Exploring relationship between indistinguishability-based and unpredictability-based RFID privacy models

A comprehensive privacy model plays a vital role in the design of privacy-preserving RFID authentication protocols. Among various existing RFID privacy models, indistinguishability-based (ind-privacy) and unpredictability-based (unp-privacy) privacy models are the two main categories. Unp*-privacy,...

Full description

Saved in:
Bibliographic Details
Main Authors: YANG, Anjia, ZHUANG, Yunhui, WENG, Jian, HANCKE, Gerhard, WONG, Duncan S., YANG, Guomin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2018
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/7297
https://ink.library.smu.edu.sg/context/sis_research/article/8300/viewcontent/1_s2.0_S0167739X17318939_main.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:A comprehensive privacy model plays a vital role in the design of privacy-preserving RFID authentication protocols. Among various existing RFID privacy models, indistinguishability-based (ind-privacy) and unpredictability-based (unp-privacy) privacy models are the two main categories. Unp*-privacy, a variant of unp-privacy has been claimed to be stronger than ind-privacy. In this paper, we focus on studying RFID privacy models and have three-fold contributions. We start with revisiting unp*-privacy model and figure out a limitation of it by giving a new practical traceability attack which can be proved secure under unp*-privacy model. To capture this kind of attack, we improve unp*-privacy model to a stronger one denoted as unp(tau)-privacy. Moreover, we prove that our proposed privacy model is stronger than ind-privacy model. Then, we explore the relationship between unp*-privacy and ind-privacy, and demonstrate that they are actually not comparable, which is in contrast to the previous belief. Next, we present a new RFID mutual authentication protocol and prove that it is secure under unp(tau)-privacy model. Finally, we construct a RFID mutual authentication model denoted as MA model, and show that unp(tau)-privacy implies MA, which gives a reference to design a privacy-preserving RFID mutual authentication protocol. That is, if we propose a scheme that satisfies unp(tau)-privacy, then it also supports mutual authentication. (C) 2018 Elsevier B.V. All rights reserved.