Security and privacy in RFID systems

Abstract : While RFID systems are one of the key enablers helping the prototype of pervasive computer applications, the deployment of RFID technologies also comes with new privacy and security concerns ranging from people tracking and industrial espionage to produ ct cloning and denial of service. Cryptographic solutions to tackle these issues were in general challenged by the limited resources of RFID tags, and by the formalizations of RFID privacy that are believed to be too strong for such constrained devices. It follows that most of the existing RFID-based cryptographic schemes failed at ensuring tag privacy without sacrificing RFID scalability or RFID cost effectiveness. In this thesis, we therefore relax the existing definitions of tag privacy to bridge the gap between RFID privacy in theory and RFID privacy in practice, by assuming that an adversary cannot continuously monitor tags. Under this assumption, we are able to design sec ure and privacy preserving multi-party protocols for RFID-enabled supply chains. Namely, we propose a protocol for tag ownership transfer that features constant-time authentication while tags are only required to compute hash functions. Then, we tackle the problem of product genuineness verification by introducing two protocols for product tracking in the supply chain that rely on storage only tags. Finally, we present a solution for item matching that uses storage only tags and aims at the automation of safety inspections in the supply chain.The protocols presented in this manuscript rely on operations performed in subgroups of elliptic curves that allow for the construction of short encryptions and signatures, resulting in minimal storage requirements for RFID tags. Moreover, the privacy and the security of these protocols are proven under well defined formal models that take into account the computational limitations of RFID technology and the stringent privacy and security requirements of each targeted supply chain application.
Document type :
Theses
Complete list of metadatas

Cited literature [150 references]  Display  Hide  Download

https://pastel.archives-ouvertes.fr/pastel-00990228
Contributor : Abes Star <>
Submitted on : Tuesday, May 13, 2014 - 12:17:08 PM
Last modification on : Thursday, October 17, 2019 - 12:36:08 PM
Long-term archiving on : Monday, April 10, 2017 - 9:48:15 PM

File

These_Elkhiyaoui_-_V1.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : pastel-00990228, version 1

Citation

Kaoutar Elkhiyaoui. Security and privacy in RFID systems. Other [cs.OH]. Télécom ParisTech, 2012. English. ⟨NNT : 2012ENST0040⟩. ⟨pastel-00990228⟩

Share

Metrics

Record views

855

Files downloads

1490