297 research outputs found
An efficient and private RFID authentication protocol supporting ownership transfer
Radio Frequency IDentification (RFID) systems are getting pervasively deployed in many daily life applications. But this increased usage of RFID systems brings some serious problems together, security and privacy. In some applications, ownership transfer of RFID labels is sine qua non need. Specifically, the owner of RFID tag might be required to change several times during its lifetime. Besides, after ownership transfer, the authentication protocol should also prevent the old owner to trace the tags and disallow the new owner to trace old transactions of the tags. On the other hand, while achieving privacy and security concerns, the computation complexity should be considered. In order to resolve these issues, numerous authentication protocols have been proposed in the literature. Many of them failed and their computation load on the server side is very high. Motivated by this need, we propose an RFID mutual authentication protocol to provide ownership transfer. In our protocol, the server needs only a constant-time complexity for identification when the tag and server are synchronized. In case of ownership transfer, our protocol preserves both old and new owners’ privacy. Our protocol is backward untraceable against a strong adversary who compromise tag, and also forward untraceable under an assumption
Security Assessment of the Spanish Contactless Identity Card
The theft of personal information to assume the identity of a person is a common threat.
Individual criminals, terrorists, or crime rings normally do it to commit fraud or other felonies.
Recently, the Spanish identity card, which provides enough information to hire on-line products such as mortgages or loans, was updated to incorporate a Near Field Communication (NFC) chip as electronic passports do. This contactless interface brings a new attack vector for these criminals, who might take advantage of the RFID communication to secretly steal personal information. In this paper, we assess the security of contactless Spanish identity card against identity theft. In particular, we evaluated the resistance of one of the contactless access protocol against brute-force attacks and found that no defenses were incorporated. We suggest how to avoid brute-force attacks. Furthermore, we also analyzed the pseudo-random number generator within the card, which passed all performed tests with good results.MINECO CyCriSec (TIN2014-58457-R).University of Zaragoza and Centro Universitario de la Defensa UZCUD2016-TEC-06.Project TEC2015-69665-R (MINECO/FEDER, UE)
Cryptanalysis of two mutual authentication protocols for low-cost RFID
Radio Frequency Identification (RFID) is appearing as a favorite technology
for automated identification, which can be widely applied to many applications
such as e-passport, supply chain management and ticketing. However, researchers
have found many security and privacy problems along RFID technology. In recent
years, many researchers are interested in RFID authentication protocols and
their security flaws. In this paper, we analyze two of the newest RFID
authentication protocols which proposed by Fu et al. and Li et al. from several
security viewpoints. We present different attacks such as desynchronization
attack and privacy analysis over these protocols.Comment: 17 pages, 2 figures, 1 table, International Journal of Distributed
and Parallel system
Security assessment of the Spanish contactless identity card
The theft of personal information to fake the identity of a person is a common threat normally performed by individual criminals, terrorists, or crime rings to commit fraud or other felonies Recently, the Spanish identity card, which provides enough information to hire online products such as mortgages or loans, was updated to incorporate a near-field communication chip as electronic passports do. This contactless interface brings a new attack vector for criminals, who might take advantage of the radio-frequency identification communication to virtually steal personal information. In this study, the authors consider as case study the recently deployed contactless Spanish identity card assessing its security against identity theft. In particular, they evaluated the security of one of the contactless access protocol as implemented in the contactless Spanish identity card, and found that no defences against online brute-force attacks were incorporated. They then suggest two countermeasures to protect against these attacks. Furthermore, they also analysed the pseudo-random number generator within the card, which passed all the performed tests with good results
FedTracker: Furnishing Ownership Verification and Traceability for Federated Learning Model
Federated learning (FL) is a distributed machine learning paradigm allowing
multiple clients to collaboratively train a global model without sharing their
local data. However, FL entails exposing the model to various participants.
This poses a risk of unauthorized model distribution or resale by the malicious
client, compromising the intellectual property rights of the FL group. To deter
such misbehavior, it is essential to establish a mechanism for verifying the
ownership of the model and as well tracing its origin to the leaker among the
FL participants. In this paper, we present FedTracker, the first FL model
protection framework that provides both ownership verification and
traceability. FedTracker adopts a bi-level protection scheme consisting of
global watermark mechanism and local fingerprint mechanism. The former
authenticates the ownership of the global model, while the latter identifies
which client the model is derived from. FedTracker leverages Continual Learning
(CL) principles to embedding the watermark in a way that preserves the utility
of the FL model on both primitive task and watermark task. FedTracker also
devises a novel metric to better discriminate different fingerprints.
Experimental results show FedTracker is effective in ownership verification,
traceability, and maintains good fidelity and robustness against various
watermark removal attacks
- …