|
|
Note that the adversary submits its S R query if its simulated output is ID so that the database entry can be correctly updated.
Finally, we notice that Game is described by the simple security experiment. We therefore conclude that simple security for simple and weakly-correct RFID schemes implies security.
. . Privacy
e intuition behind the privacy de nition in the Vaudenay model is that any signi cant adversary against privacy should output a statement deduced om the interactions between the tags and the system. is was formalized using the classical simulation paradigm: any adversary making e ective use of the protocol messages should have its success probability a ected if she were to interact with an intermediate between the RFID system and the adversary that simulates the protocol messages. is intermediate system is called a blinder. As privacy only concerns the wireless link, blinders are not required to simulate tag creation and corruption queries.
erefore, the rst step in de ning Vaudenay’s notion of privacy is to de ne blinders.
De nition . (Blinder)
A blinder B for an adversary A is a stateful polynomial-time algorithm which sees the same messages as A and simulates the L , S R , S T , and R oracles to A. e blinder does not have access to the reader’s tape and is given neither the reader’s secret key sk nor access to the database.
A blinded adversary AB is an adversary who does not produce any L , S R , S T , R oracles query but relies on B to obtain answers for those queries.
e second de nition formalizes the privacy game and the fact that privacy means that no adversary deduces any information from the protocol messages.
De nition . (Privacy)
We consider adversaries who start with an attack phase consisting of oracle queries and some computations then pursuing an analysis phase with no oracle query. In between phases, the adversary receives the hidden table T of the D T oracle then outputs a bit b, or equivalently a boolean statement that evaluates to 1 or 0. e adversary wins if the output is 1.
We say that the RFID scheme is P private if for any simulatable adversary A which belongs to class P there exists a blinder B for which we have
Pr[A(pk) ! 1] Pr[AB(pk) ! 1]j = negl(k):
.
|
|
|
|
|
|
||
|
Strong |
) |
Destructive |
) |
Forward |
) |
Weak |
|
̸*+ |
|
̸*+ |
|
|
|
|
|
Narrow-Strong ) Narrow-Destructive |
) Narrow-Forward ) Narrow-Weak |
|||||
|
Figure 8.1: Implications, separations and Equivalences in Vaudenay’s Privacy notions. |
e implications |
|||||
|
from weaker to stronger privacy notions assume weak-correctness and security for the RFID |
||||||
|
scheme. |
|
|
|
|
|
|
8.3Equivalences and Impossibilities of some Privacy Classes
In this section, we present Vaudenay’s results in the equivalence between the di erent levels of privacy. A special attention is also given to the relation between Forward and key exchange protocols’ notion of perfect-forward secrecy as well as to the impossibility result of Strong privacy. Figure . summarizes these results.
. . From Narrow Privacy to Privacy
e rst result we present is related to the relation between Narrow-Weak and Weak privacy, and between Narrow-Forward and Forward privacy. Basically, Vaudenay showed that if an RFID authentication protocol that is strongly correct, secure, and achieves Narrow-Weak privacy, resp. Narrow-Forward privacy, is Weak private, resp. Forward private.
Lemma .
Assume a correct and secure RFID protocol. If that protocol is Narrow-Weak private, resp. NarrowForward private, then it is Weak private, resp. Forward private.
e argument holding behind the proof of this theorem is that since the adversary knows whether a drawn tag is legitimate, she must be able to predict the outcome of a protocol sessionexecutedwithalegitimatetag. Ontheotherhand,securityguaranteesthatnoillegitimate tag gets authenticated by the reader, except with negligible probability. (Recall that an illegitimate tag is created by calling SetupTag so an adversary could just obtain a state by running this algorithm and simulating a tag with that state to the reader.) erefore, the R interface can be always simulated to the adversary by looking at whether a drawn tag is legitimate, in which case it replies with 1, and with 0 otherwise. Again, correctness ensures that the simulation in case of success is perfect while using an hybrid argument in conjonction with security guarantees that the simulation in case of failure of one protocol instance is computationally indistinguishable from R ’s answers.
Interestingly, this result does not apply to Destructive and Strong adversaries. at is because through tag tampering, these type of adversaries get the ability to simulate a potentially legitimate tag that passes authentication. However, from the blinder point of view, no message was forwarded from a tag to a reader. In some sense, the blinder would need to be able
. ’
|
|
to deduce the ID of any identi ed tag. Unfortunately, this is not realizable if the protocol guarantees Destructive privacy. For instance, the protocol described in Section . . and depicted in Figure . is correct, secure and proven to be Narrow-Strong private while not being Destructive private.
. . e Impossibility of Strong Privacy
e most severe drawback of Vaudenay’s privacy model is probably its impossibility of achieving Strong privacy. For a better understanding of the solution we propose later, we detail the proof of this result here.
e source of the impossibility result comes from the incompatibility of Narrow-Strong and Destructive privacy. At a rst glance, Destructive privacy may seem to be equivalent to Forward privacy if the state of tags are (at least computationally) independent, i.e., the probability of guessing a tag state is unchanged if the algorithm is given another tag state. However, Vaudenay’s de nitions are made such that a corruption gives a Destructive adversary the ability to compute protocol messages that lead to a successful outcome for the reader (despite the fact that in Destructive privacy a tag does not exist a er corruption). For a scheme that meets this level of privacy, there should exist a blinder that successfully predict the outcome of that session. However, it turns out that constructing a blinder that can deduce the hidden actions of the adversary is not an easy task. (Up to date, there is no known instance of a Destructive private protocol.) Nevertheless, the existence of such a blinder for a protocol implies the existence of a signi cant Narrow-Strong adversary. erefore, achieving both Destructive and Narrow-Strong privacy at once is impossible.
More explicitly, let us consider a Destructive adversary A against an RFID scheme who createsonelegitimatetagandcorruptsit. enitpicksarandomstateandlaunchesaprotocol instance with the reader simulating either the legitimate tag or using the random state. In the end, the adversary outputs true if the reader accepts the instance. e following algorithm, written for the case of a two message protocol, describes A’s behavior.
: |
C T 1(ID0) |
: |
a S R ( ; ) |
|
: |
vtag |
D T (ID0) |
: |
Compute c, the answer of a tag with state |
: |
S0 |
C (vtag) |
|
Sb receiving challenge a and send it back |
: |
(S1; ) SetupTagpk(ID1) |
|
to the reader. |
|
: |
Choose b 2R f0; 1g |
: |
b′ R ( ) |
|
: |
|
L |
: |
Output b b′ |
On one hand, because of correctness, the R interface always answers with 1 when the adversary simulates the legitimate tag. In other words,
Pr[A ! 1jb = 0] = 1:
.
|
|
On the other hand, when the adversary simulates a tag with random state, then, due to security, the R interface outputs 1 with a negligible probability. Hence,
Pr[A ! 1jb = 1] = 1 negl(k):
Combining both probabilities, we deduce that
Pr[A ! 1] = 1 negl(k):
Since the protocol o ers Destructive privacy, there must exist a blinder B for the adversary A such that j Pr[A ! 1] Pr[AB ! 1]j is negligible. As it sees all the actions of A, this blinder gets a tag ID, ID0 along with its state S0, that is revealed by A’s corruption query and is asked to simulate two oracle queries, namely one S R query and oneR query. Hence, the blinder can be seen as a two-stage algorithm rst simulating a message from the reader then waiting for an answer from a tag a er which it computes the result of the protocol.
In the following, we are interested in the simulation of the R query. By correctly predicting the outcome of the protocol, the blinder acts as a distinguisher between a tag with known state and a random one who never uses the secret key of the reader. is means that for a Destructive private scheme, it must be possible to identify tags whose states are known a priori. However, this allows to construct a Narrow-Strong adversary A′ that uses that blinder toidentifyananonymoustagcommunicatingwiththereader. isadversaryworksasfollows.
: |
C T |
0 |
) |
: |
vtag |
D T (Pr[T |
1 |
|
|
|
(ID |
|
|
(vtag) = |
|||
: |
vtag0 |
D T (ID0) |
|
ID0] = Pr[T (vtag) = ID1] = 2 ) |
||||
: |
S0 |
C (vtag0) |
: |
Run B on input pk, ID0, S0 and get |
||||
: |
F (vtag0) |
|
|
|
S R message a for vtag. |
|||
: |
C T (ID1) |
: |
c SendTag(vtag; a) |
|
||||
: |
vtag1 |
D T (ID1) |
: |
Feed B with c and get its output b. |
||||
: |
S1 |
C (vtag1) |
: |
Get T and output T (vtag) = ID:b. |
||||
: |
F (vtag1) |
|
|
|
|
|
|
|
Clearly, we have that |
|
|
|
|
||||
|
Pr[A′ ! 1] = Pr[AB ! 1] = 1 |
negl: |
|
|
|
|||
However, predicting which tag has been drawn is impossible for any blinder who does not have access to the protocol messages. So, for every blinder B′, it must be that
Pr[A′B′ ! 1] = 12:
erefore, no Destructive private scheme is Narrow-Strong private. Since Strong privacy implies both notions together, it is impossible to achieve.
. ’
|
|
|
|
|
|
|
|
|
|
|
|
|
Tag |
|
System |
|
|
|
State: SID |
SID = KID |
Database: f: : : ; (ID; KID); : : : g |
|
|
|
a |
Choose a 2R f0; 1g /2 |
|
||
|
Choose b 2R f0; 1g /2 |
b;c |
Check that 9(ID; KID) 2 DB : FKID (a; b) = c |
|
|
|
c = FKID (a;!b) |
|
|||
|
|
|
|||
|
|
|
Output: ID or ? if not found |
|
|
Figure 8.2: A correct, secure, and Weak private RFID authentication protocol based on a pseudorandom function.
8.4Case Studies
issectionisdedicatedtopresentVaudenay’sRFIDprotocolsthatwereincludedin[Vau ]. Notice that all the proposed protocols consist of two messages, a challenge sent by the reader and an answer computed by the tag.
. . A Weak-Private Protocol om a PRF
e rst example given by Vaudenay concerns the achievability of Weak privacy by using a PRF. In the sequel, we let and be two polynomials functions over N and we assume a PRF F : f0; 1gk f0; 1g (k) ! f0; 1g (k). e protocol, depicted in Figure . , is described herea er.
Setup. Since the scheme does not use public-key cryptography, this algorithm is void and is never used.
SetupTag. To create a tag ID, pick a random k-bit key KID and set SID = KID. When the tag is legitimate, the entry (ID; KID) is put in the database.
Authentication. Tag authentication is performed by a challenge-response protocol which works as follow
–First, the reader picks a /2-bit string a and sends it to the tag.
– |
e latter also picks a random /2-bit string b and computes c = FSID (a b). e |
tag’s answer consists of b and c.
–Finally, the reader looks in its database for a pair (ID; KID) that satis es the equality c = FSID (a b) and outputs the corresponding ID. If no entry satis es this equality then the protocol ends in failure and the reader outputs 0.
We note that this protocol has been proposed by Feldhofer et al. [FDW ] with the PRF being instantiated by a block cipher.
eorem .
If F is a PRF, the abo e RFID scheme is correct, secure, and Weak private.
.
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
Tag |
|
System |
|
|
|
|
|
|
State: SID |
SID = KID |
Database: f: : : ; (ID; KID); : : : g |
|
|
||
|
|
|
a |
Choose a 2R f0; 1g |
|
|
|
|
|
|
|
c |
|
|
|
|
|
|
|
Compute c = G(SID !a) |
Check that 9(ID; KID) 2 DB; i 2 1; t : |
|||||
|
|
|
||||||
|
|
Update SID H(SID) |
|
G(Hi(KID) a) = c |
H |
i(K |
) |
|
|
|
|
|
If entry found, update KID |
J |
IDK |
||
Output: ID or ? if not found
Figure 8.3: A weakly correct, secure, and Narrow-Destructive private RFID authentication protocol in the random oracle model.
e proof of this theorem can be found in [Vau ].
. . Narrow-Destructive Privacy om the OSK Protocol
e next example we present is a modi ed version of the OSK protocol that includes a randomized challenge sent by the reader. We keep the previous notation and let and be two polynomials over N. e scheme further assumes the existence of one random function G : f0; 1gk f0; 1g (k) ! f0; 1g (k) and one random permutation H : f0; 1gk f0; 1gk, which will be modeled as random oracles. e protocol is shown in Figure . and described here.
Setup. e system does not use public-key cryptography, so this algorithm is void.
SetupTag. To create a tag ID, pick uniformly a k-bit key KID and set SID = KID. When the tag is legitimate, the entry (ID; KID) is put in the database.
Authentication. Tag authentication is performed by a challenge-response protocol which works as follow.
–First, the reader picks a -bit string a and sends it to the tag.
–e latter computes c = G(KID a) and replies with this value. In parallel, it updates its state by replacing KID by H(KID).
–Finally, given a xed threshold t, polynomial in the security parameter, the reader looksinitsdatabaseforapair(ID; KID) thatsatis estheequalityc = G(Hi(SID) a) for some i 2 J1; tK. Once the entry is found, the database entry is updated and KID is replaced by Gi(SID). e protocol instance yields ID. If no entry is found, the protocol ends in failure and the reader outputs ?.
eorem .
If 2 and 2 are negligible in the security parameter k, then the scheme depicted in Figure . describes a weakly correct, secure, and Narrow-Destructive private RFID scheme in the random oracle model.
. ’