Security and Privacy in Two RFID Deployments , With New Methods For Private Authentication and RFID Pseudonyms

We study security and privacy in deployments of Radio Frequency Identification (RFID) technology and propose novel mechanisms for improving RFID privacy. In the first part of the thesis, we consider two real deployments of RFID technology: library books and electronic passports. For each deployment, we set out security and privacy issues. Then we analyze existing RFID technology in the context of these issues. We relate these issues to concrete technical problems, such as the problem of private authentication: how can Alice and Bob determine that they share a secret key without an eavesdropper learning their identities? The second part of the thesis describes new techniques for solving these problems. We describe a symmetric-key private authentication protocol which requires work logarithmic in the number of RFID tags in a system, while all previous solutions required linear work. Then we discuss using a trusted third party called an “infomediary” to enforce a privacy policy and a way to realize the infomediary by “recoding” RFID tags. We move beyond recoding with a method for tags to generate a new one-time pseudonym on each reading. Our pseudonym scheme requires work logarithmic in the number of tags for an infomediary to learn the real tag ID from a pseudonym, while all previous schemes required linear work. A drawback is that our scheme loses some, but not all, privacy if individual tags are compromised; we show that the result is a tradeoff between privacy and reader efficiency. Our scheme also supports delegation to third parties of the ability to learn tag IDs for a limited number of reads. We show that delegation enables the transfer of an RFID-tagged item between two mutually distrustful parties. Finally, we close with open problems and future directions.