An Effective Privacy-Preserving RFID Scheme against Desynchronization

Radio-frequency identification (RFID) is regarded as a fundamental technology for ubiquitous services and thus a growing security and privacy concern goes along with its applications integrated into everyday life, often in an invisible way. The possible abuse of RFID´s tracking capability raises threats to user privacy. It has inspired lot of research interest, but many measures bring about a very challenging risk, that is, synchronization. Failure to keep changes of the shared secret in step between the tag and the back-end server will cause RFID system out of action. This paper presents an effective privacy-preserving protocol by means of commutative cipher to obviate the possibility of the mistake. In the proposed scheme, the tag output associated to the fixed secret identifier is not fixed at every session to conduct mutual authentication with reader-to-tag and tag-to-reader in turn. Therefore, our work is robust against desynchronization attacks and other security attacks, such as cloned use and man-in-the-middle attack, as well.