Abstract
In this chapter, we provide an overview of mechanisms that are cheap to implement or integrate into RFID tags and that at the same time enhance their security and privacy properties. We emphasize solutions that make use of existing (or expected) functionality on the tag or that are inherently cheap and thus enhance the privacy friendliness of the technology “almost” for free. Technologies described include the use of environmental information (presence of light, temperature, humidity, etc.) to disable or enable the RFID tag, the use of delays to reveal parts of a secret key at different moments in time (this key is used to later establish a secure communication channel), and the idea of a “sticky tag,” which can be used to re-enable a disabled (or killed) tag whenever the user considers it to be safe. We discuss the security and describe usage scenarios for all solutions. Finally, we summarize previous works that use physical principles to provide security and privacy in RFID systems and the security-related functionality in RFID standards.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Auto-ID Center, Massachusetts Institute of Technology, Cambridge, MA 02139-4307, USA. 860 MHz-930 MHz Class I Radio Frequency Identification Tag Radio Frequency & Logical Communication Interface Specification Candidate Recommendation, Version 1.0.1, November 14th, 2002. Technical Report. Available at http://www.epcglobalinc.org/standards technology/specifications.html
Auto-ID Center, Massachusetts Institute of Technology, Cambridge, MA 02139-4307, USA. 13.56 MHz ISM Band Class 1 Radio Frequency Identification Tag Interface Specification: Candidate Recommendation, Version 1.0.0, February 3rd, 2003. Technical Report. Available at http://www.epcglobalinc.org/standards technology/specifications.html
Auto-ID Center, Massachusetts Institute of Technology, Cambridge, MA 02139-4307, USA. 13.56 MHz ISM Band Class 1 Radio Frequency Identification Tag Interface Specification: Candidate Recommendation, Version 1.0.0, February 3rd, 2003. Technical Report. Available at http://www.epcglobalinc.org/standards technology/specifications.html
Auto-ID Center, Massachusetts Institute of Technology, Cambridge, MA 02139-4307, USA. Draft protocol specification for a 900 MHz Class 0 Radio Frequency Identification Tag, February 23rd, 2003. Available at http://www.epcglobalinc.org/standards technology/specifications.html
L. Batina, J. Guajardo, T. Kerins, N. Mentens, P. Tuyls, and I. Verbauwhede. Public key cryptography for RFID-tags. Printed handout of Workshop on RFID Security - RFIDSec 06, pp. 61-76. ECRYPT Network of Excellence, July 2006. Available at http://events.iaik. tugraz.at/RFIDSec06/Program/index.htm
E. Batista.‘Step Back’ for Wireless ID Tech? Wired News, April 8th, 2003 Available at http://www.wired.com/news/wireless/0, 1382, 58385, 00.html
N. Bird, C. Conrado, J. Guajardo, S. Maubach, G.-J. Schrijen, B. Skoric, A.M.H. Tombeur, P. Thueringer, and P. Tuyls. ALGSICS - Combining Physics and Cryptography to Enhance Security and Privacy in RFID Systems. In F. Stajano, C. Meadows, and S. Capkun, editors, Security and Privacy in Adhoc and Sensor Networks - ESAS 2007, number 4572 in LNCS, pp. 187-202, Springer, Berlin, 2007
L. Bolotnyy and G. Robins. Multi-tag radio frequency identification systems. In Workshop on Automatic Identification Advanced Technologies - AutoID 2005, pp. 83-88, 345 E. IEEE, 47th St, New York, NY 10017, USA, October, 2005
S. Bono, M. Green, A. Stubblefield, A. Juels, A. Rubin, and M. Szydlo. Security analysis of a cryptographically-enabled RFID device. In P. McDaniel, editor, USENIX Security Symposium - Security'05, pp. 1-16, 2005
S. Brands and D. Chaum. Distance-bounding protocols (extended abstract). In T. Helleseth, editor, Advances in Cryptology - EUROCRYPT'93, volume 765 of LNCS, pp. 344-359, Springer, Berlin, 1994
D. Carluccio, T. Kasper, and C. Paar. Implementation details of a multi purpose ISO 14443 RFID-tool. Printed handout of Workshop on RFID Security - RFIDSec 06, pp. 181-197. ECRYPT Network of Excellence, July 2006. Available at http://events.iaik.tugraz. at/RFIDSec06/Program/index.htm
D. Carluccio, K. Lemke, and C. Paar. E-passport: the global traceability or how to feel like an UPS package. Printed handout of Workshop on RFID Security - RFIDSec 06, pp. 167-180. ECRYPT Network of Excellence, July 2006. Available at http://events.iaik.tugraz. at/RFIDSec06/Program/index.htm
C. Castelluccia andG. Avoine. Noisy tags: A pretty good key exchange protocol for RFID tags. In J. Domingo-Ferrer, J. Posegga, and D. Schreckling, editors, International Conference on Smart Card Research and Advanced Applications - CARDIS 2006, volume 3928 of LNCS, pp. 289-299, Tarragona, Spain, April 2006. IFIP, Springer, Berlin
H. Chabanne and G. Fumaroli. Noisy cryptographic protocols for low-cost RFID tags. IEEE Transactions on Information Theory, 52(8): 3562-3566, August 2006
Y. Chan, M.Q.-H. Meng, K.-L. Wu, and X. Wang. Experimental study of radiation efficiency from an ingested source inside a human body model. In IEEE Annual International Conference of the Engineering in Medicine and Bilogy Society - IEEE-EMBS 2005, pp. 7754-7757, September 1-4, 2005
CS81 Series Standard Cell. 0.18 µm CMOS Technology. Available at http://www.fujitsu. com/downloads/MICRO/fma/pdf/cs81.pdf, 1999
S. Dominikus, E. Oswald, and M. Feldhofer. Symmetric authentication for RFID systems in practice. Printed handout of Workshop on RFID and Light-Weight Crypto, pp. 25-31. ECRYPT Network of Excellence, July 13-15, 2005
J. Eagle. RFID: The Early Years 1980-1990. Available at http://members.surfbest.net/ eaglesnest/rfidhist.htm. Website. Updated September 27, 2002
D.W. Engels and S. Sarma. Standardization Requirements within the RFID Class Structure Framework. Technical report, Auto-ID Laboratories, Massachusetts Institute of Technology, Cambridge, MA 02139-4307, USA, January 2005. Available at http://ken.mit.edu/web/
EPCGlobal Inc., Princeton Pike Corporate Center, Suite 202 Lawrenceville, NJ 08648, USA. EPCTM Generation 1 Tag Data Standards Version 1.1 Rev. 1.27 - Standard Specification, May 10, 2005. Available at http://www.epcglobalinc.org/standards technology/ specifications.html
EPCGlobal Inc., Princeton Pike Corporate Center, Suite 202 Lawrenceville, NJ 08648, USA. EPCTM Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Conformance Requirements - Version 1.0.2, February 1, 2005. Available at http://www.epcglobalinc. org/standards technology/specifications.html
EPCGlobal Inc., Princeton Pike Corporate Center, Suite 202 Lawrenceville, NJ 08648, USA. EPCTM Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Protocol for Communications at 860 MHz-960 MHz - Version 1.0.9, January 31, 2005. Available at http://www.epcglobalinc.org/standards technology/specifications.html
EPCGlobal Inc., Princeton Pike Corporate Center, Suite 202 Lawrenceville, NJ 08648, USA. EPCTM Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Protocol for Communications at 860 MHz-960 MHz - Version 1.0.9, January 31, 2005. Available at http://www.epcglobalinc.org/standards technology/specifications.html
EPCGlobal Inc., Princeton Pike Corporate Center, Suite 202 Lawrenceville, NJ 08648, USA. EPCglobal tag Data Standards Version 1.3. Ratified Specification, March 8, 2006. Available at http://www.epcglobalinc.org/standards/EPCglobal Tag Data Standard TDS Version 1.3.pdf
M. Feldhofer and C. Rechberger. A case against currently used hash functions in RFID protocols. Printed handout of Workshop on RFID Security - RFIDSec 06, pp. 109-122. ECRYPT Network of Excellence, July 2006
M. Feldhofer, S. Dominikus, and J. Wolkerstorfer. Strong authentication for RFID systems using the AES algorithm. In M. Joye and J.-J. Quisquater, editors, Cryptographic Hardware and Embedded Systems - CHES 2004, volume 3156 of LNCS, pp. 357-370, Springer, Berlin, 2004
K.P. Fishkin, S. Roy, and B. Jiang. Some methods for privacy in RFID communication. In C. Castelluccia, H. Hartenstein, C. Paar, and D. Westhoff, editors, Security in Adhoc and Sensor Networks - ESAS 2004, volume 3313 of LNCS, pp. 42-53. Springer, Berlin, 2005
C. Floerkemeier, R. Schneider, and M. Langheinrich. Scanning with a purpose - supporting the fair information principles in RFID protocols. In H. Murakami, H. Nakashima, H. Tokuda, and M. Yasumura, editors, International Symposium on Ubiquitous Computing Systems - UCS 2004, volume 3598 of LNCS, pp. 214-231, Tokyo, Japan, Springer, Berlin, November 2004
G. Hancke and M. Kuhn. An RFID distance bounding protocol. In Conference on Security and Privacy for Emerging Areas in Communication Networks - SecureComm 2005, pp. 67-73. IEEE Computer Society, September 2005
E. Haselsteiner and K. Breitfuss. Security in near field communication (NFC). Printed handout of Workshop on RFID Security - RFIDSec 06, pp. 151-166. ECRYPT Network of Excellence, July 2006
ICC Policy Statement: The fight against piracy and counterfeiting of intellectual property. Submitted to the 35th World Congress, Marrakech, Document no 450/986, ICC, June 1, 2004
S. Inoue and H. Yasuura. RFID privacy using user-controllable uniqueness. RFID Privacy Workshop, November 2003
International Organization for Standardization, Geneva, Switzerland. ISO/IEC 11785:1996 -Radio frequency identification of animals - Technical concept, October 15, 1996
International Organization for Standardization, Geneva, Switzerland. ISO/IEC 144432 -Identification cards-Contactless integrated circuit(s) cards-Proximity cards-Part 2: Radio frequency interface power and signal interface, September 14, 2000. Final Draft
International Organization for Standardization, Geneva, Switzerland. ISO/IEC 144433 -Identification cards - Contactless integrated circuit(s) cards-Proximity cards - Part 3: Initialization and anticollision, January 13, 2000 Final Draft
International Organization for Standardization, Geneva, Switzerland. ISO/IEC156932:2000 - Identification cards - Contactless integrated circuit(s) cards - Vicinity cards - Part 2: Air interface and initialization, May 1, 2000
International Organization for Standardization, Geneva, Switzerland. ISO/IEC105363:1996 - Identification cards - Contactless integrated circuit(s) cards - Part 3: Electronic signals and reset procedures, August 13, 2001
International Organization for Standardization, Geneva, Switzerland. ISO/IEC156933:2001 - Identification cards - Contactless integrated circuit(s) cards - Vicinity cards - Part 3: Anticollision and transmission protocol, April 1, 2001
International Organization for Standardization, Geneva, Switzerland. ISO/IEC 180002:2003(E)-2 - Information technology - Radio frequency identification for item management -Part 2: Parameters for air interface communications below 135 kHz, November 26, 2003
International Organization for Standardization, Geneva, Switzerland. ISO/IEC 180003:2003(E) - Information technology - Radio frequency identification for item management -Part 3: Parameters for air interface communications at 13,56 MHz, February 13, 2003
International Organization for Standardization, Geneva, Switzerland. ISO/IEC 180004:2003(E) - Information technology - Radio frequency identification for item management - Part 4: Parameters for air interface communications at 2.45 GHz., March 25, 2003. Work-ing document
International Organization for Standardization, Geneva, Switzerland. ISO/IEC180006:2003(E) - Information technology - Radio frequency identification for item management - Part 6: Parameters for air interface communications at 860 MHz to 960 MHz, November 26, 2003
International Organization for Standardization, Geneva, Switzerland. ISO/IEC 180007 - In-formation technology - Radio frequency identification for item management - Part 7: Para-meters for active air interface communications at 433 MHz, September 30, 2003. Working document
International Organization for Standardization, Geneva, Switzerland. ISO/IEC 11784:1996 -Radio frequency identification of animals - Code structure, August 15, 2004
A. Juels. Minimalist cryptography for low-cost RFID tags. In C. Blundo and S. Cimato, editors, Security in Communication Networks - SCN 2004. Revised Selected Papers, volume 3352 of LNCS, pp. 149-164. Springer, Berlin, September 8-10, 2004
A. Juels. RFID Security and privacy: A research survey. IEEE Journal on Selected Areas in Communications, 24(2): 381-394, February 2006. Extended version available from http://www.rsasecurity.com/rsalabs/node.asp?id=2029
A. Juels and J.G. Brainard. Soft blocking: flexible blocker tags on the cheap. In V. Atluri, P.F. Syverson, and S. De Capitani di Vimercati, editors, ACM Workshop on Privacy in the Electronic Society - WPES 2004, pp. 1-7, ACM Press, New York, NY, October 28, 2004
A. Juels and R. Pappu. Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. In R.N. Wright, editor, Financial Cryptography - FC'03 , volume 2742 ofLNCS, pp. 103-121, IFCA, Springer, Berlin, January 2003
A. Juels and S.A. Weis. Authenticating pervasive devices with human protocols. In V. Shoup, editor, Advances in Cryptology - CRYPTO 2005, volume 3126 of LNCS, pp. 293-308, Springer, Berlin, August 2005
A. Juels, R.L. Rivest, and M. Szydlo. The blocker tag: selective blocking of RFID tags for consumer privacy. In S. Jajodia, V. Atluri, and T. Jaeger, editors, ACM Conference on Computer and Communications Security - CCS 2003, pp. 103-111, ACM Press, New York, NY October 27-30, 2003
A. Juels, R. Pappu, and S. Garfinkel. RFID privacy: An overview of problems and proposed solutions. IEEE Security and Privacy, 3(3): 34-43, May/June 2005. Extended version available from http://www.rsasecurity.com/rsalabs/node.asp?id=2029
A. Juels, P. Syverson, and D. Bailey. High-power proxies for enhancing RFID privacy and utility. In G. Danezis and D. Martin, editors, Privacy Enhancing Technologies - PET 2005, volume 3856 of LNCS, pp. 210-226, Springer, Berlin, 2005
G. Karjoth and P. Moskowitz. Disabling RFID tags with visible confirmation: Clipped tags are silenced. In Workshop on Privacy in the Electronic Society - WPES, Alexandria, Virginia, USA, ACM, ACM Press, New York, NY, November 2005
T. Karygiannis, B. Eydt, G. Barber, L. Bunn, and T. Phillips. Draft Special Publication 800-98, Guidance for Securing Radio Frequency Identification (RFID) Systems. National Institute for Standards and Technology, Gaithersburg, MD, USA, September 2006. Available for download at http://csrc.nist.gov/
H. Kitayoshi and K. Sawaya. Long range passive RFID-tag for sensor networks. In IEEE 62nd Vehicular Technology Conference - VTC-2005, pp. 2696-2700, IEEE Computer Society, Los Alamitos, CA, USA, 25-28 Sept, 2005
KU Information & Telecommunication Technology Center. The University of Kansas. UHF KURFID Tag, 2006. Available at http://www.rfidalliancelab.org/publications/ittc press release.shtml
S.S. Kumar and C. Paar. Are standards compliant elliptic curve cryptosystems feasible on RFID? Printed handout of Workshop on RFID Security - RFIDSec 06, pp. 41-60. ECRYPT Network of Excellence, July 2006. Available at http://events.iaik.tugraz. at/RFIDSec06/Program/index.htm
J. Landt. Shrouds of Time - The History of RFID. Whitepaper, AIM Inc., October 1, 2001. Available at http://www.transcore.com/pdf/AIM%20shrouds of time.pdf
T.C. May. Timed-release crypto. Posting to the Cypherpunks Mailing List, February 10, 1993. Available at http://cypherpunks.venona.com/date/1993/02/msg00129.html
J. Munilla, A. Ortiz, and A. Peinado. Distance bounding protocols with voidchallenges for RFID. Printed handout of Workshop on RFID Security - RFIDSec 06, pp. 15-26. ECRYPT Network of Excellence, July 2006
National Institute for Standards and Technology, Gaithersburg, MD, USA. FIPS 197: Advanced Encryption Standard (AES), November 2001. Available for download at http://csrc.nist.gov/encryption
M. Ohkubo, K. Suzuki, and S. Kinoshita. Cryptographic approach to “privacy-friendly” tags. In RFID Privacy Workshop, MIT, Cambridge, MA, USA, November 2003. Available at http://lasecwww.epfl.ch/∼gavoine/rfid/
K. Opasjumruskit, T. Thanthipwan, O. Sathusen, P. Sirinamarattana, P. Gadmanee, E. Pootarapan, N. Wongkomet, A. Thanachayanont, and M. Thamsirianunt. Self-powered wireless temperature sensors exploit RFID technology. IEEE Pervasive Computing, 5(1): 54-61, Jan.-March 2006
P. Peris-Lopez, J.C. Hernandez-Castro, J. Estevez-Tapiador, and A. Ribagorda. LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. Printed handout of Workshop on RFID Security - RFIDSec 06, pp. 137-148. ECRYPT Network of Excellence, July 2006. Available at http://events.iaik.tugraz.at/RFIDSec06/Program/index.htm
M. Philipose, J.R. Smith, B. Jiang, A. Mamishev, R. Sumit, and K. Sundara-Rajan. Battery-free wireless identification and sensing. IEEE Pervasive Computing, 4(1): 37-45, Jan-March 2005
T. Phillips, T. Karygiannis, and R. Kuhn. Security standard for the rfid market. IEEE Security and Privacy, 3(6): 85-89, November-December 2005
S. Radovanovic, A.J. Annema, and B. Nauta. High-speed lateral polysilicon photodiode in standard CMOS technology. In 33rd European Solid-State Circuits Conference - ESS-DERC'03, pp. 521-524. IEEE Computer Society, 16-18 Sept. 2003
D.C. Ranasinghe, D.W. Engels, and P.H. Cole. Low-cost RFID systems: Confronting security and privacy. In Auto-ID Labs Research Workshop, Zurich, Switzerland, September 2004
RFID Journal. RFID Tag Market in Flux. Available at http://www.rfidjournal.com/article/articleview/971/1/1/ , June 2004
RFID Journal. A Summary of RFID Standards. Available at http://www.rfidjournal.com/article/articleview/1335/1/129/, 2005
M. Rieback, B. Crispo, and A. Tanenbaum. RFID guardian: A battery-powered mobile device for RFID privacy management. In C. Boyd and J.M. Gonz ález Nieto, editors, Australasian Conference on Information Security and Privacy - ACISP'05, volume 3574 of LNCS, pp. 184-194, Brisbane, Australia, Springer, Berlin, July 2005
R.L. Rivest. Chaffing and winnowing: Confidentiality without encryption. CryptoBytes, 4(1): 12-17, Summer 1998
K. Sakiyama, L. Batina, N. Mentens, B. Preneel, and I. Verbauwhede. Small-footprint ALU for public-key processors for pervasive security. Printed handout of Workshop on RFID Security - RFIDSec 06, pp. 77-88. ECRYPT Network of Excellence, July 2006. Available at http://events.iaik.tugraz.at/RFIDSec06/Program/index.htm
S. Sarma. Towards the 5c Tag. White paper mit-autoid-wh-006, Auto-ID Center, Massachusetts Institute of Technology, Cambridge, MA 02139-4307, USA, November 1, 2001. Distribution restricted to sponsors until February 1, 2002
S. Sarma. Some issues related to RFID and security. Introductory Talk - RFIDSec 06, July 2006. Available at http://events.iaik.tugraz.at/RFIDSec06/Program/index.htm
S. Sarma and D.W. Engels. On the Future of RFID Tags and Protocols. Technical report mit-autoid-tr-018, Auto-ID Center, Massachusetts Institute of Technology, Cambridge, MA 02139-4307, USA, June 1st, 2003. Early Released July 2003. Available at http://www. epcglobalinc.org/standards technology/specifications.html
S. Sarma, S. Weis, and D. Engels. Radio-frequency identification: Security risks and challenges. Cryptobytes, 6(1): 2-9, Winter/Spring 2003. Available at http://www.rsasecurity. com/rsalabs/
A. Soppera and T. Burbridge. Off by default - RAT: RFID acceptor tag. Printed handout of Workshop on RFID Security - RFIDSec 06, pp. 151-166. ECRYPT Network of Excellence, July 2006
T. Staake, F. Thiesse, and E. Fleisch. Extending the EPC network - The potential of RFID in anti-counterfeiting. In A. Omicini H. Haddad, L.M. Liebrock and R.L. Wainwright, editors, ACM Symposium on Applied Computing - SAC 2005, pp. 1607-1612. ACM Press, New York, NY, March 13-17, 2005
F. Stajano and R.J. Anderson. The resurrecting duckling: Security issues for adhoc wireless networks. In B. Christianson, B. Crispo, J.A. Malcolm, and M. Roe, editors, Security Protocols Workshop, volume 1796 of LNCS. Springer, Berlin, April 19-21, 2000
C. Swedberg. DHL Expects to Launch “Sensor Tag” Service by Midyear. RFID Journal. Available at http://www.rfidjournal.com/article/articleprint/2986/-1/1/, January 19th, 2007
K. Takaragi, M. Usami, R. Imura, R. Itsuki, and T. Satoh. An ultra small individual recognition security chip. IEEE Micro, 21(6): 43-49, November-December 2001
TSMC Advanced Technology Overview. Available at http://www.tsmc.com/download/english/a05 literature/Advanced Technology Overview Brochure 2006.pdf, May 2006
TSMC Standard Cell Libraries. Available at http://www.cadence.com/datasheets/4456 TSMC SC ds.pdf
P. Tuyls and L. Batina. RFID-tags for anti-counterfeiting. In D. Pointcheval, editor, Topics in Cryptology-CT-RSA 2006, volume 3860 of LNCS, pp. 115-131. Springer, Berlin, February 13-17 2006
S. Weis. Security and privacy in radio-frequency identification devices. Master Thesis, Massachusetts Institute of Technology (MIT), Massachusetts, USA, May 2003
S.A. Weis, S.E. Sarma, R.L. Rivest, and D.W. Engels. Security and privacy aspects of low-cost radio frequency identification systems. In D. Hutter, G. M üller, W. Stephan, and M. Ullmann, editors, First International Conference on Security in Pervasive Computing - SPC 2003, volume 2802 of LNCS, pp. 201-212. Springer, Berlin, March 2003
C.C. Zou. PCB: Physically Changeable Bit for Preserving Privacy in Low-End RFID Tags. RFID White Paper Library, RFID Journal, May 2006
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Guajardo, J. et al. (2008). RFID Security: Cryptography and Physics Perspectives. In: Kitsos, P., Zhang, Y. (eds) RFID Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-76481-8_5
Download citation
DOI: https://doi.org/10.1007/978-0-387-76481-8_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-76480-1
Online ISBN: 978-0-387-76481-8
eBook Packages: EngineeringEngineering (R0)