Readers Behaving Badly: Reader Revocation in PKI-Based RFID Systems

Rishab Nithyanand; Gene Tsudik; Ersin Uzun

doi:10.1007/978-3-642-15497-3_2

Back

Readers Behaving Badly: Reader Revocation in PKI-Based RFID Systems

Book chapter

Open access

Readers Behaving Badly: Reader Revocation in PKI-Based RFID Systems

Rishab Nithyanand, Gene Tsudik and Ersin Uzun

Computer Security – ESORICS 2010, pp.19-36

Lecture Notes in Computer Science, Springer Berlin Heidelberg

2010

DOI: 10.1007/978-3-642-15497-3_2

Files and links (1)

url

https://doi.org/10.1007/978-3-642-15497-3_2View

Published (Version of record) Open Access

Abstract

Recent emergence of RFID tags capable of performing public key operations motivates new RFID applications, including electronic travel documents, identification cards and payment instruments. In this context, public key certificates form the cornerstone of the overall system security. In this paper, we argue that one of the prominent challenges is how to handle revocation and expiration checking of RFID reader certificates. This is an important issue considering that these high-end RFID tags are geared for applications such as e-documents and contactless payment instruments. Furthermore, the problem is unique to public key-based RFID systems, since a passive RFID tag has no clock and thus cannot use (time-based) off-line methods. In this paper, we address the problem of reader certificate expiration and revocation in PKI-Based RFID systems. We begin by observing an important distinguishing feature of personal RFID tags used in authentication, access control or payment applications – the involvement of a human user. We take advantage of the user’s awareness and presence to construct a simple, efficient, secure and (most importantly) feasible solution. We evaluate the usability and practical security of our solution via user studies and discuss its feasibility.

Payment Instrument

System Usability Scale

Escape Action

Display Unit

Payment Application

Details

Title: Subtitle: Readers Behaving Badly: Reader Revocation in PKI-Based RFID Systems
Creators: Rishab Nithyanand - Computer Science Department, University of California, Irvine
Gene Tsudik - Computer Science Department, University of California, Irvine
Ersin Uzun - Computer Science Department, University of California, Irvine
Resource Type: Book chapter
Publication Details: Computer Security – ESORICS 2010, pp.19-36
Publisher: Springer Berlin Heidelberg; Berlin, Heidelberg
Series: Lecture Notes in Computer Science
DOI: 10.1007/978-3-642-15497-3_2
eISSN: 1611-3349
ISSN: 0302-9743
Language: English
Date published: 2010
Academic Unit: Computer Science; Public Policy Center (Archive); Center for Social Science Innovation
Record Identifier: 9984002443702771

Metrics

21 Record Views