In this paper, we address the problem of reader revocation in PKI-Based RFID systems. We begin by observing an important distinguishing feature of personal RFID tags used in authentication, access control or payment applications -the involvement of a human user. We then take advantage of the user's awareness and presence to construct a simple, efficient, secure and (most importantly) feasible solution for reader revocation checking. And finally, we evaluate the usability and practical security our solution via usability studies and discuss its feasibility in a case study of e-Passports.
In our approach, the main extra feature is the requirement for a small passive on-tag display. However, as discussed in the paper, modern low-power display technology (e.g., e-paper) is low-cost and appealing for other (e.g., authentication and verification) purposes.Category / Keywords: public-key cryptography / RFID, Revocation, Epassports, Electronic Payment Cards, Smart Cards Date: received 21 Sep 2009, last revised 7 Apr 2010 Contact author: rishabn at uci edu Available format(s): PDF | BibTeX Citation Version: 20100407:214905 (All versions of this report) Short URL: ia.cr/2009/465 Discussion forum: Show discussion | Start new discussion