Abstract:
This thesis studies security and privacy issues of Radio Frequency Identi cation (RFID) technology that enhances ubiquitous computing environment. Privacy is one of main issues to adopt RFID technology in daily use. Due to resource constraints of low cost RFID tags in terms circuit size, power consumption and memory size, it is very restricted to design a private authentication protocol based on existing cryptographic functions. In this thesis, we focus on the security of low cost RFID tags. Our contributions are as follows. First, we analyze the security of recent RFID authentication protocols with respect to two security requirements: mutual authentication and availability. We propose impersonation and de-synchronization attacks and improvements to recent RFID authentication protocols. Secondly, we analyze the security of chaotic-map based RFID protocols. We propose secret disclosure, tracking, impersonation and de-synchronization attacks against chaotic-map based RFID protocols. We propose revised protocols resistant to our proposed attacks. Finally, we study privacy and scalability issues in RFID. All former RFID protocols giving the desired level of privacy required linear work in the back-end server. We propose PUF-based scalable authentication protocols for RFID systems. They provide destructive privacy according to the Vaudenay's privacy and security model. They defend against compromising attack by using PUFs as a secure storage to keep secrets of the tag. To the best of our knowledge, they are the rst to provide this level of privacy with constant identi cation time.