Building Scalable, Private RFID Systems

Building Scalable, Private RFID Systems

Li Lu (University of Electronic Science and Technology of China, China)
Copyright: © 2013 |Pages: 18
DOI: 10.4018/978-1-4666-3685-9.ch012


Due to low cost and easy deployment, RFID has become a promising technology in many applications, such as retailing, medical-patient management, logistics, and supply chain management. Although a number of RFID standards have been issued and widely adopted by many off-the-shelf products, those standards, however, scarcely added privacy concerns because of computing and communication patterns. On the other hand, in RFID systems, RF tags emit their unique serial numbers to RF readers. Without privacy protection, however, any reader can identify a tag ID via the emitted serial number. Indeed, a malicious reader can easily perform bogus authentications with detected tags to retrieve sensitive information within its scanning range. The main obstacle to preserving privacy in RFID systems lies in the capability of tags. Due to the cost consideration, common RFID tags have tight constraints on power, computational capacity, and memory. Therefore, the mature cryptographic tools for bulky PCs are not suitable for RFID devices. In this chapter, the author focuses on the privacy issue to establish scalable and private RFID systems. The chapter first discusses the privacy issue in RFID systems; and then correspondingly introduces privacy preserving techniques including privacy-preserving authentication and secure ownership transfer. Finally, the theoretic formal privacy models for RFID systems are given, in which the author formally defines privacy and the behaviors of adversaries in RFID systems. Based on a formal model, say the weak privacy model, the chapter illustrates the methodology for designing highly efficient privacy-preserving authentication protocols.
Chapter Preview

12.2 Privacy-Preservation In Rfid Systems

The basic type of RF tag identification is a “challenge-response” procedure. That is, a reader sends a request as a challenge to a tag, and then receives the corresponding response from the tag, as plotted in Figure 1.

Figure 1.

Challenge-response based RFID authentication

The basic type of RF tag identification leaks the private information of RF tags. To preserve privacy, many Privacy-Preserving Authentication, PPA, Protocols have been proposed to achieve private authentication in RFID systems. Weis (Weis, Sarma, Rivest & Engels (2003)) proposed a hash function based authentication scheme, HashLock, to avoid tags being tracked, as illustrated in Figure 2. In this approach, each tag shares a secret key with the reader. The reader sends a random number as the authentication request. To respond to the reader, the tag uses a hash function to generate a response on the inputs of and The reader then computes of all stored keys until it finds a key to recover thereby identifying the tag. The search complexity of HashLock is linear in where is the number of tags in the system. Subsequent approaches in the literature mostly aimed at improving the efficiency of key search. Juels (Juels (2006)) classifies those approaches into three categories.

Figure 2.

Hashlock authentication

Complete Chapter List

Search this Book: