Privacy issues in RFID banknote protection schemes
Radio Frequency Identification systems are in the limelight for a few years and become pervasive in our daily lives. These smart devices are nowadays embedded in the consumer items and may come soon into our banknotes. At Financial Cryptography 2003, Juels and Pappu proposed a practical cryptographic banknote protection scheme based on both Optical and Radio Frequency Identification systems. We demonstrate however that it severely compromises the privacy of the banknotes' bearers. We describe some threats and show that, due to the misuse of the secure integration method of Fujisaki and Okamoto, an attacker can access and modify the data stored in the smart device without optical access to the banknote. We prove also that despite what the authors claimed, an attacker can track the banknotes by using the access-key as a marker, circumventing the randomized encryption scheme that aims at thwarting such attacks.