Logo PTI Logo FedCSIS

Communication Papers of the 19th Conference on Computer Science and Intelligence Systems (FedCSIS)

Annals of Computer Science and Information Systems, Volume 41

Analyzing the Privacy of a Healthcare RFID Authentication Protocol

,

DOI: http://dx.doi.org/10.15439/2024F5622

Citation: Communication Papers of the 19th Conference on Computer Science and Intelligence Systems (FedCSIS), M. Bolanowski, M. Ganzha, L. Maciaszek, M. Paprzycki, D. Ślęzak (eds). ACSIS, Vol. 41, pages 117124 ()

Full text

Abstract. With the growing use of RFID systems in IoT environments, it is crucial for these systems to be highly efficient, reducing costs while also maintaining functionality. As technology evolves, adversaries' capabilities also increase, highlighting the necessity to consider all potential vulnerabilities that could be exploited, especially in terms of security and privacy. One particular case requiring attention is the use of temporary variables, which can inadvertently provide valuable information to an adversary. This scenario will be exemplified and addressed through the case of an RFID mutual authentication scheme designed for the healthcare field.

References

  1. S. Vaudenay, “On Privacy Models for RFID,” in Advances in Cryptology – ASIACRYPT 2007, K. Kurosawa (Ed.), Berlin, Heidelberg: Springer, 2007, pp. 68–87, http://dx.doi.org//10.1007/978-3-540-76900-2_5.
  2. R.-I. Paise and S. Vaudenay, “Mutual Authentication in RFID: Security and Privacy,” Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS ’08, March 2008, http://dx.doi.org/10.1145/1368310.1368352.
  3. J. Hermans, A. Pashalidis, F. Vercauteren, and B. Preneel, “A New RFIDPrivacy Model,” in Computer Security – ESORICS 2011, V. Atluri and C. Diaz (Eds.), Berlin, Heidelberg: Springer, 2011, pp. 568–587, https://doi.org/10.1007/978-3-642-23822-2_31.
  4. J. Hermans, R. Peeters, and B. Preneel, “Proper RFID privacy: Model and protocols,” IEEE Transactions on Mobile Computing, vol. 13, no. 12, pp. 2888–2902, December 2014, http://dx.doi.org/10.1109/TMC.2014. 2314127.
  5. F. L. Tiplea, “Lessons to be Learned for a Good Design of Private RFID Schemes,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 4, pp. 2384–2395, 2022, http://dx.doi.org/10.1109/TDSC.2021.3055808. http://dx.doi.org/10.1109/TMC.2014.2314127.
  6. F. L. Tiplea and C. Hristea, “PUF Protected Variables: A Solution to RFID Security and Privacy Under Corruption With Temporary State Disclosure,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 999–1013, 2021, http://dx.doi.org/10.1109/TIFS.2020.3027147.
  7. S. Weis, S. Sarma, R. Rivest, and D. Engels, “Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems,” Lect. Note. Comput. Sci., vol. 2802, April 2003, http://dx.doi.org/10.1007/978-3-540-39881-3_18.
  8. M. Shariq, K. Singh, M. Y. Bajuri, A. Pantelous, A. Ahmadian, and M. Salimi, “A Secure and Reliable RFID Authentication Protocol using Schnorr Digital Cryptosystem for IoT-enabled Healthcare in COVID-19 Scenario,” Sustainable Cities and Society, vol. 75, pp. 103354, September 2021, http://dx.doi.org/10.1016/j.scs.2021.103354.
  9. K. Ouafi and R. C.-W. Phan, “Privacy of Recent RFID Authentication Protocols,” in Information Security Practice and Experience. IS-PEC 2008, Springer, Berlin, 2008, pp. 263-277, https://doi.org/10.1007/978-3-540-79104-1_19.
  10. A. Juels and S. A. Weis, “Defining Strong Privacy for RFID,” Cryptology ePrint Archive, Paper 2006/137, 2006. Available: https://eprint.iacr.org/2006/137
  11. D. Dolev and A. Yao, “On the Security of Public Key Protocols,” IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 198-208, 1983, https://doi.org/10.1109/TIT.1983.1056650.
  12. Y. Gao, S. Al-Sarawi, and D. Abbott, “Physical unclonable functions,” Nature Electronics, vol. 3, no. 2, pp. 81-91, February 2020, http://dx.doi.org/10.1038/s41928-020-0372-5.
  13. F. Costa, S. Genovesi, M. Borgese, A. Michel, F. A. Dicandia, and G. Manara, “A Review of RFID Sensors, the New Frontier of Internet of Things,” Sensors, vol. 21, no. 9, article no. 3138, 2021, http://dx.doi.org/10.3390/s21093138. Available: https://www.mdpi.com/1424-8220/21/9/3138.
  14. D. Pointcheval and J. Stern, “Security Proofs for Signature Schemes,” in EUROCRYPT 1996, vol. 1070, pp. 387-398, 1996, http://dx.doi.org/10.1007/3-540-68339-9_33.
  15. D. Pointcheval and J. Stern, “Security Arguments for Digital Signatures and Blind Signatures,” Journal of Cryptology, vol. 13, pp. 361-396, 2000, https://doi.org/10.1007/s001450010003.
  16. B. Halak, “Physically Unclonable Functions: Design Principles and Evaluation Metrics,” in Physically Unclonable Functions, Springer, Cham, 2018, https://doi.org/10.1007/978-3-319-76804-5_2.
  17. D. Yamamoto, M. Takenaka, K. Sakiyama, and N. Torii, “Security Evaluation of Bistable Ring PUFs on FPGAs Using Differential and Linear Analysis,” 2014 Federated Conference on Computer Science and Information Systems, Warsaw, Poland, 2014, pp. 911-918, http://dx.doi.org/10.15439/2014F122.