The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

Performance Evaluation of Authentication Protocol for Mobile RFID Privacy

모바일 RFID 프라이버시를 위한 인증 프로토콜 성능 평가

  • 엄태양 (숭실대학교 컴퓨터학부 모바일 보안 연구실) ;
  • 이정현 (숭실대학교 컴퓨터학부)
  • Received : 2010.11.10
  • Accepted : 2011.05.11
  • Published : 2011.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Mobile RFID system, that consists of the existing RFID reader mounted on the mobile devices such as smartphones, is able to provide the users a variety of services and convenience. Although the users can get the information about a certain product anytime anywhere, there is high probability that their privacy may be violated because their belongings with RFID tags can be scanned by other mobile readers at any time. Several RFID authentication schemes have been proposed to deal with these privacy issues. However, since the existing solutions require heavy computation on the tag side, most of them is not applicable to the general low-cost passive tags which do not have any processing unit. In this paper, we propose the efficient authentication scheme for mobile RFID system applicable to the passive tags as well as the active ones by the best use of computing capability of mobile devices. The proposed scheme satisfies the import security issues such as tag protection, untraceability, anti-traffic analysis. We also implement the proposed scheme on top of real smartphone for feasibility and show the experimental results from it.

모바일 RFID(Radio Frequency IDentification)은 스마트 폰과 같은 휴대 가능한 장치에 기존의 RFID 리더를 탑재하여, 개인에게 다양하고 편리한 서비스를 제공할 수 있다. 개개인은 제품에 대한 정보를 장소에 구애받지 않고 제공받을 수 있지만, 모바일 리더를 소지한 누구나 타인의 RFID 태그를 읽을 수 있어 개인 프라이버시 침해가 발생할 위험 요소가 존재한다. 이러한 프라이버시 침해 문제를 해결하기 위해 다양한 인증 기술들이 제안되어 왔지만, 대부분은 태그에서 많은 연산을 필요로 하는 솔루션으로 일반적으로 많이 사용하는 수동형 태그에서는 적용할 수 없다. 따라서, 본 논문에서는 모바일 단말의 연산능력을 최대한 활용하여 능동형 태그 뿐만 아니라 일반적인 수동형 태그에도 적용가능한 모바일 RFID 인증 기술을 제안한다. 제안 프로토콜은 태그보호, 위치추적 방지, 트래픽 추적 방지를 위한 보안 요구사항과 경량화를 위한 성능 요구사항을 모두 만족하고, 이의 실용성 검증을 위해 스마트폰과 상용 모바일 RFID 리더기에 제안 프로토콜을 탑재하여 실험한 결과를 제시한다.

Keywords

References

  1. A. Juels, "Minimalist Cryptography for Low-cost RFID Tags," International Conference on Security in Communication Networks(SCN '04), pp.149-164, September 2004.
  2. A. Juels and R. Pappu, "Squealing Euros: Privacy Protection in RFID-Enabled Banknotes," Financial Cryptography(FC '03), pp. 103-121, 2003
  3. A. Juels, R. Rivest, and M. Szydlo, "The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy," ACM Conference on Computer and Communications Security (CCS '03), pp.103-111, October 2003.
  4. A.J. Menezes, P.C. van Oorschot, S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, 2001.
  5. B. Bing. Broadband Wireless Access, Boston, Kluwer Academic Publishers, 2000.
  6. Boyeon Song, and Chris J Mitchell, "RFID Authentication Protocol for Low-cost Tags," ACM Conference on Wireless Network Security (WiSec'08), March, 2008.
  7. D. Molnar and D. Wagner, "Privacy and Security in Library RFID: Issues, Practices, and Architectures," ACM Conference Commun. Comput. Security(CCS '04), pp. 210-219, 2004.
  8. D. Henrici, P. Muller, "Providing Security and Privacy in RFID Systems Using Triggered Hash Chains," IEEE International Conference on Pervasive Computing and Communications (PerCom'08), pp.50-59, 2008.
  9. E. Fujisaki and T. Okamoto, "Secure Integration of Asymmetric and Symmetric Encryption Schemes," CRYPTO '99, pp.537-554, 1999.
  10. EPCglobal, "UHF Class-1 Generation-2 Standard v.1.2.0," 05, 2008.
  11. G. Karjoth and P. Moskowitz, "Disabling RFID Tags with Visible Confirmation: Clipped Tags Are Silenced," ACM workshop on Privacy in the electronic society '05, pp.27-30, November 2005.
  12. K. Osaka, T. Takagi, K. Yamazaki and O. Takahash, "An Efficient and Secure RFID Security Method with Ownership Transfer," Computational Intelligence and Security, pp. 1090-1095, 2006.
  13. M. Ohkubo, K. Suzuki, and S. Kinoshita, "Efficient hash-chain based RFID privacy protection scheme," International Conference on Ubiquitous Computing (Ubicomp '04), September 2004.
  14. Ming Hour Yang and Jia-Ning Luo, "Authentication Protocol in Mobile RFID Network," International Conference on Systems, pp.108-113, 2009.
  15. mClock: Personal / corporate management of wireless devices and technology, 2003. product description at www.mobileclock.com.
  16. S. Garfinkel, "An RFID Bill of Rights, Technology Review," 2002, available at http://www.technologyreview.com/articles/garfinkel1002.asp
  17. S. Inoue and H. Yasuura, "RFID Privacy using User-controllable Uniqueness," RFID Privacy Workshop, November 2003. http://www.rfidprivacy.org/papers/sozo_inoue.pdf.
  18. S. Sarma, S. Weis, and D. Engels, "RFID Systems and Security and Privacy Implications," Workshop on Cryptographic Hardware and Embedded Systems, pp.454-470, 2002.
  19. S. Weis, S. Sarma, R. Rivest, and D. Engels. "Security and Privacy Aspects of Low-Cost Radio Frequency Identication Systems," In Security in Pervasive Computing, pp.201-212, 2004.
  20. UHF RFID Reader Dongle, http://www.nesslab.com/rfid_04_22.php