05-05-2011, 02:34 PM
Abstract
One of the problems in low-cost passive RFID tagsis that they do not provide authentication andprivacy. To address this problem Liu et al.proposed the PAP protocol for low-cost passiveRFID tag in ICCST 2009. The PAP is has lowcomputation and ensures privacy andauthentication between tags and readers, especiallydesigned for SCM (Supply Chain Management)and small shops. We present an IPAP: ImprovedPrivacy and Authentication Protocol. IPAP has 2-bits privacy bit to support refined privacyprotection and lower computation overheadcompared with the original PAP.
Keywords: RFID security, RFID privacy, passiveRFID tag Security
1 Introduction
RFID is a tiny tag to communicate with readerwith providing identity (ID) of an object. To thebest of our knowledge, there are three types ofRFID tags: passive, active and semi-passive.Active tags are powered by battery so it cancommunicate longer range than Passive tags.Passive tags are powered by the signal of thereaders and can be used only within short range.[7]However passive tags are more popular becausethey are smaller and cheaper than active tags. Inthis paper, we will focus on passive RFID tags. Inthis type of tags, one of the most influentialstandards is the EPC Global standard class1 Gen2[2].As passive RFID systems are widely used invarious fields, security issues have also increased.In particular, low-cost passive RFID tags have lackof authentication and privacy. E.g., unauthorizedreader or tag can access the system. Also, attackerscan clandestine tracking and inventorying, which isa serious problem in privacy.[1]Liu et al. proposed the PAP protocol to addressthis problem in ICCST 2009 [1]. The PAPprovides privacy and authentication using hashlock function.[3] However, in In-Store protocol atag provides unique identifier of product withoutauthentication, which may cause privacy problems.Our protocol uses 2-bits privacy bit fordetermining degree of privacy protection. Usingthese bits, we provide improved privacy protocol:IPAP, which provides refined privacy protection.Furthermore, it has lower computation overheadcompared with the original PAP.This paper is organized as follows. In Section 2,we explain related work. In Section 3 the IPAP anddemerits of the PAP is described. Then, we presentthe Improved PAP protocol in Section 4. Finally,we conclude in Section 5.
2 Related work
There have been appeared many protocols forproviding authentication and privacy in RFIDsystems (e.g. “Killing Tag”, “Blocker Tag”, and soon.). Refer to survey paper “RFID Security andPrivacy: A Research Survey” for details [4].Recently, various provable RFID securityprotocols are being studied, which are withmathematical proof with security and privacy ofthe protocols [5][6].Liu et al. proposed the PAP protocol for low-costpassive RFID tag in ICCST 2009.[1] PAP is basedon EPC global class1 gen2 standard and designedfor SCM (Supply Chain Management) and smallshops. We explain PAP protocol and Demerits ofthe PAP Protocol in Section 3.
Download full report
http://www.cse.msu.edu/~alexliu/publicat...ap/pap.pdf
One of the problems in low-cost passive RFID tagsis that they do not provide authentication andprivacy. To address this problem Liu et al.proposed the PAP protocol for low-cost passiveRFID tag in ICCST 2009. The PAP is has lowcomputation and ensures privacy andauthentication between tags and readers, especiallydesigned for SCM (Supply Chain Management)and small shops. We present an IPAP: ImprovedPrivacy and Authentication Protocol. IPAP has 2-bits privacy bit to support refined privacyprotection and lower computation overheadcompared with the original PAP.
Keywords: RFID security, RFID privacy, passiveRFID tag Security
1 Introduction
RFID is a tiny tag to communicate with readerwith providing identity (ID) of an object. To thebest of our knowledge, there are three types ofRFID tags: passive, active and semi-passive.Active tags are powered by battery so it cancommunicate longer range than Passive tags.Passive tags are powered by the signal of thereaders and can be used only within short range.[7]However passive tags are more popular becausethey are smaller and cheaper than active tags. Inthis paper, we will focus on passive RFID tags. Inthis type of tags, one of the most influentialstandards is the EPC Global standard class1 Gen2[2].As passive RFID systems are widely used invarious fields, security issues have also increased.In particular, low-cost passive RFID tags have lackof authentication and privacy. E.g., unauthorizedreader or tag can access the system. Also, attackerscan clandestine tracking and inventorying, which isa serious problem in privacy.[1]Liu et al. proposed the PAP protocol to addressthis problem in ICCST 2009 [1]. The PAPprovides privacy and authentication using hashlock function.[3] However, in In-Store protocol atag provides unique identifier of product withoutauthentication, which may cause privacy problems.Our protocol uses 2-bits privacy bit fordetermining degree of privacy protection. Usingthese bits, we provide improved privacy protocol:IPAP, which provides refined privacy protection.Furthermore, it has lower computation overheadcompared with the original PAP.This paper is organized as follows. In Section 2,we explain related work. In Section 3 the IPAP anddemerits of the PAP is described. Then, we presentthe Improved PAP protocol in Section 4. Finally,we conclude in Section 5.
2 Related work
There have been appeared many protocols forproviding authentication and privacy in RFIDsystems (e.g. “Killing Tag”, “Blocker Tag”, and soon.). Refer to survey paper “RFID Security andPrivacy: A Research Survey” for details [4].Recently, various provable RFID securityprotocols are being studied, which are withmathematical proof with security and privacy ofthe protocols [5][6].Liu et al. proposed the PAP protocol for low-costpassive RFID tag in ICCST 2009.[1] PAP is basedon EPC global class1 gen2 standard and designedfor SCM (Supply Chain Management) and smallshops. We explain PAP protocol and Demerits ofthe PAP Protocol in Section 3.
Download full report
http://www.cse.msu.edu/~alexliu/publicat...ap/pap.pdf