Abstract
In this paper, we present an anonymous authentication scheme that allows RFID tags to authenticate to readers without disclosing the tag identity or any other information that allows tags to be traced. The properties of our scheme are very useful for a variety of access control systems, where it is sufficient or mandatory to verify the authenticity of a tag without inferring its identity.
Our scheme is based on the recently proposed anoymizer-approach, where additional devices (called anonymizers) frequently interact with the tags to ensure anonymity and unlinkability of tags. This allows using cost-effective RFID tags that cannot perform public-key cryptography in an efficient and scalable way. Our solution provides (i) anonymity and untracability of tags against readers, (ii) secure tag authentication even against collusions of malicious readers and anonymizers, and (iii) security against denial-of-service attacks.