On two RFID privacy notions and their relations

Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions in the literature: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the unpredictability of the output of an RFID protocol, denoted as unp-privacy. In this article, we first revisit the existing unpredictability-based RFID privacy models and point out their limitations. We then propose a new RFID privacy model, denoted as unp*-privacy, based on the indistinguishability of a real tag and a virtual tag. We formally clarify its relationship with the ind-privacy model. It is proven that ind-privacy is weaker than unp*-privacy. Moreover, the minimal (necessary and sufficient) condition on RFID tags to achieve unp*-privacy is determined. It is shown that if an RFID system is unp*-private, then the computational power of an RFID tag can be used to construct a pseudorandom function family provided that the RFID system is complete and sound. On the other hand, if each tag is able to compute a pseudorandom function, then the tags can be used to construct an RFID system with unp*-privacy. In this sense, a pseudorandom function family is the minimal requirement on an RFID tag's computational power for enforcing RFID system privacy. Finally, a new RFID mutual authentication protocol is proposed to satisfy the minimal requirement.