Date Added: Aug 2009
RFID-based access control solutions for mobile environments, e.g. ticketing systems for sport events, commonly rely on readers that are not continuously connected to the back-end system. The readers must so be able to perform their tasks even in offline mode, what commonly requires the management by the readers of sensitive data. The paper stresses the problem of compromised readers and its impact in practice. The paper provides a thorough review of the existing authentication protocols faced to this constraint, and extend the analysis with the privacy property. The paper shows that none of the reviewed protocols fits the required properties in case of compromised readers. The paper then designs a sporadically-online solution that meets the expectations in terms of both security and privacy.