A zero-knowledge based framework for RFID privacy

Publication Type

Journal Article

Publication Date

2011

Abstract

Formal RFID security and privacy frameworks are fundamental to the design and analysis of robust RFID systems. In this paper, we develop a new definitional framework for RFID privacy in a rigorous and precise manner. Our framework is based on a zero-knowledge (ZK) formulation [The Foundations of Cryptography, Cambridge Univ. Press, Cambridge, 2001; ACM Symposium on Theory of Computing, 1985, pp. 291–304] and incorporates the notions of adaptive completeness and mutual authentication. We provide meticulous justification of the new framework and contrast it with existing ones in the literature. In particular, we prove that our framework is strictly stronger than the ind-privacy model in International Conference on Pervasive Computing and Communications, 2007, which answers an open question posed in International Conference on Pervasive Computing and Communications, 2007, for developing stronger RFID privacy models. We also clarify certain confusions and rectify several defects in the existing frameworks. Finally, based on the protocol in Conference on Computer and Communications Security, 2009, we propose an efficient RFID mutual authentication protocol and analyze its security and privacy. The methodology used in our analysis can also be applied to analyze other RFID protocols within the new framework.

Keywords

RFID, model, privacy, mutual authentication, adaptive completeness

Discipline

Information Security

Research Areas

Information Security and Trust

Publication

Journal of Computer Security

Volume

19

Issue

6

First Page

1109

Last Page

1146

ISSN

0926-227X

Identifier

10.3233/JCS-2011-0440

Publisher

IOS Press

Additional URL

http://dx.doi.org/10.3233/JCS-2011-0440

Link to Full Text

Share

COinS