Forward-secure RFID Authentication and Key Exchange.

Security and privacy in RFID systems is an important and active research area. A number of challenges arise due to the extremely limited computational, storage and communica- tion abilities of a typical RFID tag. This work describes two families of simple, inexpensive, and untraceable identication protocols for RFID tags. The proposed protocols involve minimal inter- action between a tag and a reader and place low computational burden on the tag, requiring only a pseudo-random generator. They also impose low computational load on the back-end server. The paper also describes a universally composable security model tuned for RFID applications. By making specic setup, communication, and concurrency assumptions that are realistic in the RFID application setting, we arrive at a model that guarantees strong security and availabil- ity properties, while still permitting the design of practical RFID protocols. We show that our protocols are provably secure within the new security model. The security supports, availability, authentication, forward-secure anonymity and key exchange, and modularity. The last attribute is most appropriate for ubiquitous applications.