. First, we assume that some of the servers storing the information related to the tags can be compromised. In order to protect the tags from potentially malicious servers, we devise a technique that makes RFID identification server-dependent, providing a different unique secret key shared by each pair of tag and server. The proposed solution requires the tag to store only a single secret key, regardless of the number of servers, thus fitting the constraints on tag's memory. Second, we provide a probabilistic tag identification scheme that requires the server to perform simple bitwise operations, thus speeding up the identification process. The proposed tag identification protocol assures privacy, mutual authentication and resilience to both DoS and replay attacks. Finally, each of the two schemes described in this paper can be independently implemented to enhance the security of existing RFID protocols.
Information confinement, privacy, and security in RFID systems
ESORICS 2007, 12th European Symposium On Research In Computer Security, September 24-26, 2007, Dresden, Germany / Also published in LNCS, Volume 4734/2008, ISBN: 978-3-540-74834-2
© Springer. Personal use of this material is permitted. The definitive version of this paper was published in ESORICS 2007, 12th European Symposium On Research In Computer Security, September 24-26, 2007, Dresden, Germany / Also published in LNCS, Volume 4734/2008, ISBN: 978-3-540-74834-2 and is available at : http://dx.doi.org/10.1007/978-3-540-74835-9_13
PERMALINK : https://www.eurecom.fr/publication/2368