Building Scalable, Private RFID Systems

Building Scalable, Private RFID Systems

Li Lu (University of Electronic Science and Technology of China, China)
Copyright: © 2013 |Pages: 18
DOI: 10.4018/978-1-4666-3685-9.ch012

Abstract

Due to low cost and easy deployment, RFID has become a promising technology in many applications, such as retailing, medical-patient management, logistics, and supply chain management. Although a number of RFID standards have been issued and widely adopted by many off-the-shelf products, those standards, however, scarcely added privacy concerns because of computing and communication patterns. On the other hand, in RFID systems, RF tags emit their unique serial numbers to RF readers. Without privacy protection, however, any reader can identify a tag ID via the emitted serial number. Indeed, a malicious reader can easily perform bogus authentications with detected tags to retrieve sensitive information within its scanning range. The main obstacle to preserving privacy in RFID systems lies in the capability of tags. Due to the cost consideration, common RFID tags have tight constraints on power, computational capacity, and memory. Therefore, the mature cryptographic tools for bulky PCs are not suitable for RFID devices. In this chapter, the author focuses on the privacy issue to establish scalable and private RFID systems. The chapter first discusses the privacy issue in RFID systems; and then correspondingly introduces privacy preserving techniques including privacy-preserving authentication and secure ownership transfer. Finally, the theoretic formal privacy models for RFID systems are given, in which the author formally defines privacy and the behaviors of adversaries in RFID systems. Based on a formal model, say the weak privacy model, the chapter illustrates the methodology for designing highly efficient privacy-preserving authentication protocols.
Chapter Preview
Top

12.2 Privacy-Preservation In Rfid Systems

The basic type of RF tag identification is a “challenge-response” procedure. That is, a reader sends a request as a challenge to a tag, and then receives the corresponding response from the tag, as plotted in Figure 1.

Figure 1.

Challenge-response based RFID authentication

978-1-4666-3685-9.ch012.f01

The basic type of RF tag identification leaks the private information of RF tags. To preserve privacy, many Privacy-Preserving Authentication, PPA, Protocols have been proposed to achieve private authentication in RFID systems. Weis (Weis, Sarma, Rivest & Engels (2003)) proposed a hash function based authentication scheme, HashLock, to avoid tags being tracked, as illustrated in Figure 2. In this approach, each tag shares a secret key 978-1-4666-3685-9.ch012.m01 with the reader. The reader sends a random number 978-1-4666-3685-9.ch012.m02 as the authentication request. To respond to the reader, the tag uses a hash function 978-1-4666-3685-9.ch012.m03 to generate a response 978-1-4666-3685-9.ch012.m04 on the inputs of 978-1-4666-3685-9.ch012.m05 and 978-1-4666-3685-9.ch012.m06 The reader then computes 978-1-4666-3685-9.ch012.m07 of all stored keys until it finds a key to recover 978-1-4666-3685-9.ch012.m08 thereby identifying the tag. The search complexity of HashLock is linear in 978-1-4666-3685-9.ch012.m09 where 978-1-4666-3685-9.ch012.m10 is the number of tags in the system. Subsequent approaches in the literature mostly aimed at improving the efficiency of key search. Juels (Juels (2006)) classifies those approaches into three categories.

Figure 2.

Hashlock authentication

978-1-4666-3685-9.ch012.f02

Complete Chapter List

Search this Book:
Reset