Cryptology ePrint Archive: Report 2006/234
RFID Security: Tradeoffs between Security and Efficiency
Ivan Damgård and Michael Østergaard
Abstract: Recently, Juels and Weis defined strong privacy for RFID tags. We add to this definition a completeness and a soundness requirement, i.e., a reader should accept valid tags and only such tags. For the case where tags hold independent keys, we prove a conjecture by Juels and Weis, namely in a strongly private and sound RFID system using only symmetric cryptography, a reader must access virtually all keys in the system when reading a tag.
It was already known from work by Molnar et al. that when keys are dependent,
the reader only needs to access a logarithmic number of keys, but at a cost in terms of privacy: for that system, strong privacy is lost if an adversary corrupts only a single tag. We propose protocols offering a new range of tradeoffs between security and efficiency. For instance the number of keys accessed by a reader to read a tag can be significantly smaller than the number of tags while retaining security, as long as we assume suitable limitations on the adversary.
Category / Keywords: cryptographic protocols, RFID security, symmetric cryptography, protocols
Date: received 7 Jul 2006, last revised 31 Jul 2006
Contact author: ivan at daimi au dk
Available format(s): PDF | BibTeX Citation
Version: 20060731:064427 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]