Quantitative Analysis for Authentication of Low-cost RFID Tags

Formal analysis techniques are widely used today in order to verify and analyze communication protocols. In this work, we launch a quantitative verification analysis for the low- cost Radio Frequency Identification (RFID) protocol proposed by Song and Mitchell. The analysis exploits a Discrete-Time Markov Chain (DTMC) using the well-known PRISM model checker. We have managed to represent up to 100 RFID tags communicating with a reader and quantify each RFID session according to the protocol's computation and transmission cost requirements. As a consequence, not only does the proposed analysis provide quantitative verification results, but also it constitutes a methodology for RFID designers who want to validate their products under specific cost requirements.Comment: To appear in the 36th IEEE Conference on Local Computer Networks (LCN 2011

Designing Security Requirements – A Flexible, Balanced, and Threshold-Based Approach

Defining security requirements is the important first step in designing, implementing and evaluating a secure system. In thispaper, we propose a formal approach for designing security requirements, which is flexible for a user to express his/hersecurity requirements with different levels of details and for the system developers to take different options to design andimplement the system to satisfy the user’s requirements. The proposed approach also allows the user to balance the requiredsystem security properties and some unfavorable features (e.g., performance degrading due to tight control and strongsecurity). Given the importance of social-technical factors in information security, the proposed approach also incorporateseconomic and organizational security management factors in specifying user’s security requirements. We demonstrate theapplication of our approach with the help of a concrete pervasive information system

Improved Internet Security Protocols Using Cryptographic One-Way Hash Chains

In this dissertation, new approaches that utilize the one-way cryptographic hash functions in designing improved network security protocols are investigated. The proposed approaches are designed to be scalable and easy to implement in modern technology. The first contribution explores session cookies with emphasis on the threat of session hijacking attacks resulting from session cookie theft or sniffing. In the proposed scheme, these cookies are replaced by easily computed authentication credentials using Lamport\u27s well-known one-time passwords. The basic idea in this scheme revolves around utilizing sparse caching units, where authentication credentials pertaining to cookies are stored and fetched once needed, thereby, mitigating computational overhead generally associated with one-way hash constructions. The second and third proposed schemes rely on dividing the one-way hash construction into a hierarchical two-tier construction. Each tier component is responsible for some aspect of authentication generated by using two different hash functions. By utilizing different cryptographic hash functions arranged in two tiers, the hierarchical two-tier protocol (our second contribution) gives significant performance improvement over previously proposed solutions for securing Internet cookies. Through indexing authentication credentials by their position within the hash chain in a multi-dimensional chain, the third contribution achieves improved performance. In the fourth proposed scheme, an attempt is made to apply the one-way hash construction to achieve user and broadcast authentication in wireless sensor networks. Due to known energy and memory constraints, the one-way hash scheme is modified to mitigate computational overhead so it can be easily applied in this particular setting. The fifth scheme tries to reap the benefits of the sparse cache-supported scheme and the hierarchical scheme. The resulting hybrid approach achieves efficient performance at the lowest cost of caching possible. In the sixth proposal, an authentication scheme tailored for the multi-server single sign-on (SSO) environment is presented. The scheme utilizes the one-way hash construction in a Merkle Hash Tree and a hash calendar to avoid impersonation and session hijacking attacks. The scheme also explores the optimal configuration of the one-way hash chain in this particular environment. All the proposed protocols are validated by extensive experimental analyses. These analyses are obtained by running simulations depicting the many scenarios envisioned. Additionally, these simulations are supported by relevant analytical models derived by mathematical formulas taking into consideration the environment under investigation

Survey of Security in Home Connected Internet of Things

Security and privacy have been increasingly important issues, especially surrounding privacy in consumer\u27s homes. Internet of things devices, while providing opportunity, also provide danger through poor or inconsistent implementation of security protocols or hardening techniques. Security research around home connected internet of things devices must then have more significant and summative research and literature to combat these dangers. This paper presents an overview of existing research focusing on internet of things devices intended for consumers in the home, discusses some specific case studies of vulnerabilities in existing and common devices, overviews some best practices as they\u27re suggested in various papers, and finally adds some discussion on interesting solutions to security in the connected internet of things home. This paper finds that many home connected internet of things devices are lacking minimal security, and that both consumption and production of home connected internet of things devices require a security focus in order to provide a stable foundation for this rapidly proliferating infrastructure