215 research outputs found
An efficient and private RFID authentication protocol supporting ownership transfer
Radio Frequency IDentification (RFID) systems are getting pervasively deployed in many daily life applications. But this increased usage of RFID systems brings some serious problems together, security and privacy. In some applications, ownership transfer of RFID labels is sine qua non need. Specifically, the owner of RFID tag might be required to change several times during its lifetime. Besides, after ownership transfer, the authentication protocol should also prevent the old owner to trace the tags and disallow the new owner to trace old transactions of the tags. On the other hand, while achieving privacy and security concerns, the computation complexity should be considered. In order to resolve these issues, numerous authentication protocols have been proposed in the literature. Many of them failed and their computation load on the server side is very high. Motivated by this need, we propose an RFID mutual authentication protocol to provide ownership transfer. In our protocol, the server needs only a constant-time complexity for identification when the tag and server are synchronized. In case of ownership transfer, our protocol preserves both old and new owners’ privacy. Our protocol is backward untraceable against a strong adversary who compromise tag, and also forward untraceable under an assumption
On the Privacy of Two Tag Ownership Transfer Protocols for RFIDs
In this paper, the privacy of two recent RFID tag ownership transfer
protocols are investigated against the tag owners as adversaries. The first
protocol called ROTIV is a scheme which provides a privacy-preserving ownership
transfer by using an HMAC-based authentication with public key encryption.
However, our passive attack on this protocol shows that any legitimate owner
which has been the owner of a specific tag is able to trace it either in the
past or in the future. Tracing the tag is also possible via an active attack
for any adversary who is able to tamper the tag and extract its information.
The second protocol called, Chen et al.'s protocol, is an ownership transfer
protocol for passive RFID tags which conforms EPC Class1 Generation2 standard.
Our attack on this protocol shows that the previous owners of a particular tag
are able to trace it in future. Furthermore, they are able even to obtain the
tag's secret information at any time in the future which makes them capable of
impersonating the tag
Tag Ownership Transfer in Radio Frequency Identification Systems: A Survey of Existing Protocols and Open Challenges
Radio frequency identification (RFID) is a modern approach to identify and track several assets at once in a supply chain environment. In many RFID applications, tagged items are frequently transferred from one owner to another. Thus, there is a need for secure ownership transfer (OT) protocols that can perform the transfer while, at the same time, protect the privacy of owners. Several protocols have been proposed in an attempt to fulfill this requirement. In this paper, we provide a comprehensive and systematic review of the RFID OT protocols that appeared over the years of 2005-2018. In addition, we compare these protocols based on the security goals which involve their support of OT properties and their resistance to attacks. From the presented comparison, we draw attention to the open issues in this field and provide suggestions for the direction that future research should follow. Furthermore, we suggest a set of guidelines to be considered in the design of new protocols. To the best of our knowledge, this is the first comprehensive survey that reviews the available OT protocols from the early start up to the current state of the art
A Secure Authentication Scheme for RFID Systems
AbstractDay by day the importance of Radio Frequency Identification (RFID) systems is increasing for its powerful capabilities in automatic identification, localization and access control of the objects. However, the RFID techniques are plagued to security and privacy issues due to underlying wireless communication channel. In order to come up with a solution, we propose an efficient authentication scheme which uses pseudorandom number generators (PRNG) and some simple cryptographic operations. Moreover, as the current generation tags come with in-built pseudo random generators, the implementations of these operations are possible with low complexity. The secret information stored inside the tags is communicated in a more secure way ensuring confidentiality, integrity, and authentication. The security of our proposed scheme is analyzed against different attacks on RFID and with the performance of some existing protocols. Experimental results show a significant improvement in security with average cost, when compared with the existing techniques
RFID Authentification Protocols using Symmetric Cryptography
Radio Frequency IDentification (RFID) is emerging in a variety
of applications as an important technology for identifying and
tracking goods and assets. The spread of RFID technology,
however, also gives rise to significant user privacy and
security issues. One possible solution to these challenges is
the use of a privacy-enhancing cryptographic protocol to
protect RFID communications.
This thesis considers RFID authentication protocols that make
use of symmetric cryptography. We first identify the privacy,
security and performance requirements for RFID systems. We then
review recent related work, and assess the capabilities of
previously proposed protocols with respect to the identified
privacy, security and performance properties.
The thesis makes four main contributions. First, we introduce
server impersonation attacks as a novel security threat to RFID
protocols. RFID tag memory is generally not tamper-proof, since
tag costs must be kept low, and thus it is vulnerable to
compromise by physical attacks. We show that such attacks can
give rise to desynchronisation between server and tag in a
number of existing RFID authentication protocols. We also
describe possible countermeasures to this novel class of
attacks.
Second, we propose a new authentication protocol for RFID
systems that provides most of the identified privacy and
security features. The new protocol resists tag information
leakage, tag location tracking, replay attacks, denial of
service attacks and backward traceability. It is also more
resistant to forward traceability and server impersonation
attacks than previously proposed schemes. The scheme requires
less tag-side storage than existing protocols and requires only
a moderate level of tag-side computation.
Next, we survey the security requirements for RFID tag
ownership transfer. In some applications, the bearer of an RFID
tag might change, with corresponding changes required for the
RFID system infrastructure. We propose novel authentication
protocols for tag ownership and authorisation transfer. The
proposed protocols satisfy the requirements presented, and have
desirable performance characteristics.
Finally, we address the issue of scalability in anonymous RFID
authentication protocols. Many previously proposed protocols
suffer from scalability issues because they require a linear
search to identify or authenticate a tag. Some RFID protocols,
however, only require constant time for tag identification;
unfortunately, all previously proposed schemes of this type
have serious shortcomings. We propose a novel RFID pseudonym
protocol that takes constant time to authenticate a tag, and
meets the identified privacy, security and performance
requirements. The proposed scheme also supports tag delegation
and ownership transfer in an efficient way
A survey of RFID privacy approaches
A bewildering number of proposals have offered solutions to the privacy problems inherent in RFID communication. This article tries to give an overview of the currently discussed approaches and their attribute
KP+ : Fixing Availability Issues on KP Ownership Transfer Protocols
Ownership Transfer Protocols for RFID allow transferring the rights over a tag from a current owner to a new owner in a secure and private way. Recently, Kapoor and Piramuthu have proposed two schemes which solve most of the security weaknesses detected in previously
published protocols. However, this paper reviews this work and points out that such schemes still present some practical and security issues. We then propose some modifications in these protocols that overcome such problems
- …