Beruflich Dokumente
Kultur Dokumente
The notation X means a scheme doesn’t satisfy a given [2] Auto-ID Center. http://www.autoidcenter.org/.
security requirement. The notation 4 means A cannot [3] C.A.S.P.I.A.N. http://www.nocards.org/.
trace T over successive authentication but can trace
T within successive authentication. The notation O [4] Gildas Avoine “Radio frequency identification: ad-
means a scheme satisfies a given security requirement. versary model and attacks on existing proto-
We don’t state anti-cloning in Table 2 because all cols”, Technical Report LASEC-REPORT-2005-
schemes satisfy anti-cloning. Required computation of 001, EPFL, Lausanne, Switzerland, Septemper
our scheme to find ID of a given T at B is O(m), which 2005.
means required computation is increased as the num-
ber of T ’s in the system is increased. However, Table [5] Gildas Avoine and Philippe Oechslin, “RFID trace-
2 shows our scheme offers the most enhanced security ability: a mulilayer problem”, Financial Cryptogra-
in RFID mutual authentication schemes with respect phy − FC, pp. 125-140, March 2005.
to user privacy. Our scheme is perfectly indistinguish- [6] Tassos Dimitriou, “A lightweight RFID protocol to
able and almost forward secure. As compared with [11] protect against traceability and cloning attacks”,
whose computation at B is also O(m), our scheme en- Conference on Security and Privacy for Emerging
hances user privacy with respect to forward security. Areas in Communication Networks − SecureComm,
September 2005.
Table 3: Efficiency in T [7] Philippe Golle, Markus Jakobsson, Ari Juels,
Protocol Lee [10] Molnar [11] Ours and Paul Syverson, “Universal re-encryption for
Hash operations 2 2 3 mixnets”, The Cryptographers’ Track at the RSA
Communication Conference − CT-RSA, pp. 163-178, February
3l 4l 4l
complexity 2004.
Non-volatile
2l 2l l
memory [8] Dirk Henrici and Paul Müller, “Hash-based en-
†† l : the number of bits of a data unit hancement of location privacy for radio-frequency
identification devices using varying identifiers”,
IEEE International Workshop on Pervasive Com-
Table 3 compares our scheme with other two schemes puting and Communication Security − PerSec, pp.
which don’t have a desynchronization problem about 149-153, March 2004.
efficiency in T . Because our scheme requires another
[9] Ari Juels, Ronald Rivest, and Michael Szydlo, “The
hash operation, it takes more time for authentication.
blocker tag: selective blocking of RFID tags for con-
However, our scheme reduces non-volatile memory by
sumer privacy”, ACM Conference on Computer and
half. Since non-volatile memory is an expensive unit in
Communications Security − ACM CCS, pp. 103-
T , it will cut down a cost of T .
111, October 2003.
6 Conclusion [10] Su-Mi Lee, Young Ju Hwang, Dong Hoon Lee, and
In order to protect user privacy, we propose an RFID Jong In Lim, “Efficient authentication for low-cost
mutual authentication scheme which utilizes a hash RFID systems”, International Conference on Com-
function and synchronized secret information like many putational Science and its Applications - ICCSA,
published schemes. We propose an RFID mutual au- pp. 619-627, May 2005.
thentication scheme which utilizes a hash function and [11] David Molnar and David Wagner, “Privacy and
synchronized secret information like others. To the security in library RFID: issues, practices, and ar-
best of our knowledge, our scheme offers the most en- chitectures”, ACM Conference on Computer and
hanced security feature in RFID mutual authentica- Communications Security − ACM CCS, pp. 210-
tion scheme with respect to user privacy including re- 219, October 2004.
[12] Miyako Ohkubo, Koutarou Suzuki, and Shingo
Kinoshita, “Cryptographic approach to ‘privacy-
friendly’ tags”, RFID Privacy Workshop, Novem-
ber 2003.