Practical Schemes For Privacy & Security Enhanced RFID

TL;DR

This paper introduces practical privacy and security protocols for RFID systems that enable efficient, fine-grained access control and mutual authentication using symmetric cryptography, addressing limitations of previous schemes.

Contribution

The paper proposes a novel RFID authentication protocol that balances privacy, efficiency, and dynamic access control without costly key searches.

Findings

Achieves privacy with symmetric cryptography on tags

Supports dynamic, fine-grained access permissions

Resilient to stolen reader attacks

Abstract

Proper privacy protection in RFID systems is important. However, many of the schemes known are impractical, either because they use hash functions instead of the more hardware efficient symmetric encryption schemes as a efficient cryptographic primitive, or because they incur a rather costly key search time penalty at the reader. Moreover, they do not allow for dynamic, fine-grained access control to the tag that cater for more complex usage scenarios. In this paper we investigate such scenarios, and propose a model and corresponding privacy friendly protocols for efficient and fine-grained management of access permissions to tags. In particular we propose an efficient mutual authentication protocol between a tag and a reader that achieves a reasonable level of privacy, using only symmetric key cryptography on the tag, while not requiring a costly key-search algorithm at the reader side. Moreover, our protocol is able to recover from stolen readers.