KIMAP: Key-Insulated Mutual Authentication Protocol for RFID

Radio-Frequency IDentification (RFID) is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID tags or transponders. An RFID tag is an object that can be applied to or incorporated into a product, animal, or person for the purpose of identification using radio waves. These RFID tags are heavily constrained in computational and storage capabilities, and raise numerous privacy concerns in everyday life due to their vulnerability to different attacks. Both forward security and backward security are required to maintain the privacy of a tag i.e., exposure of a tag's secret key should not reveal the past or future secret keys of the tag. We envisage the need for a formal model for backward security for RFID protocol designs in shared key settings, since the RFID tags are too resource-constrained to support public key settings. However, there has not been much research on backward security for shared key environment since Serge Vaudenay in his Asiacrypt 2007 paper showed that perfect backward security is impossible to achieve without public key settings. We propose* a Key-Insulated Mutual Authentication Protocol for shared key environment, KIMAP, which minimizes the damage caused by secret key exposure using insulated keys. Even if a tag's secret key is exposed during an authentication session, forward security and `restricted' backward security of the tag are preserved under our assumptions. The notion of `restricted' backward security is that the adversary misses the protocol transcripts which are needed to update the compromised secret key. Although our definition does not capture perfect backward security, it is still suitable for effective implementation as the tags are highly mobile in practice. We also provide a formal security model of KIMAP. Our scheme is more efficient than previous proposals from the viewpoint of computational requirements.