Cryptology ePrint Archive: Report 2016/1130

Are RNGs Achilles’ heel of RFID Security and Privacy Protocols ?

Atakan Arslan and Suleyman Kardas and Sultan Aldirmaz and Sarp Erturk

Abstract: Security and privacy concerns have been growing with the increased usage of the RFID technology in our daily lives. To mitigate these issues, numerous privacy-friendly authentication protocols have been published in the last decade. Random number generators (RNGs) are commonly used in RFID tags to provide security and privacy of RFID protocols. RNGs might be weak spot of a protocol scheme and misusing of RNGs causes security and privacy problems. However, having a secure RNG with large entropy might be a trade-off between security and cost for low-cost RFID tags. Furthermore, a RNG used in RFID tag may not work properly in time. Therefore, we claim that vulnerability of using a RNG may deeply influence the security and privacy level of the system. To the best of our knowledge, this concern has not been considered in RFID literature. Motivated by this need, in this study, we first revisit Vaudenay's privacy model which combines the early models and presents a new mature and elegant privacy model with different adversary classes. Then, we enhance the model by introducing a new oracle, which allows analyzing the usage of RNGs in RFID protocols. We also analyze a couple of proposed protocols under our improved model.

Category / Keywords: cryptographic protocols / RFID, Protocol, Privacy, Security, RNG

Date: received 2 Dec 2016, last revised 2 Dec 2016

Contact author: atknarsln at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20161207:170152 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]