Privacy-Preserving and Undeniable Authentication for Mobile RFID Tags

Radio Frequency IDentification (RFID) is a technology that has been widely employed in many applications requiring automatic object identification. Security and privacy are critical issues that must be addressed when the technology is deployed in security sensitive applications. The prior RFID protocols based on symmetric and asymmetric (or public) key cryptography have limitations in either security or practicality. In particular, public key based RFID protocols can achieve stronger security but are also more expensive in terms of the computation cost. In this paper, we propose a new public key based RFID protocol that incurs much less computation cost compared with the prior protocols. The novelty behind our protocol is to securely reuse public key operations across different sessions so that in most of the sessions only symmetric key operations are required. We show that our protocol can achieve mutual authentication, strong anonymity, forward privacy and non-deniability with low computation and communication cost.