rfid security issues
TRANSCRIPT
-
8/12/2019 RFID Security Issues
1/50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Lecture April 11th, 2005
RFID Security Issues
Gildas Avoine
Lecture Selected Topics on Security and Cryptography
EPFL, Lausanne, Switzerland
April 2005
(Pictures and videos have been removed from this downloadable version)
CO LE PO LY TECH N IQ U EFDRALE DE LAUSANNE
Gildas Avoine RFID Security Issues 1 / 50
-
8/12/2019 RFID Security Issues
2/50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Boom of the RFID Technology
Google outputs10800000links related to RFID.
More than 40 research papers related to security in RFIDsystems published between 2002 and 2005.
In 2004, Kevin Ashton, Co-founder of the Auto-ID Center,predicted that more thanhalf trilliontags would be consumedannually by 2010.
Every magazine or daily newspaper publishes articles on RFIDtechnology.
Gildas Avoine RFID Security Issues 2 / 50
-
8/12/2019 RFID Security Issues
3/50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
RFID in the press
(Pictures and videos have been removed from this downloadable version)
Gildas Avoine RFID Security Issues 3 / 50
-
8/12/2019 RFID Security Issues
4/50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
First Questions
Who knows precisely what is the RFID technology?
What is the goal of the RFID technology?
Is it a new technology?
What are the capabilities of this technology?
What is the link between RFID and security?
What about privacy?
Gildas Avoine RFID Security Issues 4 / 50
Ch 1 RFID P i
-
8/12/2019 RFID Security Issues
5/50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Outline
Chapter 1: RFID Primer
Chapter 2: Classical Security Issues
Chapter 3: Privacy Issues
Chapter 4: Adversarial Model
Gildas Avoine RFID Security Issues 5 / 50
Ch t 1 RFID P i
-
8/12/2019 RFID Security Issues
6/50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Chapter 1: RFID Primer
Gildas Avoine RFID Security Issues 6 / 50
Chapter 1: RFID Primer
-
8/12/2019 RFID Security Issues
7/50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
RFID Systems
Radio Frequency Identification: Identification of objects remotelyby embedding in these objects tiny devices (tags) capable of trans-mitting data.
reader
tag
tag
tag
tag
tag
database
Security analysis considerdatabaseandreaderas a unique entity.
Gildas Avoine RFID Security Issues 7 / 50
Chapter 1: RFID Primer
-
8/12/2019 RFID Security Issues
8/50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Current Trend
The RFID technology is not new e.g. military applications (fromseveral decades),commercial applications(from several years).
communication distance
computation
storage
symmetric
asymmetric
nothin
g
xor
verycheaptag
scheap
tags
The boom which RFID technology is enjoying today relies essen-tially on the willingness to developsmallandcheapRFID tags.
Gildas Avoine RFID Security Issues 8 / 50
Chapter 1: RFID Primer
-
8/12/2019 RFID Security Issues
9/50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
General Sketch
Most of the RFID protocols rely on a 3-round protocol.
request
TagSystem
information to identify the tag
additional message
Gildas Avoine RFID Security Issues 9 / 50
Chapter 1: RFID Primer
-
8/12/2019 RFID Security Issues
10/50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
RFID Characteristics
Frequency
Extremely limited storage and computation capabilities
No battery
Not tamper-resistant
Low cost
Gildas Avoine RFID Security Issues 10 / 50
Chapter 1: RFID Primer
-
8/12/2019 RFID Security Issues
11/50
C pChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Existing Tags
(Pictures and videos have been removed from this downloadable version)
Gildas Avoine RFID Security Issues 11 / 50
Chapter 1: RFID Primer
-
8/12/2019 RFID Security Issues
12/50
pChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Applications
Management of stocks (Wal-Mart, Gillette, etc.)
Libraries (Santa Clara Library, University of Nevada, etc.)
Anti-counterfeiting
Pets identificationRecycling
Sensor networks (Michelins tyres, etc.)
Automobile ignition keys (Texas Instruments, etc.)
Localization of people (Amusement parks, etc.)
Gildas Avoine RFID Security Issues 12 / 50
Chapter 1: RFID Primer
-
8/12/2019 RFID Security Issues
13/50
Chapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Authentication vs identification
Authentication: we want to be sure that we speak with the correctparty (proof required)
Identification: we want to know with who we speak (no proof re-quired)
Gildas Avoine RFID Security Issues 13 / 50
Chapter 1: RFID PrimerC 2 C S
-
8/12/2019 RFID Security Issues
14/50
Chapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Chapter 2: Classical Security Issues
Gildas Avoine RFID Security Issues 14 / 50
Chapter 1: RFID PrimerCh t 2 Cl i l S it I /
-
8/12/2019 RFID Security Issues
15/50
Chapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Security Threat 1/5
Physical denial of service: the attacker interferes on the frequencyband.
reader
Gildas Avoine RFID Security Issues 15 / 50
Chapter 1: RFID PrimerCha ter 2: Classical Sec rity Iss es
-
8/12/2019 RFID Security Issues
16/50
Chapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Communication Model
physical
application
session
network
data link
presentation
transport
physical
application
communication
OSI RFID
Gildas Avoine RFID Security Issues 16 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues S i Th 2/5
-
8/12/2019 RFID Security Issues
17/50
Chapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Security Threat 2/5
Denial of service in the communication layer:
reader
Who are you?0101
0100
1101
0111
1001
The computational power of the tags is very limited and they areunable to communicate with each other:
the reader must deal with the collision avoidance itself.
Gildas Avoine RFID Security Issues 17 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
P b bili i C lli i A id
-
8/12/2019 RFID Security Issues
18/50
Chapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Probabilistic Collision Avoidance
The access to the communication channel is split into timeslots (slotted Aloha).
The number of slots is chosen by the reader which informs thetags they will have n slots to answer.
Each tag randomly chooses one slot among the n and respondswhen its slot arrives.
Collisions can occur.
In order to recover the missing information, the reader interro-
gates the tags one more time, possibly with a larger n.
Gildas Avoine RFID Security Issues 18 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
D i i i C lli i A id
-
8/12/2019 RFID Security Issues
19/50
Chapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Deterministic Collision Avoidance
Deterministic protocols are based on a binary tree search which
represents the identifiers of the tags.
0 1
1010
0 1
1010
0 1
10101010
0 1 0 1
0 1
0 1
An attacker can simulate the whole tree. Blocker tags [JRS03]usethis technique to enforce privacy.
Gildas Avoine RFID Security Issues 19 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues Security Threat 3/5
-
8/12/2019 RFID Security Issues
20/50
Chapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Security Threat 3/5
Destruction of tags: physical destruction, kill key, etc.
reader
Gildas Avoine RFID Security Issues 20 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues Security Threat 4/5
-
8/12/2019 RFID Security Issues
21/50
p yChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Security Threat 4/5
Hiding the tags: Faraday cage, sleep key, etc.
reader
Gildas Avoine RFID Security Issues 21 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues Security Threat 5/5
-
8/12/2019 RFID Security Issues
22/50
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Security Threat 5/5
Impersonation of tags:
request
TagSystem
information to identify the tag
additional message
Easy if the information sent by the tag isstatic. Require totamperwiththe tag otherwise.
Gildas Avoine RFID Security Issues 22 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues Example of Practical Attack 1/2
-
8/12/2019 RFID Security Issues
23/50
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Example of Practical Attack 1/2
Attack of Bono et al. [BGSJRS05] against the Digital SignatureTransponder manufactured by Texas Instrument, used in automobileignition key (there exist more than130 millionssuch keys).
Key (RFID)Carr
kE (r)
Cipher (not public) uses 40 bit keys: active attack in less than 1minute(time-memory trade-offs)
Gildas Avoine RFID Security Issues 23 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Ch 3 P i I Example of Practical Attack 2/2
-
8/12/2019 RFID Security Issues
24/50
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Example of Practical Attack 2/2
(Pictures and videos have been removed from this downloadable version)
Gildas Avoine RFID Security Issues 24 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Ch t 3 P i I Moral of the Story
-
8/12/2019 RFID Security Issues
25/50
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Moral of the Story
Cheap RFID tags (which are not tamper-resistant) are not suitedto authentication! Strong security has a cost!
Marketing pressure implies trade-off between security and cost.
Ratio cost / benefit e.g. we can not use a unique key in all the tagsbecause the cost is negligible compared with the benefit.
Gildas Avoine RFID Security Issues 25 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy Issues
-
8/12/2019 RFID Security Issues
26/50
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Chapter 3: Privacy Issues
Gildas Avoine RFID Security Issues 26 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy Issues Threats on the Tags Bearers
-
8/12/2019 RFID Security Issues
27/50
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
eats o t e ag s ea e s
Privacy
Information Traceabilityleakage
Information leakage: The tag reveals some information related tothe object holder.
Traceability: An adversary could track the tag, and therefore itsbearer.
Gildas Avoine RFID Security Issues 27 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy Issues Privacy
-
8/12/2019 RFID Security Issues
28/50
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
y
Easier to track with RFID than other technologies
e.g. video, credit cards, GSM.Tags cannot beswitched-off
Tags can be almostinvisible
Easy toanalyze the logsof the readers (e.g. data mining)
Increasing of thecommunication range
Companies suffer from boycott campaigns
Gildas Avoine RFID Security Issues 28 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy Issues Solutions
-
8/12/2019 RFID Security Issues
29/50
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Physical solutionse.g. Faraday cages, blocker tags, kill the
tag
Software solutionsbased on Cryptographic protocols
How designing an RFID protocol such that only anauthorized party is able toidentifya tag while an ad-versary is not able totrackit?
Gildas Avoine RFID Security Issues 29 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy Issues Protocols Sketches
-
8/12/2019 RFID Security Issues
30/50
p yChapter 4: Adversarial Model
Protocols forvery cheaptags
nocryptographic function in the tags (only xor)
Protocols forcheaptags
symmetriccryptographic functions in the tags
Gildas Avoine RFID Security Issues 30 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy Issues Very Cheap Tags
-
8/12/2019 RFID Security Issues
31/50
p yChapter 4: Adversarial Model
request
TagSystem
information to identify the tag
information to refresh the identifier
The information must be indistinguishable from a random valueThe information need to be refreshed each time the tag is
requestedAll these (analyzed) protocols suffer from weaknesses
Gildas Avoine RFID Security Issues 31 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy Issues Example of weak protocol
-
8/12/2019 RFID Security Issues
32/50
Chapter 4: Adversarial Model
[GJJS04]based on a universal re-encryptionscheme i.e. a scheme
where re-encryptions of a messagemare performed neither requiringnor yielding knowledge of the public key.LetEbe the ElGamal encryption scheme, and Ube the correspond-ing re-encryption scheme, we have U(m) := [E(m); E(1G)]. Let qbe the order ofG, and ga generator.
Key generation: private key x Zand public key y=gx.
Encryption: let (r0, r1) be a random element picked in Z2q.
U(m) = [(0, 0); (1, 1)] = [(myr0 , gr0 ); (yr1 , gr1 )].
Decryption: given the ciphertext [(0, 0); (1, 1)], if
0,0,1,1 Gand 1/x1 = 1, then the plaintext is 0/x0 .
Re-encryption: let (r0, r1) be a random element picked in Z
2q.
The re-encrypted value of a ciphertext [(0, 0); (1, 1)] is
[(0r01, 0
r01); (
r11,
r11)].
Gildas Avoine RFID Security Issues 32 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesCh 4 Ad i l M d l
Protocol
-
8/12/2019 RFID Security Issues
33/50
Chapter 4: Adversarial Model
request
System Tag
[(0, 0); (1, 1)]
[(0r01 , 0
r01 ); (
r11 ,
r11 )]
If an attacker sends a fake re-encrypted identifier to the tag, thedatabase will not be able to identify the tag in the future.
[GJJS04] claims that this attack does not allow the tag to betraced, at the most it will harm the normal functioning of thesystem.
Attacks in[SRS04]and[Avo05].
Gildas Avoine RFID Security Issues 33 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesCh t 4 Ad i l M d l
Cheap Tags
-
8/12/2019 RFID Security Issues
34/50
Chapter 4: Adversarial Model
System
request
Tag
kE (r), r
The key k is the identifier of the tag. The second message mustbe indistinguishable (by an attacker) from a random value. Thusthe protocol can be proven to be secure.
The main difference with well-known authentication protocols is
that the system does not know with which party it speaks with andtherefore does not know which key k it should use.
The system carries out an exhaustive search over all the symmetrickeys it stores.
Gildas Avoine RFID Security Issues 34 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
First Issue: Past Events
-
8/12/2019 RFID Security Issues
35/50
Chapter 4: Adversarial Model
Problem: If an attacker is able to tamper with the tag, she can
track its past events.
Exercise: Propose a protocol which thwarts this problem. Insteadof using an encryption function, use hash chains.
Gildas Avoine RFID Security Issues 35 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Second Issue: Complexity
-
8/12/2019 RFID Security Issues
36/50
Chapter 4: Adversarial Model
System
request
Tag
kE (r), r
We assume that the system manages n tags.k is the same for all tag:
To identify one tag: O(1)
kis different for each tag:
To identify one tag: O(n)
To identify the whole system i.e. n tags: O(n2)
Gildas Avoine RFID Security Issues 36 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Complexity Improvements
-
8/12/2019 RFID Security Issues
37/50
Chapter 4: Adversarial Model
[OSK04]degrades the privacy compared with[OSK03]: if an
attacker can tamper with the tag, she can track (a givennumber of) its past events.
[AO05] improved[OSK03]: it does not degrade privacy but
requires memory and pre-computations.
[MW04]reduces the complexity of the identification of onetag from O(n) to O(log n)but...
Gildas Avoine RFID Security Issues 37 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Molnar and Wagner
-
8/12/2019 RFID Security Issues
38/50
Chapter 4: Adversarial Model
ID2ID1
ID5
ID7
ID3 ID4
ID6
Identification of one tag: O(log n) requests, O(log n) identifiersstored in the tag, O(log n)decryptions.
Gildas Avoine RFID Security Issues 38 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Molnar and Wagner
-
8/12/2019 RFID Security Issues
39/50
C apte : Adve sa a ode
Exercise:
1 Why can we say that this technique degrades the privacy?
2 How can an attacker track tags probabilistically?
Gildas Avoine RFID Security Issues 39 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
-
8/12/2019 RFID Security Issues
40/50
p
Chapter 4: Adversarial Model
Gildas Avoine RFID Security Issues 40 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Modeling the System
-
8/12/2019 RFID Security Issues
41/50
reader
tag
tag
tag
tag
tag
database
The sources of information which can benefit an adversary are lim-ited to the channels between the reader and the tag i.e., forwardchannelandbackward channel, as well as the contents of themem-ory of the tag.
Gildas Avoine RFID Security Issues 41 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Information Channels
-
8/12/2019 RFID Security Issues
42/50
Backward Channel
Forward Channel
Reader Adversary Tag
Memory Channel
Gildas Avoine RFID Security Issues 42 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Means of the Adversary
-
8/12/2019 RFID Security Issues
43/50
Query(iT,m): A requestsTthrough the forward channel and
sending him the message m after having received its answer.Send(jR,m): Asends the message m to R through the back-ward channel and receiving its answer.
Execute(iT, jR): A executes an instance ofP betweenT and
R, obtaining so the messages exchanged on both the forwardand the backward channels.Reveal(iT): Aobtains the content ofTs memory channel.
Reader
information
data to refresh the information
Tag
request
Gildas Avoine RFID Security Issues 43 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Goal of the Adversary
-
8/12/2019 RFID Security Issues
44/50
After having interacted with a target tag Tand possibly some read-ers and thus obtaining aninteractionI(T), an adversary Aneedsto find his target among two tags T1 and T2 which are presentedto him. In order to do this, he can query both T1 and T2, thusobtaining two interactions I1 (T1) and I2 (T2).
T2T1
R
A outputs T {T1, T2}
I1 (T1)
{S}
I2 (T2)
{Q, E, R}TinteractionI(T)
Gildas Avoine RFID Security Issues 44 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Advantage
-
8/12/2019 RFID Security Issues
45/50
Theadvantageof the adversary for a given protocol P is:
AdvUNTP (A)= 2 Pr(T =T) 1
IfAs advantage is negligible,Pis said to beUNT-Osecure, whereO {Q, S,E,R}.
Gildas Avoine RFID Security Issues 45 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security IssuesChapter 3: Privacy Issues
Chapter 4: Adversarial Model
Relations
-
8/12/2019 RFID Security Issues
46/50
One can mix and match thegoals {Existential-UNT, Forward-UNT,Universal-UNT} of the adversary and hismeans O {Q,S, E,R}.
(O,O {Q,S, E,R},O O) = (UNT-O UNT-O)
Existential-UNT Forward-UNT
Universal-UNT
UNT-QSER
UNT-QSE
UNT-E
UNT-Q
Gildas Avoine RFID Security Issues 46 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Results
-
8/12/2019 RFID Security Issues
47/50
Protocol is is not
Golle et al. Existential-UNT-Q
Existential-UNT-E
Saito et al. Existential-UNT-Q
Saito et al., reloaded Universal-UNT-QS
Henrici and Muller Existential-UNT-Q
Universal-UNT-QE
Weis et al. Existential-UNT-QSE Forward-UNT-QSER
Ohkubo et al. Existential-UNT-QSE
Forward-UNT-QSER
Gildas Avoine RFID Security Issues 47 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
-
8/12/2019 RFID Security Issues
48/50
Conclusion
Gildas Avoine RFID Security Issues 48 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Current Works
-
8/12/2019 RFID Security Issues
49/50
Design of not too bad RFID protocols suited to very cheaptags.
Reduction of the complexity of the RFID protocols suited tocheap tags.
Formalization of the notion ofprivacy.
Gildas Avoine RFID Security Issues 49 / 50
Chapter 1: RFID PrimerChapter 2: Classical Security Issues
Chapter 3: Privacy IssuesChapter 4: Adversarial Model
Further Readings
-
8/12/2019 RFID Security Issues
50/50
Sanjay Sarma, Stephen Weis, and Daniel Engels. RFIDsystems and security and privacy implications.
David Molnar and David Wagner. Privacy and Security inLibrary RFID: Issues, Practices, and Architectures.
Miyako Ohkubo, Koutarou Suzuki, and Shingo Kinoshita.Cryptographic Approach to Privacy-Friendly Tags.
Gildas Avoine. Adversarial Model for Radio Frequency Identi-
fication.
http://lasecwww.epfl.ch/gavoine/rfid/
Gildas Avoine RFID Security Issues 50 / 50
http://lasecwww.epfl.ch/~gavoine/rfid/http://lasecwww.epfl.ch/~gavoine/rfid/http://lasecwww.epfl.ch/~gavoine/rfid/http://lasecwww.epfl.ch/~gavoine/rfid/