Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems
The objective of private authentication for Radio Frequency IDentification (RFID) systems is to allow valid readers to explicitly authenticate their dominated tags without leaking the private information of tags. In previous designs, the RFID tags issue encrypted authentication messages to the RFID reader, and the reader searches the key space to identify the tags. Without key-updating, those schemes are vulnerable to many active attacks, especially the compromising attack. The authors propose a strong and lightweight RFID private authentication protocol, SPA. By designing a novel key-updating method, they achieve the forward secrecy in SPA with an efficient key search algorithm. They also show that, compared with existing designs, (SPA) is able to effectively defend against both passive and active attacks, including compromising attacks.