Mutual Authentication in RFID

In RFID protocols, tags identify and authenticate themselves to readers. At Asiacrypt 2007, Vaudenay studied security and privacy models for these protocols. The paper extends this model to protocols which offer reader authentication to tags. Whenever corruption is allowed, the paper proves that secure protocols cannot protect privacy unless one assumes tags have a temporary memory which vanishes by itself. Under this assumption, the paper studies several protocols. The paper enriches a few basic protocols to get secure mutual authentication RFID protocols which achieve weak privacy based on pseudorandom functions only, narrow-destructive privacy based on random oracles, and narrow-strong and forward privacy based on public-key cryptography.