RFID-enabled Extensible Authentication Framework and Its ...
RFID-enabled Extensible Authentication Framework and Its ...
RFID-enabled Extensible Authentication Framework and Its ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
• Desynchronization: When R authenticates T using an authen-<br />
tication scheme whose identification information should be up-<br />
dated, A can desynchronize identification information between T<br />
<strong>and</strong> DB. As a result, A can make T unidentifiable.<br />
• ID Exposure: When R authenticates T , IDT can be exposed to<br />
A by A’s eavesdropping.<br />
• Traceability: If a specific T is distinguishable from other tags by<br />
eavesdropping or active querying, A can trace T , <strong>and</strong> O’s privacy<br />
is violated.<br />
2.2 <strong>RFID</strong> Application Requirements<br />
Phillips et al. [15] categorized <strong>RFID</strong> systems into three applications as<br />
shown in Table 2.1. Logistical applications are the <strong>RFID</strong> applications<br />
used for inventorying <strong>and</strong> tracking products in supply chains. Because<br />
the products are required to be rather tracked <strong>and</strong> physically secured,<br />
strong authentication mechanisms in <strong>RFID</strong> systems are not necessar-<br />
ily required. Low-latency, high potential read rates <strong>and</strong> bulk-reading<br />
capabilities are much more important.<br />
On the other h<strong>and</strong>, consumer applications need to protect con-<br />
sumers’ privacy. When an unauthorized person or a device tries to<br />
access a smart card, an electronic passport, or a consumer’s belongings,<br />
a certain level of authentication is required to protect privacy.<br />
Vertical applications are somewhere between logistical applications<br />
<strong>and</strong> consumer applications <strong>and</strong> require specific security features accord-<br />
ing to their goals. For example, <strong>RFID</strong>-<strong>enabled</strong> banknotes [18] require<br />
limited access control to protect consumers’ privacy <strong>and</strong> tracking capa-<br />
bilities to monitor illegal transactions as well.<br />
7