Privacy and Mutual Authentication under Temporary State Disclosure in RFID Systems

Abstract

Privacy and mutual authentication are two significant requirements for real-life applications of RFID schemes. These two requirements have been studied for a long time only for adversaries that cannot corrupt the tem-porary internal state of the tags. Recently, however, it has been shown that corrupting the temporary internal state of the tag is practically possible. This raises the question: do the current RFID protocols that ensure mutual authentica-tion and privacy keep these properties in the temporary state disclosure model? The answer is negative and thus it justifies the effort to propose new RFID protocols that are secure under temporary state disclosure. In this paper, we amply discuss how temporary state disclosure affects mutual authentication and privacy of RFID protocols, and illustrate this on two well-known pro-tocols. We argue then in favor of using the PUF technology in order to achieve mutual authentication and a reasonable enough level of privacy under temporary state disclosure. We close by presenting two RFID schemes that achieve destructive privacy, one of the most important levels of privacy in the context of the physical corruption of tags.