ACTION: Breaking the Privacy Barrier for RFID Systems
Li Lu, Yunhao Liu and Jinsong Han
In order to protect privacy, Radio Frequency Identification (RFID) systems employ Privacy-Preserving Authentication (PPA) to allow valid readers to explicitly authenticate their dominated tags without leaking private information. Typically, an RF tag sends an encrypted message to the RF reader, then the reader searches for the key that can decrypt the ciphertext to identify the tag. Due to the large-scale deployment of today’s RFID systems, the key search scheme for any PPA requires a short response time. Previous designs construct balanced-tree based key management structures to accelerate the search speed to O(logN), where N is the number of tags. Being efficient, such approaches are vulnerable to compromising attacks. By capturing a small number of tags, an adversary can identify other tags that have not been corrupted. To address this issue, we propose an Anti-Compromising authenticaTION protocol, ACTION, which employs sparse tree architecture, such that the key of every tag is independent from one another. The advantages of this design include: 1) resilience to the compromising attack, 2) reduction of key storage for tags from O(logN) to O(1), which is significant for resource critical tag devices, and 3) high search efficiency, which is O(logN), as good as the best in the previous designs.
Keywords: Authentication Privacy RFID Security