Towards a practical solution to the RFID desynchronization problem

Abstract

Even though RFID technology has expanded enormously, this expansion has been hindered by privacy concerns. In order to prevent an adversary from tracking RFID tags and thus breaking location privacy, tags have to update their internal state with every authentication attempt. Although this technique solves the privacy problem, it has the side effect that tags and back office might desynchronize. This desynchronization can be caused by physical conditions or by adversarial intervention. If we look at consumer product identification, RFID labels and barcodes are bound to coexist for quite some time. In this paper we exploit this coexistence to reduce the workload at the reader/backoffice and allow re-synchronization. Concretely, we propose an authentication protocol that achieves correctness, forward-privacy under mild additional assumptions and synchronization in the random oracle model. © 2010 Springer-Verlag.