After several years of research on cryptographic models for privacy in RFID systems, it appears that no universally model exists yet. Experience shows that security experts usually prefer using their own ad-hoc model than the existing ones. In particular, the impossibility of the models to refine the privacy assessment of different protocols has been highlighted in several studies. The paper emphasizes the necessity to define a new model capable of comparing protocols meaningfully. It introduces an untraceability model that is operational where the previous models are not. The model aims to be easily usable to design proofs or describe attacks. This spirit led to a modular model where adversary actions (oracles), capabilities (selectors and restrictions), and goals (experiment) follow an intuitive and practical approach. This design enhances the ability to formalize new adversarial assumptions and future evolutions of the technology, and provide a finest privacy evaluation of protocols.
Avoine, G., Coisel, I., & Martin, T. (2014). Untraceability model for RFID. IEEE Transactions on Mobile Computing, 99. https://doi.org/10.1109/TMC.2013.161 (Original work published 2014)