Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2.2. Resistance to single member compromise<br />
key-tree should look like. In this chapter, I address this problem, and I show how to find optimal<br />
key-trees.<br />
In this chapter, after finding the optimal key-tree, I go further and I present a novel symmetrickey<br />
private authentication scheme that provides a higher level of privacy and achieves better<br />
efficiency than the key-tree based approach. This approach is called the group based approach.<br />
More precisely, the complexity of the group based scheme for the reader can be set to be O(log N)<br />
(i.e., the same as in the key-tree based approach), while the complexity for the tags is always a<br />
constant (in contrast to O(log N) of the key-tree based approach). Hence, the group based scheme<br />
is better than the key-tree based scheme both in terms of privacy and efficiency, and therefore, it<br />
is a serious alternative to the key-tree based scheme to be considered by the RFID community.<br />
More precisely, the main contributions are the following:<br />
I propose a benchmark metric for measuring the resistance of the system to a single compromised<br />
member based on the concept of anonymity sets. To the best of my knowledge,<br />
anonymity sets have not been used in the context of private authentication yet. I prove that<br />
this simply defined metric is equivalent to a metric widely used in cryptography with a much<br />
more complex definition. The real contribution of the metric, is that its definition simplifies<br />
the usage of the metric without losing any details of the more complex metric.<br />
I introduce the idea of using different branching factors at different levels of the key-tree;<br />
the advantage is that the system’s resistance to single member compromise can be increased<br />
while still keeping the authentication delay short. To the best of my knowledge, key-trees<br />
with variable branching factors have not been proposed yet for private authentication.<br />
I present an algorithm for determining the optimal parameters of the key-tree, where optimal<br />
means that resistance to single member compromise is maximized, while the authentication<br />
delay is kept below a predefined threshold.<br />
In the general case, when any member can be compromised, I give a lower bound on the<br />
level of privacy provided by the system, and present some simulation results that show that<br />
this lower bound is quite sharp. This allows me to compare different systems based on their<br />
lower bounds.<br />
I introduce a group based approach, which is superior to the tree-based approach in many<br />
properties.<br />
In summary, I propose practically usable techniques for designers of RFID based authentication<br />
systems.<br />
The outline of the chapter is the following: in Section 2.2, I introduce my benchmark metric<br />
to measure the level of privacy provided by key-tree or group based authentication systems, and<br />
I illustrate, through an example, how this metric can be used to compare systems with different<br />
parameters. By the same token, I also show that key-trees with variable branching factors can be<br />
better than key-trees with a constant branching factor at every level. In Section 2.3, I formulate<br />
the problem of finding the best key-tree with respect to my benchmark metric as an optimization<br />
problem, and I present an algorithm that solves that optimization problem. In Section 2.4, I<br />
consider the general case, when any number of members can be compromised, and I derive a useful<br />
lower bound on the level of privacy provided by the system. After finding the optimal key-tree, I<br />
describe the operation of my group based scheme in Section 2.5, and I quantify the level of privacy<br />
that it provides in Section 2.6. I compare the group based scheme to the key-tree based approach<br />
in Section 2.7. Finally, in Section 2.8, I report on some related work, and in Section 2.9, I conclude<br />
the chapter.<br />
2.2 Resistance to single member compromise<br />
There are different ways to measure the level of anonymity provided by a system [Diaz et al., 2002;<br />
Serjantov and Danezis, 2003]. Here the concept of anonymity sets [Chaum, 1988] is used. The<br />
11