Paper 2016/1130

Are RNGs Achilles’ heel of RFID Security and Privacy Protocols ?

Atakan Arslan, Suleyman Kardas, Sultan Aldirmaz, and Sarp Erturk

Abstract

Security and privacy concerns have been growing with the increased usage of the RFID technology in our daily lives. To mitigate these issues, numerous privacy-friendly authentication protocols have been published in the last decade. Random number generators (RNGs) are commonly used in RFID tags to provide security and privacy of RFID protocols. RNGs might be weak spot of a protocol scheme and misusing of RNGs causes security and privacy problems. However, having a secure RNG with large entropy might be a trade-off between security and cost for low-cost RFID tags. Furthermore, a RNG used in RFID tag may not work properly in time. Therefore, we claim that vulnerability of using a RNG may deeply influence the security and privacy level of the system. To the best of our knowledge, this concern has not been considered in RFID literature. Motivated by this need, in this study, we first revisit Vaudenay's privacy model which combines the early models and presents a new mature and elegant privacy model with different adversary classes. Then, we enhance the model by introducing a new oracle, which allows analyzing the usage of RNGs in RFID protocols. We also analyze a couple of proposed protocols under our improved model.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
RFIDProtocolPrivacySecurityRNG
Contact author(s)
atknarsln @ gmail com
History
2016-12-07: received
Short URL
https://ia.cr/2016/1130
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/1130,
      author = {Atakan Arslan and Suleyman Kardas and Sultan Aldirmaz and Sarp Erturk},
      title = {Are {RNGs} Achilles’ heel of {RFID} Security and Privacy Protocols ?},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/1130},
      year = {2016},
      url = {https://eprint.iacr.org/2016/1130}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.