2,529 research outputs found

    An efficient and private RFID authentication protocol supporting ownership transfer

    Get PDF
    Radio Frequency IDentification (RFID) systems are getting pervasively deployed in many daily life applications. But this increased usage of RFID systems brings some serious problems together, security and privacy. In some applications, ownership transfer of RFID labels is sine qua non need. Specifically, the owner of RFID tag might be required to change several times during its lifetime. Besides, after ownership transfer, the authentication protocol should also prevent the old owner to trace the tags and disallow the new owner to trace old transactions of the tags. On the other hand, while achieving privacy and security concerns, the computation complexity should be considered. In order to resolve these issues, numerous authentication protocols have been proposed in the literature. Many of them failed and their computation load on the server side is very high. Motivated by this need, we propose an RFID mutual authentication protocol to provide ownership transfer. In our protocol, the server needs only a constant-time complexity for identification when the tag and server are synchronized. In case of ownership transfer, our protocol preserves both old and new owners’ privacy. Our protocol is backward untraceable against a strong adversary who compromise tag, and also forward untraceable under an assumption

    Efficient and Low-Cost RFID Authentication Schemes

    Get PDF
    Security in passive resource-constrained Radio Frequency Identification (RFID) tags is of much interest nowadays. Resistance against illegal tracking, cloning, timing, and replay attacks are necessary for a secure RFID authentication scheme. Reader authentication is also necessary to thwart any illegal attempt to read the tags. With an objective to design a secure and low-cost RFID authentication protocol, Gene Tsudik proposed a timestamp-based protocol using symmetric keys, named YA-TRAP*. Although YA-TRAP* achieves its target security properties, it is susceptible to timing attacks, where the timestamp to be sent by the reader to the tag can be freely selected by an adversary. Moreover, in YA-TRAP*, reader authentication is not provided, and a tag can become inoperative after exceeding its pre-stored threshold timestamp value. In this paper, we propose two mutual RFID authentication protocols that aim to improve YA-TRAP* by preventing timing attack, and by providing reader authentication. Also, a tag is allowed to refresh its pre-stored threshold value in our protocols, so that it does not become inoperative after exceeding the threshold. Our protocols also achieve other security properties like forward security, resistance against cloning, replay, and tracking attacks. Moreover, the computation and communication costs are kept as low as possible for the tags. It is important to keep the communication cost as low as possible when many tags are authenticated in batch-mode. By introducing aggregate function for the reader-to-server communication, the communication cost is reduced. We also discuss different possible applications of our protocols. Our protocols thus capture more security properties and more efficiency than YA-TRAP*. Finally, we show that our protocols can be implemented using the current standard low-cost RFID infrastructures.Comment: 21 pages, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), Vol 2, No 3, pp. 4-25, 201

    Lightweight Mutual Authentication Protocol for Low Cost RFID Tags

    Full text link
    Radio Frequency Identification (RFID) technology one of the most promising technologies in the field of ubiquitous computing. Indeed, RFID technology may well replace barcode technology. Although it offers many advantages over other identification systems, there are also associated security risks that are not easy to be addressed. When designing a real lightweight authentication protocol for low cost RFID tags, a number of challenges arise due to the extremely limited computational, storage and communication abilities of Low-cost RFID tags. This paper proposes a real mutual authentication protocol for low cost RFID tags. The proposed protocol prevents passive attacks as active attacks are discounted when designing a protocol to meet the requirements of low cost RFID tags. However the implementation of the protocol meets the limited abilities of low cost RFID tags.Comment: 11 Pages, IJNS

    A Cloud-based RFID Authentication Protocol with Insecure Communication Channels

    Get PDF
    © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Radio Frequency Identification (RFID) has becomea widespread technology to automatically identify objects and withthe development of cloud computing, cloud-based RFID systemsattract more research these days. Several cloud-based RFIDauthentication protocols have been proposed to address privacyand security properties in the environment where the cloudprovider is untrusted therefore the tag’s data are encrypted andanonymously stored in the cloud database. However, most of thecloud-based RFID authentication protocols assume securecommunication channels between the reader and the cloud server.To protect data transmission between the reader and the cloudserver without any help from a third party, this paper proposes acloud-based RFID authentication protocol with insecurecommunication channels (cloud-RAPIC) between the reader and the cloud server. The cloud-RAPIC protocol preserves tag privacyeven when the tag does not update its identification. The cloudRAPIC protocol has been analyzed using the UPriv model andAVISPA verification tool which have proved that the protocolpreserves tag privacy and protects data secrecy

    Perfect tag identification protocol in RFID networks

    Full text link
    Radio Frequency IDentification (RFID) systems are becoming more and more popular in the field of ubiquitous computing, in particular for objects identification. An RFID system is composed by one or more readers and a number of tags. One of the main issues in an RFID network is the fast and reliable identification of all tags in the reader range. The reader issues some queries, and tags properly answer. Then, the reader must identify the tags from such answers. This is crucial for most applications. Since the transmission medium is shared, the typical problem to be faced is a MAC-like one, i.e. to avoid or limit the number of tags transmission collisions. We propose a protocol which, under some assumptions about transmission techniques, always achieves a 100% perfomance. It is based on a proper recursive splitting of the concurrent tags sets, until all tags have been identified. The other approaches present in literature have performances of about 42% in the average at most. The counterpart is a more sophisticated hardware to be deployed in the manufacture of low cost tags.Comment: 12 pages, 1 figur

    A survey on subjecting electronic product code and non-ID objects to IP identification

    Full text link
    Over the last decade, both research on the Internet of Things (IoT) and real-world IoT applications have grown exponentially. The IoT provides us with smarter cities, intelligent homes, and generally more comfortable lives. However, the introduction of these devices has led to several new challenges that must be addressed. One of the critical challenges facing interacting with IoT devices is to address billions of devices (things) around the world, including computers, tablets, smartphones, wearable devices, sensors, and embedded computers, and so on. This article provides a survey on subjecting Electronic Product Code and non-ID objects to IP identification for IoT devices, including their advantages and disadvantages thereof. Different metrics are here proposed and used for evaluating these methods. In particular, the main methods are evaluated in terms of their: (i) computational overhead, (ii) scalability, (iii) adaptability, (iv) implementation cost, and (v) whether applicable to already ID-based objects and presented in tabular format. Finally, the article proves that this field of research will still be ongoing, but any new technique must favorably offer the mentioned five evaluative parameters.Comment: 112 references, 8 figures, 6 tables, Journal of Engineering Reports, Wiley, 2020 (Open Access

    Towards Secure and Scalable Tag Search approaches for Current and Next Generation RFID Systems

    Get PDF
    The technology behind Radio Frequency Identification (RFID) has been around for a while, but dropping tag prices and standardization efforts are finally facilitating the expansion of RFID systems. The massive adoption of this technology is taking us closer to the well known ubiquitous computing scenarios. However, the widespread deployment of RFID technology also gives rise to significant user security issues. One possible solution to these challenges is the use of secure authentication protocols to protect RFID communications. A natural extension of RFID authentication is RFID tag searching, where a reader needs to search for a particular RFID tag out of a large collection of tags. As the number of tags of the system increases, the ability to search for the tags is invaluable when the reader requires data from a few tags rather than all the tags of the system. Authenticating each tag one at a time until the desired tag is found is a time consuming process. Surprisingly, RFID search has not been widely addressed in the literature despite the availability of search capabilities in typical RFID tags. In this thesis, we examine the challenges of extending security and scalability issues to RFID tag search and suggest several solutions. This thesis aims to design RFID tag search protocols that ensure security and scalability using lightweight cryptographic primitives. We identify the security and performance requirements for RFID systems. We also point out and explain the major attacks that are typically launched against an RFID system. This thesis makes four main contributions. First, we propose a serverless (without a central server) and untraceable search protocol that is secure against major attacks we identified earlier. The unique feature of this protocol is that it provides security protection and searching capacity same as an RFID system with a central server. In addition, this approach is no more vulnerable to a single point-of-failure. Second, we propose a scalable tag search protocol that provides most of the identified security and performance features. The highly scalable feature of this protocol allows it to be deployed in large scale RFID systems. Third, we propose a hexagonal cell based distributed architecture for efficient RFID tag searching in an emergency evacuation system. Finally, we introduce tag monitoring as a new dimension of tag searching and propose a Slotted Aloha based scalable tag monitoring protocol for next generation WISP (Wireless Identification and Sensing Platform) tags

    SLEC: A Novel Serverless RFID Authentication Protocol Based on Elliptic Curve Cryptography

    Get PDF
    Radio Frequency Identification (RFID) is one of the leading technologies in the Internet of Things (IoT) to create an efficient and reliable system to securely identify objects in many environments such as business, health, and manufacturing areas. Since the RFID server, reader, and tag communicate via insecure channels, mutual authentication between the reader and the tag is necessary for secure communication. The central database server supports the authentication of the reader and the tag by storing and managing the network data. Recent lightweight RFID authentication protocols have been proposed to satisfy the security features of RFID communication. A serverless RFID system is a new promising solution to alternate the central database for mobile RFID models. In this model, the reader and the tag perform the mutual authentication without the support of the central database server. However, many security challenges arise from implementing the lightweight RFID authentication protocols in the serverless RFID network. We propose a new robust serverless RFID authentication protocol based on the Elliptic Curve Cryptography (ECC) to prevent the security attacks on the network and maintain the confidentiality and the privacy of the authentication messages and tag information and location. While most of the current protocols assume a secure channel in the setup phase to transmit the communication data, we consider in our protocol an insecure setup phase between the server, reader, and tag to ensure that the data can be renewed from any checkpoint server along with the route of the mobile RFID network. Thus, we implemented the elliptic curve cryptography in the setup phase (renewal phase) to transmit and store the data and the public key of the server to any reader or tag so that the latter can perform the mutual authentication successfully. The proposed model is compared under the classification of the serverless model in term of computation cost and security resistance

    Serverless protocols for inventory and tracking with a UAV

    Get PDF
    It is widely acknowledged that the proliferation of Unmanned Aerial Vehicles (UAVs) may lead to serious concerns regarding avionics safety, particularly when end-users are not adhering to air safety regulations. There are, however, domains in which UAVs may help to increase the safety of airplanes and the management of flights and airport resources that often require substantial human resources. For instance, Paris Charles de Gaulle airport (CDG) has more than 7,000 staff and supports 30,000 direct jobs for more than 60 million passengers per year (as of 2016). Indeed, these new systems can be used beneficially for several purposes, even in sensitive areas like airports. Among the considered applications are those that suggest using UAVs to enhance safety of on-ground airplanes; for instance, by collecting (once the aircraft has landed) data recorded by different systems during the flight (like the sensors of the Aircraft Data Networks - ADN) or by examining the state of airplane structure. In this paper, our proposal is to use UAVs, under the control of the airport authorities, to inventory and track various tagged assets, such as luggage, supplies required for the flights, and maintenance tools. The aim of our proposal is to make airport management systems more efficient for operations requiring inventory and tracking, along with increasing safety (sensitive assets such as refueling tanks, or sensitive pieces of luggage can be tracked), thus raising financial profit.Comment: 11 pages, Conference, The 36th IEEE/AIAA Digital Avionics Systems Conference (DASC'17
    corecore