Privacy and Reader-first Authentication in Vaudenay's RFID Model with Temporary State Disclosure

Abstract

Privacy and mutual authentication under corruption with temporary state disclosure are two significant requirements for real-life applications of RFID schemes. This paper proposes two practical RFID schemes that meet these requirements. They differ from other similar schemes in that they provide reader-first authentication. Regarding privacy, our first scheme achieves destructive privacy, while the second one - narrow destructive privacy in Vaudenay's model with temporary state disclosure. To achieve these privacy levels, we use Physically Unclonable Functions (PUFs) to assure that the internal secret of the tag remains hidden from an adversary with invasive capabilities. Both of our schemes avoid the use of random generators on tags. Detailed security and privacy proofs are provided.