RSA Laboratories

"Yoking-Proofs" for RFID Tags

A. Juels

Citation: A. Juels. "Yoking-Proofs" for RFID Tags. In R. Sandhu and R. Thomas, eds., First International Workshop on Pervasive Computing and Communication Security. IEEE Press, pp.138—143. 2004.

Note: A detail omitted from this (short) PerSec version of the paper appears to have led in some follow-up work to a misunderstanding of the "Minimalist MAC" yoking proof depicted in Figure 2. The values rA and rB are one-time secrets that may be initialized in tags simultaneously with the secret keys for the MACs. Thus we presume that rA and rB are shared between tags and the verifier. That is, the verifier may check their correctness on verifying PAB.

Abstract: In some cases, it is useful to prove that a pair of RFID tags has been scanned simultaneously. A pharmacy might want to be able to prove, for instance, that it dispensed an RFID-tagged prescription bottle along with a required RFID-tagged booklet containing indications. An aircraft-parts manufacturer might wish to prove, using RFID, that its goods leave the warehouse with safety caps attached.

RSA Laboratories scientists have developed a technique known as a "yoking proof." A pair of tags can construct such a proof in order to help demonstrate that they have been scanned simultaneously. The proof is designed to be unforgeable even when tags are scanned by malicious reading devices.

Click here for paper

Full Publication List