Abstract:
Radio Frequency ldentification (RFID) is a very promising technology that enables the automatic identification of objects. However, it has some challenging issues such as scalability. Almost all of the existing solutions require the back end server to work linear in the number of tags in order to identify a single tag. There are some proposals providing 0(1) or O(log n) identification complexity, yet, most of them are susceptible to serious attacks including RFID tag corruption attacks. Besides, only a few of them take attacks into consideration for the reader side. Nevertheless, they do not have the desired level of privacy to provide resistance against compromising attacks on both the tag side and the reader side. In this research, we analyze the existing RFID protocols and specify the open problems that cause scalability and privacy concerns. We extend the predefined privacy model of Vaudenay by considering reader side attacks, and then propose a privacypreserving RFID authentication protocol that does not require any search operation in the back end. It provides resistance against tag and reader corruption attacks by using Physically Unclonable Functions (PUFs) as secure storage to keep secrets of the sy stem. Our protocol provides destructive privacy for tag holders in case of reader corruption attacks without any conditions. Additionally, our protocol allows readers to work offiine by transferring the necessary database records to them and still provides destructive privacy in case of corruption of offiine readers. To the best of our knowledge, it is the first protocol providing such a high privacy level without lookup property.