Affiliations: [a] School of Information Systems, Singapore Management University, Singapore | [b] Google Inc., Mountain View, CA, USA | [c] Columbia University, New York, NY, USA | [d] Software School, Fudan University, Shanghai, China
Abstract: Formal RFID security and privacy frameworks are fundamental to the design and analysis of robust RFID systems. In this paper, we develop a new definitional framework for RFID privacy in a rigorous and precise manner. Our framework is based on a zero-knowledge (ZK) formulation [The Foundations of Cryptography, Cambridge Univ. Press, Cambridge, 2001; ACM Symposium on Theory of Computing, 1985, pp. 291–304] and incorporates the notions of adaptive completeness and mutual authentication. We provide meticulous justification of the new framework and contrast it with existing ones in the literature. In particular, we prove that our framework is strictly stronger than the ind-privacy model in International Conference on Pervasive Computing and Communications, 2007, which answers an open question posed in International Conference on Pervasive Computing and Communications, 2007, for developing stronger RFID privacy models. We also clarify certain confusions and rectify several defects in the existing frameworks. Finally, based on the protocol in Conference on Computer and Communications Security, 2009, we propose an efficient RFID mutual authentication protocol and analyze its security and privacy. The methodology used in our analysis can also be applied to analyze other RFID protocols within the new framework.
