Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: ESORICS 2010
Guest editors: Dimitris GritzalisGuest Editor
Article type: Research Article
Authors: Nithyanand, Rishaba | Tsudik, Geneb | Uzun, Ersinc; **
Affiliations: [a] Stony Brook University, Stony Brook, New York, NY, USA. E-mail: [email protected] | [b] University of California, Irvine, CA, USA. E-mail: [email protected] | [c] Palo Alto Research Center, Palo Alto, CA, USA. E-mail: [email protected]
Correspondence: [**] Corresponding author: Ersin Uzun, Palo Alto Research Center, 3333 Coyote Hill Road, Palo Alto, CA 94304, USA. E-mail: [email protected].
Note: [*] The preliminary version of this paper appeared in the Proceedings of ESORICS 2010.
Abstract: Recent emergence of RFID tags capable of performing public key operations motivates new RFID applications, including electronic travel documents, identification cards and payment instruments. In this context, public key certificates form the cornerstone of the overall system security. In this paper, we argue that one of the prominent challenges is how to handle revocation and expiration checking of RFID reader certificates. This is an important issue considering that these high-end RFID tags are geared for applications such as e-documents and contactless payment instruments. Furthermore, the problem is unique to public key-based RFID systems, since a passive RFID tag has no clock and thus cannot use (time-based) off-line methods. In this paper, we address the problem of reader certificate expiration and revocation in PKI-based RFID systems. We begin by observing an important distinguishing feature of personal RFID tags used in authentication, access control or payment applications – the involvement of a human user. We take advantage of the user's awareness and presence to construct a simple, efficient, secure and (most importantly) feasible solution. We evaluate the usability and practical security of our solution via user studies and discuss its feasibility.
Keywords: RFID, privacy, security, usability
DOI: 10.3233/JCS-2011-0435
Journal: Journal of Computer Security, vol. 19, no. 6, pp. 1147-1172, 2011
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]