The Cost of Preserving Privacy: Performance Measurements of RFID Pseudonym Protocols

The purpose of RFID tags is to provide identifying information; the problem is that tags may radiate identifying information to any RFID reader anywhere. Encryption alone does not help: even encrypted IDs are static, and can be identified as unique to a particular object, and are thus vulnerable to tracking. To preserve privacy, pseudonym protocols have been proposed. Using cryptography and pseudonyms, unauthorized entities cannot even link two sightings of the same tag. In this paper, we measure the cost of running tree-based pseudonym protocols. Pseudonym protocols require random numbers, cryptographic operations and writing to onboard memory (in case time-limited delegation is enabled), which we implement using TinyOS system software. For MicaZ hardware, we measure voltage drop with an oscilloscope. Our results show that one Skipjack block cipher (part of the pseudonym encryption process) costs more energy than generating ten random numbers. Therefore, when configuring the tree of secrets, it is more energy-efficient to have a wider rather than a deeper tree