There are many researches proposed different schemes to protect user privacy for RFID. This section introduces those previous works on RFID privacy issues. We also discuss the advantages and disadvantages of those previous works.
To evaluate those previous work, there are some security requirements should be sufficed. Such as encrypted information for data confidentiality, dynamic output of tag against tracking, forward security, and mechanisms to distinguish spoofed and replay messages. Furthermore, because low-cost RFID tags are not tamper-resistant, the scheme should be secure even if attackers compromise some tags in the system. And the other legitimate tags should still work under the protection of all security
requirements talked previously.
The previous work on RFID privacy issues can be classified into hash-based authentication schemes, key-based authentication schemes, encryption-based schemes, dynamic identity schemes, and deactivation approaches.
2.1. Hash-Based Authentication Schemes
In these schemes, the authors assume that the channel from reader to tag is easily eavesdropped, and the channel from tag to reader is hard eavesdropped due to the different power of radio frequency signal. However, attackers within the transmission range of tag still can sniff the message between tags and readers.
2.1.1. Hash Lock Scheme
The authors proposed an access control mechanism for RFID [12]. Each tag stores a hash value of a random key called metaID. The back-end database stores random keys and corresponding metaID of each tag in this system. A tag responses its metaID as a challenge, and the reader asks the back-end database for the appropriate key for response, the tag then make the hash value of this key and compares it to its metaID, if the values are the same, the tag thinks the reader is legitimate and replies its identity to the reader.
This scheme is feasible for low-cost RFID tag, since only one hash function needed. However, it can not resist replay attacks if attackers sniff the message
between tags and readers. Furthermore, due to the fixed metaID, the location privacy is not protected. Attackers can easily recognize the output from the same tag and track the tag. And there is no mechanism to protect the RFID system against spoofing.
2.1.2. Randomized Hash Lock Scheme
When a tag is queried by a reader, the tag responses a random number and the hashed value of its identity concatenated with the random number [12]. After the reader forwards this message to the backend database, the database makes the hash value of identity of each tag concatenated with the random number to find the appropriate identity of the tag.
This scheme improved the tracking problem of hash lock scheme, but due to the exhaustive search in the backend database, the scalability of this scheme is limited.
And there is no mechanism to distinguish spoofing.
2.2. Key-Based Authentication Schemes
These schemes assume all tags in same system share a symmetric secrete key with the back-end database [4] [9]. Before reading, tags make challenge messages to the reader. Only those who have the shared key can make a valid response message and pass the authentication. However, Low-cost RFID tags are not tamper-resistant, attackers can get the shared key on the tag by physical analysis. Beside, there is no key management mechanism for RFID system. If the shared key is compromised by attackers, change the shared key for tags is not practical. Thus attackers can break the whole system by compromising only one tag.
2.3. Encryption-Based Schemes
Encrypting the identity of tag by symmetric or asymmetric cryptography protects the data confidentiality. However, the low-cost tag can not afford encryption
algorithms such as DES, AES, and RSA. Those schemes use external devices to compute ciphertexts and write back to tags.
2.3.1. Anonymous ID Scheme
To protect the data privacy, the tags of this scheme store encrypted identity instead of real one [13] [14]. The tags response its encrypted identity to the reader while being read. To get the real identity of a tag, the back-end database decrypts the encrypted identity.
The encrypted identity can protect the data privacy. But the encrypted identity is fixed, adversaries can still track the individual, and the location privacy cannot be
protected.
2.3.2. External Re-encryption Scheme
In this scheme [17], the tag stores the identity encrypted by public key
cryptography. After each read operation, the reader re-encrypts the real identity of the tag into different ciphertext and writes it back to the tag. This scheme protects data privacy and makes stronger protection of location privacy. But the encrypted identity is still fixed. Before the identity of the tag is re-encrypted, adversaries can track the individual.
2.4. Dynamic Identity Schemes
It is very hard to protect the location privacy if a tag always sends fixed output to readers. Some people proposed schemes to make the output of tags dynamic. Hash functions are practical for low-cost RFID tags. They require fewer gates to implement than general cryptographies. There are two kinds of hash based schemes. One requires the information on tags and on the database to be synchronous, while the other does not.
2.4.1. Asynchronous Identity Scheme
In this scheme, two different hash functions G and H are used [1]. Every time being queried by a reader, the tag puts its original identity as the input of the hash function G to generate its new identity, and then puts its new identity as the input of the hash function H to generate the output which sent to the reader. And finally stores
the new identity as the original identity.
To recognize the identity of the tag, the database stores the initial identity of each tag in the system. After the reader sends an output to the database, the database hashes every initial identity with hash function G and H iteratively to find the initial identity of the tag.
The scheme resolves the tracking problem and also protects the data privacy.
However, to recognize the identity of tags, the database has to perform an exhaustive search, thus the scope of this scheme is limited. To enlarge the scope of this scheme, some people used time-memory trade-off to reduce the search complexity on the database side [3]. But when the scope keeps growing, the benefit from time-memory trade-off is still limited. Moreover, there is no mechanism to verify spoofing message, attackers could sends fake messages to burden the back-end database, and attackers could keep reading the same tag to make the identity change, which makes the tag hard to be recognized in the database.
2.4.2. Synchronous Identity Schemes
To void the search overhead on the database side, these schemes require the identity of tags and the database to be synchronous [6] [8] [9]. The tag of this scheme sends the hash value of its real identity to the reader instead of its real identity. After each reading operation, the database sends an update message to the tag. The tag updates its identity according to the message.
The hash value protects the database confidentiality. However, if the update message is missed, the identity of the tag will not be updated, which might result in the asynchronous status between the tag and the database. And before next identity update, fixed hash value of identity fail to protect the tag against tracking.
2.5. Other Approaches
There are other approaches to resolve privacy issues. We show them here
2.5.1. Kill Command Feature
Propose by EPCglobal and has been ratified [2]. The tag has a kill password to make itself permanent disable, and afterward the tag won’t response to any query.
Although the privacy problem can be resolved completely by this way, but since users cannot benefit from RFID after killing the tag, this method is not suggested.
2.5.2. Blocker Tags Scheme
This scheme doesn’t enhance the communication process between tags and readers [11]. The main idea is to interfere with the communication if protected tags are being read. A blocker tag is such a device to interfere with the tree-walking protocol.
The serial numbers of protected tags are given to the blocker tag in advanced.
When the reader makes an interrogation to singular the protected tags via tree-walking protocol, the blocker tag also responses to interfere with the output of protected tags.
In this way, the reader cannot read the protected tags.
However, this scheme is limited, because blocker tags cannot protect protected tags while out of the transmission rang.