1st International ICST Conference on Security and Privacy for Emerging Areas in Communication Networks

Research Article

A Lightweight RFID Protocol to protect against Traceability and Cloning attacks

  • @INPROCEEDINGS{10.1109/SECURECOMM.2005.4,
        author={T. Dimitriou},
        title={A Lightweight RFID Protocol to protect against Traceability and Cloning attacks},
        proceedings={1st International ICST Conference on Security and Privacy for Emerging Areas in Communication Networks},
        publisher={IEEE},
        proceedings_a={SECURECOMM},
        year={2006},
        month={3},
        keywords={},
        doi={10.1109/SECURECOMM.2005.4}
    }
    
  • T. Dimitriou
    Year: 2006
    A Lightweight RFID Protocol to protect against Traceability and Cloning attacks
    SECURECOMM
    IEEE
    DOI: 10.1109/SECURECOMM.2005.4
T. Dimitriou1
  • 1: Athens Information Technology, Athens, Greece

Abstract

RFID identification is a new technology that will become ubiquitous as RFID tags will be applied to every-day items in order to yield great productivity gains or “smart” applications for users. However, this pervasive use of RFID tags opens up the possibility for various attacks violating user privacy. In this work we present an RFID authentication protocol that enforces user privacy and protects against tag cloning. We designed our protocol with both tag-to-reader and reader-to-tag authentication in mind; unless both types of authentication are applied, any protocol can be shown to be prone to either cloning or privacy attacks. Our scheme is based on the use of a secret shared between tag and database that is refreshed to avoid tag tracing. However, this is done in such a way so that efficiency of identification is not sacrificed. Additionally, our protocol is very simple and it can be implemented easily with the use of standard cryptographic hash functions. In analyzing our protocol, we identify several attacks that can be applied to RFID protocols and we demonstrate the security of our scheme. Furthermore, we show how forward privacy is guaranteed; messages seen today will still be valid in the future, even after the tag has been compromised.