Publication Type

Journal Article

Version

publishedVersion

Publication Date

5-2018

Abstract

A comprehensive privacy model plays a vital role in the design of privacy-preserving RFID authentication protocols. Among various existing RFID privacy models, indistinguishability-based (ind-privacy) and unpredictability-based (unp-privacy) privacy models are the two main categories. Unp*-privacy, a variant of unp-privacy has been claimed to be stronger than ind-privacy. In this paper, we focus on studying RFID privacy models and have three-fold contributions. We start with revisiting unp*-privacy model and figure out a limitation of it by giving a new practical traceability attack which can be proved secure under unp*-privacy model. To capture this kind of attack, we improve unp*-privacy model to a stronger one denoted as unp(tau)-privacy. Moreover, we prove that our proposed privacy model is stronger than ind-privacy model. Then, we explore the relationship between unp*-privacy and ind-privacy, and demonstrate that they are actually not comparable, which is in contrast to the previous belief. Next, we present a new RFID mutual authentication protocol and prove that it is secure under unp(tau)-privacy model. Finally, we construct a RFID mutual authentication model denoted as MA model, and show that unp(tau)-privacy implies MA, which gives a reference to design a privacy-preserving RFID mutual authentication protocol. That is, if we propose a scheme that satisfies unp(tau)-privacy, then it also supports mutual authentication. (C) 2018 Elsevier B.V. All rights reserved.

Keywords

RFID, Privacy models, Mutual authentication, Cryptographic protocols

Discipline

Information Security

Research Areas

Information Systems and Management

Publication

Future Generation Computer Systems

Volume

82

First Page

315

Last Page

326

ISSN

0167-739X

Identifier

10.1016/j.future.2017.12.044

Publisher

Elsevier

Additional URL

http://doi.org/10.1016/j.future.2017.12.044

Download

Share

COinS