APRAP: Another Privacy Preserving RF Authentication Protocol. Author(s)Miyaji, Atsuko; Rahman, Mohammad Sha

Transcription

1 JAIST Repos Ttle APRAP: Another Prvacy Preservng RF Authentcaton Protocol Author(s)Myaj, Atsuko; Rahman, Mohammad Sha Ctaton th IEEE Workshop on Secure Net Protocols (NPSec): Issue Date Type Conference Paper Text verson publsher URL Rghts Copyrght (C) 2010 IEEE. Reprnted f IEEE Workshop on Secure Network Prot (NPSec), 2010, Ths materal endorsement of any of JAIST's produc servces. Internal or personal use o materal s permtted. However, perm reprnt/republsh ths materal for or promotonal purposes or for creat must be obtaned from the IEEE by wr pubs-permssons@eee.org. By choos here wth permsson of the IEEE. Su of the IEEE does not n any way mpl collectve works for resale or reds ths document, you agree to all prov copyrght laws protectng t. Descrpton Japan Advanced Insttute of Scence and

2 APRAP: Another Prvacy Preservng RFID Authentcaton Protocol Atsuko Myaj School of Informaton Scence Japan Advanced Insttute of Scence and Technology 1-1 Asahda, Nom, Ishkawa, Japan Emal: Mohammad Shahrar Rahman School of Informaton Scence Japan Advanced Insttute of Scence and Technology 1-1 Asahda, Nom, Ishkawa, Japan Emal: Abstract Prvacy preservng RFID (Rado Frequency Identfcaton) authentcaton has been an actve research area n recent years. Both forward securty and backward securty are requred to mantan the prvacy of a tag,.e., exposure of a tag s secret key should not reveal the past or future secret keys of the tag. We envsage the need for a formal model for backward securty for RFID protocol desgns n shared key settngs, snce the RFID tags are too resource-constraned to support publc key settngs. However, there has not been much research on backward securty for shared key envronment snce Serge Vaudenay n hs Asacrypt 2007 paper showed that perfect backward securty s mpossble to acheve wthout publc key settngs. We propose a Prvacy Preservng RFID Authentcaton Protocol for shared key envronment, APRAP 1, whch mnmzes the damage caused by secret key exposure usng nsulated keys. Even f a tag s secret key s exposed durng an authentcaton sesson, forward securty and restrcted backward securty of the tag are preserved under our assumptons. The noton of restrcted backward securty s that the adversary msses the protocol transcrpts whch are needed to update the compromsed secret key. Although our defnton does not capture perfect backward securty, t s stll sutable for effectve mplementaton as the tags are hghly moble n practce. We also provde a formal securty model of APRAP. Our scheme s more effcent than prevous proposals from the vewpont of computatonal requrements. I. INTRODUCTION One of the man ssues of RFID securty and prvacy has to do wth malcous trackng of RFID-equpped objects. Whle trackng RFID tags s typcally one of the key features and goals of a legtmate RFID system, unauthorzed trackng of RFID tags s vewed as a major prvacy threat. Both forward and backward securty are requred to mantan the prvacy of the tag. Forward securty means that even f the adversary acqures the secret data stored n a tag, the tag cannot be traced back usng prevously known messages [1], [8]. Backward securty means the opposte,.e., even f the adversary acqures the secret data stored n a tag, the tag cannot be traced usng subsequently known messages. In other words, exposure of a tag s secret should not reveal any secret nformaton regardng the past or the future of the tag. Moreover, ndstngushablty means that the values emtted by one tag should not be dstngushable from the values emtted by other tags [8], [10]. 1 Ths study s partly supported by Grant-n-Ad for Scentfc Research (C), A. Related Work Many prvacy-preservng mutual RFID authentcaton schemes have been proposed n recent years [4], [5], [6], [9], [16], [14]. An authentcaton protocol for RFID from EPCGlobal Class-1 Gen-2 standards was ntroduced by [5]. Both the authentcaton key and the access key are updated after a successful sesson n order to provde forward securty. However, [16] showed that [5] s not backward- and forwardsecure, because an attacker that compromses a tag can dentfy a tag s past nteractons from the prevous communcatons and the fxed EPC of the tag, and can also read the tag s future transactons. There are also some other prvacy-preservng RFID protocols that address untraceablty and forward securty [4], [6], [14]. However, all these protocols have the same drawback, that s, they cannot provde backward securty. LK and SM schemes [9], [16] have recently descrbed RFID authentcaton schemes satsfyng both forward and backward securty. However, [16] has been shown to be vulnerable to an attack where an adversary breaks the forward securty [15]. The scheme proposed n [9] cannot provde backward securty f the current secret key s compromsed [11]. Snce the adversary s able to trace the target tag at least durng the authentcaton mmedately followng compromse of the tag secret, perfect backward securty makes no sense. Therefore, a mnmum restrcton should be mposed to acheve backward securty, such that the adversary msses the necessary protocol transcrpts to update the compromsed key. Although ths assumpton for backward securty s true for certan classes of prvacy-preservng RFID protocols (.e., for shared key envronment), t s clearly not true for some other cases. For nstance, Vaudenay shows an RFID protocol based on publckey cryptography that s resstant to ths attack [18]. However, our noton of backward securty s true for prvacy-preservng RFID protocols based on shared secrets that are updated on each nteracton between tag and reader, whch s the focus of ths paper. Backward securty s thus harder to acheve than forward securty n general, partcularly under the very constraned envronment of RFID tags. However, backward securty s never less mportant than forward securty n RFID systems. In the case of target tracng, t suffces to somehow steal the tag secret of a target and collect nteracton messages /10/$ IEEE 13

3 to trace the future behavors of the partcular target. Wthout backward securty, ths knd of target tracng s trval. In the case of supply chan management systems, even a catastrophc scenaro may take place wthout backward securty: f tag secrets are leaked at some pont of tag deployment or durng ther tme n the envronment, then all such tags can be traced afterwards. We thus envsage the need for a formal model for backward securty n RFID protocol desgns (even f not perfect), n addton to the well-recognzed forward securty. B. Our Contrbuton We propose APRAP, a prvacy-preservng mutual RFID authentcaton protocol for shared key envronment whch provdes both forward and restrcted backward securty through key nsulaton. Even f a tag s secret key s exposed durng an authentcaton sesson, forward securty and restrcted backward securty of the tag are preserved under our assumptons. The noton of restrcted backward securty s that the adversary msses the protocol transcrpts needed to update the compromsed secret key. The protocol also provdes ndstngushablty between the responses of tags n order to provde prvacy of a tag. We also provde a formal securty model to desgn our prvacy-preservng protocol. Our assumptons for ndstngushablty, and forward/restrcted backward securty are smlar to the assumptons made n prevous work. Organzaton of the paper: The remander of ths paper s organzed as follows: Secton II presents the notatons, assumptons, the protocol model, and the securty defntons. Secton III descrbes the protocol. Next, our scheme s evaluated n Secton IV based on a securty analyss and a comparson wth prevous work. Secton V ncludes concludng remarks. II. PRELIMINARY A. Notatons We use the followng notatons n the protocol descrpton. H- a one-way hash functon, such that H : f0; 1g Λ!f0; 1g. x t and xs are -bt random numbers generated durng tme perod by a tag and a server, respectvely. x rand s a -bt random number generated by a server. sk s a -bt sesson key between a tag and a server durng tme perod. k s a -bt random shared secret key between a tag and a server durng tme perod. SK Λ s a tag-specfc master secret key, stored by a legtmate server only. x s -bt, generated from SK Λ by the server durng sesson. Φ and k are btwse XOR operaton and concatenaton of two bt strngs, respectvely. oo represents dvdng a bt strng nto two equal parts. B. Assumptons AtagT s not tamper-resstant. Intally, t stores the secret key k 1 whch s updated after each authentcaton sesson. All communcaton between a server and a reader s assumed to be over a prvate and authentc channel. In ths paper, we consder Reader and Server as a sngle entty. Therefore, we use the terms Server or S nterchangeably n the text. The adversary cannot compromse the server. The tag s assumed to be vulnerable to repeated key exposures; specfcally, we assume that up to t <N perods can be compromsed. Our goal s to mnmze the effect such compromses wll have. When a secret key s exposed, an adversary wll be able to trace the tag for perod untl the next sngle secure authentcaton sesson. Our noton of securty s that ths s the best an adversary can do. In partcular, the adversary wll be unable to trace a tag for any of the subsequent perods. It s assumed that hash and PRNG take the same amount of executon tme. Splttng and concatenaton operatons take neglgble amounts of tme. C. The Model We desgn the model followng the model proposed n [7]. However, our model s slghtly dfferent than that n [7]. We assume a fxed, polynomal-sze tag set TS= ft 1 ; ; T n g, and a server Server as the elements of an RFID system. A Server has nformaton for TS s authentcaton such as tag s secret key, master key, etc. Before the protocol s run for the frst tme, an ntalzaton phase occurs n both T l and Server, where l = 1; ;n. That s, each T l 2 TS runs an algorthm G to generate the secret key k l,andserver also saves these values n a database feld. A key-updatng authentcaton scheme s a 5-tuple of poly-tme algorthms (G; U Λ ; S; U, Auth(AuthT/AuthS) such that: G, the key generaton algorthm, s a probablstc algorthm whch takes as nput a securty parameter 1, and the total number of tags n. It returns a master key SK Λ, and an ntal shared key k 1 for each tag. U Λ, the partal key generaton algorthm, s a determnstc algorthm whch takes as nput an ndex for a tme perod (throughout, we assume 1»» N), the master key SK Λ and the secret key k of a tag. It returns the partal secret key x, for tme perod. S, the sesson key generaton algorthm, s a determnstc algorthm whch takes as nput an ndex, part of the tag s secret key k 0, and a part of the partal secret key x0. It returns a shared sesson secret key sk for tme perod. U, the tag key-update algorthm, s a determnstc algorthm whch takes as nput an ndex, part of the tag s secret key k 00, a part of the partal secret key x00, and a random xs.it returns the tag s secret key k +1 for tme perod +1 (and erases k, x, x s). Auth(AuthT/AuthS), the authentcaton message verfcaton algorthm, s a determnstc algorthm for a server (resp. tag) whch takes as nput AuthT (resp. AuthS). It returns 1 or the specal symbol?. AuthT/AuthS s as follows: - AuthT/AuthS, the Tag (resp. Server) authentcaton message generaton algorthm, s a probablstc algorthm for a tag (resp. server) whch takes as nput a shared secret sk, a tme perod, and random numbers x t and xs(or xrand )(k 0 ;x ;x s (or x rand ), and x t are the nputs for the server). It returns ff0 (resp. ff ). APRAP s used as one mght expect. A server begns by generatng (SK Λ ;k 1 ) ψ G(1 ;n), storngsk Λ on a server (physcally-secure devce), and storng k 1 n both the server and the tag. At the begnnng of tme perod, the tag requests 14

4 x = U Λ (; SK Λ ;k ) from the server. Usng x,andk,thetag may compute the sesson secret key sk = S(; k 0 ;x0).ths key s used to create authentcaton messages sent durng tme perod. Both the tag and server update ther shared secret by k +1 = U(; k 00 ;x00 ;xs). After computaton of k +1, thetag must erase k,andx. D. Securty Defntons Adversary A s nteracton wth the RFID enttes n the network s modeled by sendng the followng queres to an oracle O and recevng the result from O. The queres n our model follow [8] wth some dfferences. We do not need Reply*/Execute*, snce we do not consder a tag to be mantanng an nternal state n our protocol. Also, we consder server and reader as a sngle entty. So, we do not need Forward 1 /Forward 2 and Auth queres. Instead, Reply, Reply perform the tasks of Forward 1,Forward 2, respectvely. They also serve the purpose of Auth(AuthT/AuthS). ffl Query(S; x s): It calls server (S) and outputs xs of perod. ffl Query (T l ;xt): It calls tag (T l ) and outputs x t of perod. ffl Query b (S; x rand ): It calls server (S) and outputs any random x rand. ffl Reply(S; x t ;ff ;ff ):ItcallsS wth nput x t and outputs ff ;ff for perod. It uses AuthS algorthm. The output s forwarded to T l. ffl Reply (T l ;xs ;ff ;ff ;ff 0):ItcallsTl wth nput x s ;ff ;ff and outputs ff 0 for perod. It uses AuthT algorthm. The output s forwarded to S. ffl Reply b (T l ;xrand ;ff ;ff ;ff 0): It calls T l wth nput x rand ;ff ;ff and outputs ff 0 for perod. It uses AuthT algorthm. The output s forwarded to S. ffl Execute(T l ;S): Ths query uses the algorthms (G; U Λ ; S; U, Auth(AuthT/AuthS)). It receves the protocol transcrpts ff ;x s ;ff0 ;ff ;x t, and outputs them. Ths models the adversary A s eavesdroppng of protocol transcrpts. It has the followng relatonshps wth the above queres: Execute (T l ;S) = Query(S; xs l )^ Query (T ;xt) ^ Reply(S; xt ;ff ;ff ) ^ Reply (T l ;xs ;ff ;ff ;ff 0). ffl Execute b (T l ;S): Ths query uses the algorthms (G; U Λ ; S; U, Auth(AuthT/AuthS)). It receves the protocol transcrpts ff ;ff 0 ;ff ;x t ;xrand, and outputs them. Ths models the adversary A s eavesdroppng of protocol transcrpts except x s whch s used for key update. It has the followng relatonshp wth the above queres: Execute b (T l ;S) = Query b (T l ;xrand ) ^ Query (T l ;xt) ^ Reply(S; xt ;ff ;ff ) ^ Reply b (T l ;xrand ;ff ;ff ;ff 0). ffl RevealSecret (T l ;): Ths query uses the algorthm U. It receves the tag s T l secret key k, and outputs k of perod. ffl Test (T l ;): Ths query s allowed only once, at any tme durng A s executon. A random bt b s generated; f b =1, A s gven transcrpts correspondng to the tag, and f b =0, A receves a random value. We now gve the defntons through securty games, remnscent of classc ndstngushablty n a cryptosystem securty game. We follow [8] to defne ndstngushablty and forward securty. The success of A n the games s subject to A s advantage n dstngushng whether A has receved an RFID tag s real response or a random value. The next two games represent the attack games for forward securty and restrcted backward securty, respectvely. Defnton 1: Indstngushablty ffl Phase 1: Intalzaton (1) Run algorthm G(1 ;n)! (k 1 ;:::;k n ). (2) Set each tag T l s secret key as k l, where T l 2TS= ft 1 ;:::;T n g. (3) Save each T l s k l generated n step (1) n Server s feld. ffl Phase 2: Learnng (1) A nd executes Query(S; x s l ), Query (T ;xt), Reply(S; x t ;ff ;ff ), Reply (T l ;xs ;ff ;ff ;ff 0 ), and Execute (T l ;S) oracles for all n 1 tags, except the T c 2TSused n challenge phase. ffl Phase 3: Challenge (1) A nd selects a challenge tag T c from TS. (2) A nd executes Query(S; x s l ), Query (T ;xt), Reply(S; x t ;ff ;ff ), Reply (T l ;xs ;ff ;ff ;ff 0 ), and Execute (T l ;S) oracles for T c,where =1;:::;q 1. (3) A nd calls the oracle Test(T c ;). (4) For the A nd s Test, Oracle O tosses a far con b 2f0; 1g; let b ψ f0; R 1g.. If b =1, A nd s gven the messages correspondng to T c s -th nstance.. If b =0, A nd s gven random values. (5) A nd outputs a guess bt b 0. A wns f b = b 0 The advantage of any PPT adversary A nd wth computatonal boundary e 1 ;r 1 ;r 2 ;, where e 1 s the number of Execute, r 1 s the number of Reply, r 2 s the number of Reply and s the securty parameter, s defned as follows: Adv nd = jpr[b = b 0 ] 1=2j A nd The scheme provdes ndstngushablty f and only f the advantage of Adv nd A nd s neglgble. Defnton 2: Forward Securty ffl Phase 1: Intalzaton (1) Run algorthm G(1 ;n)! (k 1 ;:::;k n ). (2) Set each tag T l s secret key as k l, where T l 2TS= ft 1 ;:::;T n g. (3) Save each T l s k l generated n step (1) n Server s feld. ffl Phase 2: Learnng (1) A for executes Query(S; x s l ), Query (T ;xt), Reply(S; x t ;ff ;ff ), Reply (T l ;xs ;ff ;ff ;ff 0 ), and Execute (T l c ;S) oracles for all n 1 tags, except for the T 2 TS used n challenge phase. ffl Phase 3: Challenge (1) A for selects a challenge tag T c from TS. (2) A for executes Query(S; x s l ), Query (T ;xt), Reply(S; x t ;ff ;ff ), Reply (T l ;xs ;ff ;ff ;ff 0 l ), Execute (T ;S), and RevealSecret(T c ;) oracles for T c for T c s -th nstance. (3) A for calls the oracle Test(T c ; 1). (4) For the A for s Test, Oracle O tosses a far con b 2f0; 1g; let b R ψ f0; 1g. 15

5 . If b =1, A for s gven the messages correspondng to T c s ( 1)-th nstance.. If b =0, A for s gven random values. (5) A for executes the oracles for n 1 tags of TS, except T c, lke n the learnng phase. (6) A for outputs a guess bt b 0. A wns f b = b 0 The advantage of any PPT adversary A for wth computatonal boundary e 1 ;r 1 ;r 2 ;, where e 1 s the number of Execute, r 1 s the number of Reply, r 2 s the number of Reply and s the securty parameter, s defned as follows: Adv for = jpr[b = b 0 ] 1=2j A The scheme s forward for secure f and only f the advantage of Adv for s neglgble. A for Defnton 3: Restrcted Backward Securty 1 ffl Phase 1: Intalzaton (1) Run algorthm G(1 ;n)! (k 1 ;:::;k n ). (2) Set each tag T l s secret key as k l, where T l 2TS= ft 1 ;:::;T n g. (3) Save each T l s k l generated n step (1) n Server s feld. ffl Phase 2: Learnng (1) A back executes Query b (T l ;xrand ), Query (T l ;xt), Reply(S; x t ;ff ;ff ), Reply b (T l ;xrand ;ff ;ff ;ff 0), and Execute b (T l ;S) oracles for all n 1 tags, except for the T c 2TS used n challenge phase. ffl Phase 3: Challenge (1) A back selects a challenge tag T c from TS. (2) A back executes Query b (T l ;xrand ), Query (T l ;xt), Reply(S; x t ;ff ;ff ), Reply b (T l ;xrand ;ff ;ff ;ff 0), Execute b (T l ;S), andrevealsecret(t c ;) oracles for T c s -th nstance. (3) A back calls the oracle Test(T c ;+1). (4) For the A back s Test, Oracle O tosses a far con b 2f0; 1g; letb ψ f0; R 1g.. If b = 1, A back s gven the messages correspondng to T c s +1th nstance.. If b =0, A back s gven random values. (5) A back executes oracles for n 1 tags of TS, except T c, lke n the learnng phase. (6) A back outputs a guess bt b 0. A wns f b = b 0 The advantage of any PPT adversary A back wth computatonal boundary e 2 ;r 1 ;r b ;, where e 2 s the number of Execute b, r 1 s the number of Reply, r b s the number of Reply b and s the securty parameter, s defned as follows: Adv for = jpr[b = b 0 ] 1=2j A back 1 Snce once obtanng the tag secret by RevealSecret, A back takes all the power of the tag tself and thus can trace the target tag at least durng the authentcaton mmedately followng the attack. In typcal RFID system envronments, tags and readers operate only at short communcaton range and for a relatvely short perod of tme. Thus, the mnmum restrcton for backward securty s such that the adversary msses the protocol transcrpts needed to update the compromsed secret key. The same restrcton was appled n [16]. On the other hand, [9] clamed that there should exst some non-empty gap not accessble by the adversary between the tme of a reveal query and the attack tme. But ths restrcton was shown to be nadequate to provde backward securty by [11]. The scheme s restrcted backward secure f and only f the advantage of Adv back s neglgble. A back Defnton 4: Prvacy-Preservng Protocol A protocol s prvacy-preservng when ndstngushablty, forward securty, and restrcted backward securty are guaranteed for any PPT adversary A wth computatonal boundary e 1 ;r 1 ;e 2 ;r 2 ;r b ;,wheree 1 s the number of Execute, r 1 s the number of Reply, e 2 s the number of Execute b, r 2 s the number of Reply, r b s the number of Reply b and s the securty parameter. III. PROTOCOL DESCRIPTION Table I descrbes the protocol buldng blocks, and Fg. 1 descrbes the authentcaton sesson. Durng any sesson, the followng steps take place between a tag and a server: 1. The server sends a random challenge x s to the tag. 2. The tag reples to the server wth a random x t. 3. The server splts k nto k 0 and k00,andxs nto xs0 and x s0. It then generates x from SK Λ and k by H (SK Λ ;k ), where H s the -th tme run for H. SK Λ s used to generate x so that no other enttes other than a vald server can generate x. Even f an adversary compromses k, t can not generate x for any subsequent sessons usng only that k. x s s used as a random number for server authentcaton, and x s used as the partal key for the present sesson. The server computes ff = H(k 0 kx ;x s kxt ),andff = k Φ x.theserver sends ff and ff to the tag. 4. After recevng ff and ff, the tag splts k nto k 0 and k00, and extracts x from ff. The tag then authentcates the server by verfyng ff. If the server s authentcated as a legtmate server, the tag splts x s nto x s0 and x s00, and x nto x 0 and x 00. The tag now computes the sesson secret key sk by concatenatng k 0 and x0. It then computes ff0 = H(xt kxs ;sk ), and updates ts own secret key to k +1 by H(k 00 kx00 ;xs).the tag sends ff 0 to the server, and erases x, x t,andsk from ts memory. The updated k +1 s used for the next authentcaton sesson. 5. After the server receves ff 0, t authentcates the tag by verfyng ff 0. The server then updates the secret key to k +1 of the tag by H(k 00 kx00 ;xs). Ths updated k +1 s stored n the server database, and s used for the next authentcaton sesson. 2 A. Securty Analyss IV. EVALUATION Due to page lmtaton, we omt the securty proofs and put them n the full verson. Theorem 1: The protocol ß =(G, U Λ, S, U, Auth(AuthT/ AuthS) provdes ndstngushablty for any PPT adversary 2 Note that t s mperatve for the respectve tmes taken by authentcaton success and falure to be as close as possble to prevent obvous tmng attacks by malcous readers (amed at dstngushng among the two cases)[17]. For ths reason, even f the authentcaton by a tag s faled, t should generate random numbers nstead of smply falure, to make the cases of success and falure ndstngushable from each other. 16

6 Tag: k x t TABLE I PROTOCOL BUILDING BLOCKS U Λ : Auth (AuthT/ AuthS) nput: ; SK Λ ;k AuthT: compute: H (SK Λ ;k ) nput: ; x t ;xs;sk return: x compute: H(x t kxs;sk ) S: return: ff 0 nput: ; k 0 AuthS: ;x0 compute: k 0 nput: kx0 ; x s ;k0;x ;x t return: sk compute: H(k 0kx ;x s kxt) U: return: ff nput: ; k 00 ;x00 ;xs ) return: 1 or? compute: H(k 00 kx00 ;xs) return: k +1 2f0; 1gΛ x k = k 0 ook00 x = ff Φ k Auth(AuthS)! 1 or? x s = xs0 oox s00 x = x 0 oox00 S(; k 0 ;x0 )! sk AuthT(; x t ;xs ;sk )! ff 0 U(; k 00 ;x00 ;xs )! k +1 Fg. 1. x s ψ Server: SK Λ ;k 2f0; 1gΛ x s t! k = k 0 ook00 ff ;ff ψ x s = xs0 oox s00 U Λ (; SK Λ ;k )! x AuthS(; k 0 ;x ;x s ;xt )! ff ff = k Φ x ff 0! Auth(AuthT)! 1 or? U(; k 00 ;x00 ;xs )! k +1 Our Scheme: APRAP A nd wth computatonal boundary e 1 ;r 1 ;r 2 ;,wheree 1 s the number of Execute, r 1 s the number of Reply, r 2 s the number of Reply and s the securty parameter. Theorem 2: The protocol ß =(G, U Λ, S, U, Auth(AuthT/ AuthS) s forward secure for any PPT adversary A for wth computatonal boundary e 1 ;r 1 ;r 2 ;,wheree 1 s the number of Execute, r 1 s the number of Reply, r 2 s the number of Reply and s the securty parameter. Theorem 3: The protocol ß =(G, U Λ, S, U, Auth(AuthT/ AuthS) s restrcted backward secure for any PPT adversary A back wth computatonal boundary e 2 ;r 1 ;r b ;,wheree 2 s the number of Execute b, r 1 s the number of Reply, r b s the number of Reply b and s the securty parameter. Theorem 4: The protocol ß =(G, U Λ, S, U, Auth(AuthT/ AuthS) s prvacy-preservng for any PPT adversary A wth computatonal boundary e 1 ;e 2 ;r 1 ;r 2 ;r b ;,where e 1 s the number of Execute, e 2 s the number of Execute b, r 1 s the number of Reply, r 2 s the number of Reply, r b s the number of Reply b and s the securty parameter. B. Dscusson and Comparson Wth Prevous Work Deursen et al. [21] dscussed a weakness of the ndstngushablty defnton of [8]. Deursen et al. argued that, to acheve locaton prvacy, the adversary must not be able to dstngush one tag s response from other tags responses, but t s not necessary that the adversary cannot dstngush the tag s response from any arbtrary value. However, our defnton can be modfed accordng to ther argument. For that purpose, the oracle queres should run on all but two tags whch are used for the challenge phase. All the adversary needs to do s to dstngush between those two tags. In fact, our assumpton about the tag responses s such that the output of the one-way hash functons are ndstngushable from a random bt strng of equal length. In [2], Bellare et al. show that t s mpossble to acheve publc-channel key nsulated securty n the face of an actve adversary (who can compromse the secret key). Although we follow the dea of key nsulaton from [7], assumng passve adversary n case of RFID (who can eavesdrop only) s not practcal, as t s easy for an adversary to break nto a tag s memory. Consderng ths, the assumptons made n our scheme (as well as n [16]) are more realstc to acheve restrcted backward securty, and the other features as well. However, many of the exstng mutual authentcaton protocols may support restrcted backward securty under our assumpton ([3], [19], [17] to name a few). But [3], [19] requre a tag to remember too many secrets. Moreover, [3], [19] cannot provde forward securty as shown by [13] and [22], respectvely. Agan, [17] requres more computaton than our scheme, and t does not provde reader authentcaton. Nevertheless, none of these protocols came up wth a formal model of backward securty (even f not perfect). Although t s not the prmary target of our proposed protocol, t s also possble to prevent desynchronzaton attacks [20] n our protocol to some extent. We consder the followng type of attack: If the last message s blocked, the tag updates the shared secret key, k, but the server doesn t. The server and tag are no longer able to communcate successfully. To prevent such an attack, the server has to remember the last vald authentcaton sesson transcrpts and the secret values. When a server receves some random number nstead of a vald authentcaton value from a tag, the server updates tself usng the nformaton from the last vald sesson, and tres agan to get synchronzed wth the tag. Although the queston of scalablty s an ssue here, ths approach can help avod such desynchronzaton attacks n a lmted way (of course the system gets desynchronzed f the last messages from two consecutve sessons are blocked). Even though the system gets desynchronzed, an adversary can not trace a tag from ts desynchronzed state, snce the responses of a tag are always pseudorandom, hence ndstngushable. However, we 17

7 are more concerned wth exposure reslence of the secret key and ts effect on the authentcaton protocol, rather than the desynchronzaton attacks. Provdng full resstance aganst desynchronzaton attacks s a separate ssue. We compare our work, based on securty propertes and computatonal cost, wth LK and SM schemes n Table II below. Accordng to [8], a scheme must satsfy both forward securty and ndstngushablty n order to acheve strong locaton prvacy. If a scheme satsfes ndstngushablty only, the scheme s weak locaton prvate. [15] has shown that SM scheme s not forward secure. So, SM scheme s weak locaton prvate only, whereas our scheme s strong locaton prvate. SM scheme furthermore does not gve any formal securty model for ndstngushablty and forward securty. Regardng computatonal requrements, our protocol requres a smple one-way hash functon, random number generaton and the XOR operaton. We use a smple hash functon lke SQUASH [12] to acheve forward securty for the tag. Ths requres around 1K gates. As the server needs to authentcate tself frst to a tag, the server must broadcast the authentcaton messages to the tags. Snce the server does not know the d of the tag that t wants to authentcate, the server has to compute and broadcast the authentcaton messages for all the tags n ts storage. We assume that the server has enough resource to perform such computaton. On the other hand, a tag recevng the broadcast messages has to fnd a match wth t s verfcaton value. Although computng the verfcaton value s always constant, fndng a match ncreases the requred computatons accordng to the number of broadcast messages n the worst case. As stated earler, such a scenaro s unavodable when we requre that a server should authentcate tself frst to a tag. We say that our scheme s more sutable for an envronment where the reader must read a number of tags at a tme (nventory management) and/or where there are not too many tags (lbrary wth a few thousand books). TABLE II PERFORMANCE COMPARISON WITH PREVIOUS WORKS schemes nd. for. sec. back. sec. tag s comp. tag s storage p p LK [9] X 2 XOR, 5 hash 384 bts p p SM [16] X 6 XOR, 4 hash 128 bts p p p APRAP 1 XOR, 4 hash 128 bts ffl assumng each secret key s 128 bts long; hash functons and PRNG requre the same computatonal resources; nd.: ndstngushablty; for. sec.: forward securty; back. sec.: restrcted backward securty; p : the property s satsfed; X: the property s not satsfed V. CONCLUSION We have proposed APRAP, a prvacy-preservng mutual RFID authentcaton protocol for shared key envronment. The protocol uses two dfferent keys for mutual authentcaton. The server sends a random partal key (generated from a master secret key SK Λ ) to a tag. The tag generates the sesson key sk to authentcate tself to the server. The tag s secret key k s updated usng a partal key receved from the server. As k s purely fresh for every tme perod, the tag s securty s guaranteed for all other tme perods (both for the past and future) under our assumptons. We show that our scheme s computatonally more effcent than the SM and LK schemes. Our protocol satsfes ndstngushablty, and acheves both forward and restrcted backward securty through key-nsulaton. We provde a formal securty model of the proposed protocol as well. REFERENCES [1] Bellare, M. and Yee, B.: Forward-Securty n Prvate-Key Cryptography. [2] Bellare, M., Duan, S., and Palaco, A.: Key Insulaton and Intruson Reslence over a Publc Channel. The Cryptographers Track at the RSA Conference- CT-RSA, pages 84-99, Sprnger-Verlag (2009) [3] Burmester, M., de Mederos, B. and Motta, R.: Anonymous RFID authentcaton supportng constant-cost key-lookup aganst actve adversares. Journal of Appled Cryptography, 1(2), pages (2008) [4] Canard, S. and Cosel, I.: Data Synchronzaton n Prvacy Preservng RFID Authentcaton Schemes. The 4th Workshop on RFID Securty- RFIDSec (2008) [5] Chen, H. and Chen, C.: Mutual authentcaton protocol for RFID conformng to EPC class 1 generaton 2 standards. Computer Standards and Interfaces, 29(2), pages (2007) [6] Dmtrou, T.: RFIDDOT: RFID Delegaton and Ownershp Transfer made smple. 4th Internatonal ICST Conference on Securty and Prvacy n Communcaton Networks- SecureComm, ACM (2008) [7] Dods, Y., Katz, J., Xu, S. and Yung, M.: Key-Insulated Publc-Key Cryptosystems. EUROCRYPT, pages 65-82, Sprnger-Verlag (2002) [8] Ha, JH., Moon, SJ., Zhou, J., Ha, JC.: A New Formal Proof Model for RFID Locaton Prvacy. The European Symposum On Research In Computer Securty- ESORICS, pages , Sprnger-Verlag (2008) [9] Lm, C.H. and Kwon, T.: Strong and Robust RFID Authentcaton Enablng Perfect Ownershp Transfer. Internatonal Conference on Informaton and Communcatons Securty- ICICS, pages 1-20, Sprnger- Verlag (2006) [10] Ohkubo, M., Suzk, K. and Knoshta, S.: Cryptographc approach to prvacy-frendly tags. RFID Prvacy Workshop, MIT, USA. (2003) [11] Ouaf K. and Phan RC-W. : Traceable Prvacy of Recent Provably-Secure RFID Protocols. Appled Cryptography and Network Securty- ACNS, pages , Sprnger-Verlag (2008) [12] Shamr, A.: SQUASH - A New MAC wth Provable Securty Propertes for Hghly Constraned Devces Such as RFID Tags. Fast Software Encrypton- FSE, pages , Sprnger-Verlag (2008) [13] Song, B.: RFID Authentcaton Protocols usng Symmetrc Cryptography. PhD thess, December [14] Song, B.: RFID Tag Ownershp Transfer. The 4th Workshop on RFID Securty- RFIDSec (2008) [15] Phan RC-W., Wu, J., Ouaf, K., Stnson, DR.: Prvacy Analyss of Forward and Backward Untraceable RFID Authentcaton Schemes. Manuscrpt [16] Song, B. and Mtchell, C.J.: RFID Authentcaton Protocol for Lowcost Tags. The ACM Conference on wreless Network Securty- WSec, ACM Press (2008) [17] Tsudk G.: A famly of dunces: Trval RFID dentfcaton and authentcaton protocols. Prvacy Enhancng Technologes- PETS, pages 45-61, Sprnger-Verlag (2007) [18] Vaudenay, S.: On Prvacy Models for RFID. ASIACRYPT, pages 68-87, Sprnger-Verlag (2007) [19] van Le T., Burmester, M. and de Mederos B.: Unversally composable and forward-secure rfd authentcaton and authentcated key exchange. ASIACCS, pages , ACM Press (2007). [20] van Deursen, T. and Radomrovc, S.: Attacks on RFID Protocols. Cryptology eprnt Archve, Report 2008/310. [21] van Deursen, T. and Radomrovc, S.: On a New Formal Proof Model for RFID Locaton Prvacy. Cryptology eprnt Archve, Report 2008/477. [22] Yu, K. Y., Yu, S.M., and Hu C.K.L.: RFID Forward Secure Authentcaton Protocol: Flaw and Soluton. Internatonal Conference on Complex, Intellgent and Software Intensve Systems- CISIS, pages , IEEE (2009). 18