Distributed Wireless Algorithms for RFID Systems: Grouping Proofs and Cardinality Estimation

The breadth and depth of the use of Radio Frequency Identification (RFID) are becoming more substantial. RFID is a technology useful for identifying unique items through radio waves. We design algorithms on RFID-based systems for the Grouping Proof and Cardinality Estimation problems. A grouping-proof protocol is evidence that a reader simultaneously scanned the RFID tags in a group. In many practical scenarios, grouping-proofs greatly expand the potential of RFID-based systems such as supply chain applications, simultaneous scanning of multiple forms of IDs in banks or airports, and government paperwork. The design of RFID grouping-proofs that provide optimal security, privacy, and efficiency is largely an open area, with challenging problems including robust privacy mechanisms, addressing completeness and incompleteness (missing tags), and allowing dynamic groups definitions. In this work we present three variations of grouping-proof protocols that implement our mechanisms to overcome these challenges. Cardinality estimation is for the reader to determine the number of tags in its communication range. Speed and accuracy are important goals. Many practical applications need an accurate and anonymous estimation of the number of tagged objects. Examples include intelligent transportation and stadium management. We provide an optimal estimation algorithm template for cardinality estimation that works for a {0,1,e} channel, which extends to most estimators and ,possibly, a high resolution {0,1,...,k-1,e} channel

Improving Security and Privacy in Large-Scale RFID Systems

Radio Frequency Identification (RFID) technologies lay in the very heart of Internet of Things (IoT), in which every physical objects are tagged and identified in an internet-like structure. High performance and privacy-preserving interrogations of individual tags, generally called private tag authentication, is crucial for effective monitoring and management of a large number of objects with RFID tags. An RFID system consists of RF readers and RF tags. RF tags are attached to objects, and used as a unique identifier of the objects. RFID technologies enable a number of business and personal applications, and smooth the way for physical transactions in the real world, such as supply chain management, transportation payment, animal identification, warehouse operations, and more. Though bringing great productivity gains, RFID systems may cause new security and privacy threats to individuals or organizations, which have become a major obstacle for their wide adaptions. Therefore, it is important to address the security and privacy issues in RFID systems. In this dissertation, we investigate two important security and privacy issues for large-scale RFID systems. First, we discuss the private tag authentication problems. In a singulation process, an RF reader first sends a query and energizes an RF tag, and then the tag replies its ID or data to the reader. As the tag\u27s ID itself is sensitive information, the reply from tags must be protected against various threats, such as eavesdropping and compromise attacks, where tags are physically tampered and the keys associated with compromised tags are disclosed to adversaries. Fast and secure object identification, generally called private tag authentication, is critical to efficiently monitor and manage a large number of objects with Radio Frequency Identification (RFID) technologies. In a singulation process, an RF reader queries an RF tag, and then the tag replies its ID or data to the reader. Since the tags ID itself is private information, the reply must be protected against various threats, such as eavesdropping and com-promised attacks, where tags are physically tampered and the keys associated with compromised tags are disclosed to adversaries. Hence a large amount of efforts have been made to protect tags replies with low-cost operations, e.g., the XOR operation and 16-bit pseudo random functions (PRFs). In the primitive solution, a tag sends a hashed ID, instead of its real ID, to a reader, and then, the reader searches the corresponding entry in the back-end server. While this approach defends tags replies against various attacks, the authentication speed is of 0(N), where N is the number of tags in the system. Hence, such a straightforward approach is not practical for large-scale RFID systems. In order to efficiently and securely read tags content, private authentication protocols with structured key management have been proposed. In these schemes, each tag has its unique key and a set of groups keys. Groups keys are shared by several tags and used to confine the search space of a unique key. With efficient data structures, the tag authentication completes within 0(log k N). How-ever, private authentication protocols with structured key management unfortunately reduce the degree of privacy, should some tags in the system be compromised. This is because group keys are shared by several tags, and physical tampering of some tags makes the other tags less anonymous. How to remedy this issue is equivalent to reducing the probability that two tags share common group keys (hence after we refer to it as the correlation probability). The introduction of random walking over a data structure, e.g., randomized tree-walking and randomized skip-lists, significantly reduces the correlation probability. Nevertheless, two tags are still correlated should they have same groups keys at all the levels of in a balanced tree or skip lists. In our study, we design a private tag authentication protocol, namely Randomized Skip Graphs-Based Authentication (RSGA), in which unique and group keys are maintained with a skip graph. The RSGA achieves lower correlation probability than the existing scheme while maintaining the same authentication speed as the tree structure. Second, we discuss the fast and secure grouping problems. In the large-scale RFID systems, categorization and grouping of individual items with RF tags are critical for efficient object monitoring and management. For example, when tags belonging to the same group share a common group ID, the reader can transmit the same data simultaneously to the group ID, and it is possible to save considerably the communication overhead as compared with the conventional unicast transmission. To this end, Liu et al. recently propose a set of tag grouping protocols, which enables multicast-like communications for simultaneous data access and distribution to the tags in the same group. In the reality, not only the performance issue, but also security and privacy-preserving mechanisms in RFID protocols are important for protecting the assets of individuals and organizations. Although a number of works have been done for protecting tag\u27s privacy, to the best of our knowledge, the problem of private tag grouping is yet to be addressed. To address the problem of private tag grouping in a large-scale RFID system, we first formulate the problem of private tag grouping and define the privacy model based on the random oracle model. As a baseline protocol, we design a private traditional polling grouping (PrivTPG) protocol based on traditional tag polling protocol. Since PrivTPG is a straightforward approach, it can take a long time. Hence, based on the idea of broadcasting group IDs, we propose a private enhanced polling grouping (PrivEPG) protocol. To further improve the efficiency of tag grouping, we propose a private Bloom filter-based grouping (PrivBFG) protocol. These protocols broadcast unencrypted group IDs. Therefore, we propose a private Cuckoo filter-based polling grouping (PrivCFG) protocol, which is a more secure protocol using a data structure called a cuckoo filter. Then, the protocol-level tag\u27s privacy of the proposed PrivTPG, PrivEPG, PrivBFG, and PrivCFG is proven by random oracles. In addition, computer simulations are conducted to evaluate the efficiency of the proposed protocols with different configurations.首都大学東京, 2018-03-25, 修士（工学）首都大学東

Review on Lightweight Cryptography Techniques and Steganography Techniques for IOT Environment

In the modern world, technology has connected to our day-to-day life in different forms. The Internet of Things (IoT) has become an innovative criterion for mass implementations and a part of daily life. However, this rapid growth leads the huge traffic and security problems. There are several challenges arise while deploying IoT. The most common challenges are privacy and security during data transmission. To address these issues, various lightweight cryptography and steganography techniques were introduced. These techniques are helpful in securing the data over the IoT. The hybrid of cryptography and steganography mechanisms provides enhanced security to confidential messages. Any messages can be secured by cryptography or by embedding the messages into any media files, including text, audio, image, and video, using steganography. Hence, this article has provided a detailed review of efficient, lightweight security solutions based on cryptography and steganography and their function over IoT applications. The objective of the paper is to study and analyze various Light weight cryptography techniques and Steganography techniques for IoT. A few works of literature were reviewed in addition to their merits and limitations. Furthermore, the common problems in the reviewed techniques are explained in the discussion section with their parametric comparison. Finally, the future scope to improve IoT security solutions based on lightweight cryptography and steganography is mentioned in the conclusion part

Distributed Group Authentication for RFID Supply Management

We investigate an application of Radio Frequency Identification (RFID) referred to in the literature as group scanning, in which an RFID reader device interrogates several RFID tags to establish “simultaneous” presence of a group of tags. Our goal is to study the group scanning problem in strong adversarial settings and show how group scanning can be used in distributed applications for supply chain management. We present a security framework for group scanning and give a formal description of the attending security requirements. Our model is based on the Universal Composability framework and supports re-usability (through modularity of security guarantees). We propose two novel protocols that realize group scanning in this security model, based on off-the-shelf components such as low-cost (highly optimized) pseudorandom functions, and show how these can be integrated into RFID supply-chain management system

A reduced semantics for deciding trace equivalence using constraint systems

Many privacy-type properties of security protocols can be modelled using trace equivalence properties in suitable process algebras. It has been shown that such properties can be decided for interesting classes of finite processes (i.e., without replication) by means of symbolic execution and constraint solving. However, this does not suffice to obtain practical tools. Current prototypes suffer from a classical combinatorial explosion problem caused by the exploration of many interleavings in the behaviour of processes. M\"odersheim et al. have tackled this problem for reachability properties using partial order reduction techniques. We revisit their work, generalize it and adapt it for equivalence checking. We obtain an optimization in the form of a reduced symbolic semantics that eliminates redundant interleavings on the fly.Comment: Accepted for publication at POST'1

A Reduced Semantics for Deciding Trace Equivalence

Many privacy-type properties of security protocols can be modelled using trace equivalence properties in suitable process algebras. It has been shown that such properties can be decided for interesting classes of finite processes (i.e., without replication) by means of symbolic execution and constraint solving. However, this does not suffice to obtain practical tools. Current prototypes suffer from a classical combinatorial explosion problem caused by the exploration of many interleavings in the behaviour of processes. M\"odersheim et al. have tackled this problem for reachability properties using partial order reduction techniques. We revisit their work, generalize it and adapt it for equivalence checking. We obtain an optimisation in the form of a reduced symbolic semantics that eliminates redundant interleavings on the fly. The obtained partial order reduction technique has been integrated in a tool called APTE. We conducted complete benchmarks showing dramatic improvements.Comment: Accepted for publication in LMC

With renewables for energy security

Taking into account the possible future exhaustion of fossil energy sources, the actual and near danger of climate change, the drastic increase of the greenhouse gases in the last 200 years, as well as the growing need for sustainable development, consumption and liveable environment, the increasing necessity of renewable energy sources becomes clear. Utilization of these energy sources have to acquire a bigger role in the field of energy supply, in order to enhance the energy security of Hungary, to decline the energy import dependence, to reduce the negative environmental impacts, and to recover the economy. The world’s hunger for energy is growing exponentially; this is why it is crucial to establish feasibility scenarios in the next decades, which are able to meet these expectations, and to increase the safety of the energy supply