Lightweight Privacy Preserving Authentication for RFID Using a Stream Cipher

Billet, Olivier; Etrog, Jonathan; Gilbert, Henri

doi:10.1007/978-3-642-13858-4_4

Cited by 30 publications

(28 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, we implicitly assume that the evaluation time of F is greater than the time needed to sample (n) random bits. 9 [9] only states, and proves, the adaptive case, but the very same lines also yields the non-adaptive case. 10 Recall that for a set S and an integer t, S ≤t denotes the set {s ∈ S * :…”

Section: Definition 28 (Pseudorandom Functions Secure Against Many-omentioning

confidence: 70%

See 1 more Smart Citation

Hardness Preserving Reductions via Cuckoo Hashing

Berman

Haitner

Komargodski

et al. 2013

Theory of Cryptography

View full text Add to dashboard Cite

The focus of this work is hardness-preserving transformations of somewhat limited pseudorandom functions families (PRFs) into ones with more versatile characteristics. Consider the problem of domain extension of pseudorandom functions: given a PRF that takes as input elements of some domain U, we would like to come up with a PRF over a larger domain. Can we do it with little work and without significantly impacting the security of the system? One approach is to first hash the larger domain into the smaller one and then apply the original PRF. Such a reduction, however, is vulnerable to a "birthday attack": after |U| queries to the resulting PRF, a collision (i.e., two distinct inputs having the same hash value) is very likely to occur. As a consequence, the resulting PRF is insecure against an attacker making this number of queries.In this work we show how to go beyond the aforementioned birthday attack barrier by replacing the above simple hashing approach with a variant of cuckoo hashing, a hashing paradigm that resolves collisions in a table by using two hash functions and two tables, cleverly assigning each element to one of the two tables. We use this approach to obtain: (i) a domain extension method that requires just two calls to the original PRF, can withstand as many queries as the original domain size, and has a distinguishing probability that is exponentially small in the amount of non-cryptographic work; and (ii) a security-preserving reduction from non-adaptive to adaptive PRFs.

show abstract

Section: Definition 28 (Pseudorandom Functions Secure Against Many-omentioning

confidence: 70%

“…Lemma 2.9 (cf., [9], Theorem 1). Let F = {F n : {0, 1} m(n) → {0, 1} (n) } n∈N be a function family ensemble.…”

Section: Definition 28 (Pseudorandom Functions Secure Against Many-omentioning

confidence: 98%

Hardness Preserving Reductions via Cuckoo Hashing

Berman

Haitner

Komargodski

et al. 2013

Theory of Cryptography

View full text Add to dashboard Cite

show abstract

“…Also note that the honest communication between the reader and tag must be executed after the anonymous communication phase is finished. Billet, Etrog and Gilbert formalized the forward privacy model such that the honest execution occurs before the anonymous communication [3]. However, their model is not achievable since such a honest execution is useless and does not prevent any of the attacks described in Section 4 (Specifically, their proposed protocol PEPS falls into a type 2a protocol and does not satisfy their privacy model).…”

Section: Definition 5 An Rfid Authentication Protocol π Satisfies Thmentioning

confidence: 99%

A Forward Privacy Model for RFID Authentication Protocols

Moriyama

Ohkubo

Matsuo

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper, we propose a new variant of indistinguishabilitybased security model for the RFID authentication protocol, which allows an adversary to obtain an authentication result and secret key of a target tag. Ng et al. showed that symmetric-key based RFID authentication protocols cannot be resilient to the above information leakage simultaneously in the Paise-Vaudenay security model. We review the existing result and extend the Juels-Weis security model to satisfy these properties by using a suitable restriction. Moreover, we give two example protocols that satisfy the modified security model.

show abstract

“…A , -secure PRNG represents that the output of this PRNG cannot be discriminated with a true random string in time with advantage at most . The PRNG can be implemented using stream ciphers such as those proposed in the STREAM project (Cid & Robshaw, 2009) and a secure stream cipher is seen as a PRF (Billet et al, 2010). Definition 3.…”

Section: Mathematical Definitions Definition 1 Lpn Problemmentioning

confidence: 99%

“…Ma et al (2009) prove that the unpredictable privacy notion (Ha et al, 2008) is stronger than the indistinguishable privacy notion (Juels & Weis, 2007), and that the unpredictable privacy notion is equivalent to a pseudo random function (PRF). It can be observed that the majority of existing forward privacy schemes (Ohkubo et al, 2003;Berbain et al, 2009;Billet et al, 2010) are based on the indistinguishable privacy notion, and the F-HB protocol is based on the unpredictable privacy notion. Scalability must also be considered in forward private protocols based on symmetric-key ciphers.…”

mentioning

confidence: 99%