640 research outputs found
AnonPri: A Secure Anonymous Private Authentication Protocol for RFID Systems
Privacy preservation in RFID systems is a very important issue in modern day world. Privacy activists have been worried about the invasion of user privacy while using various RFID systems and services. Hence, significant efforts have been made to design RFID systems that preserve users\u27 privacy. Majority of the privacy preserving protocols for RFID systems require the reader to search all tags in the system in order to identify a single RFID tag which not efficient for large scale systems. In order to achieve high-speed authentication in large-scale RFID systems, researchers propose tree-based approaches, in which any pair of tags share a number of key components. Another technique is to perform group-based authentication that improves the tradeoff between scalability and privacy by dividing the tags into a number of groups. This novel authentication scheme ensures privacy of the tags. However, the level of privacy provided by the scheme decreases as more and more tags are compromised. To address this issue, in this paper, we propose a group based anonymous private authentication protocol (AnonPri) that provides higher level of privacy than the above mentioned group based scheme and achieves better efficiency (in terms of providing privacy) than the approaches that prompt the reader to perform an exhaustive search. Our protocol guarantees that the adversary cannot link the tag responses even if she can learn the identifier of the tags. Our evaluation results demonstrates that the level of privacy provided by AnonPri is higher than that of the group based authentication technique
AnonPri: A Secure Anonymous Private Authentication Protocol for RFID Systems
Privacy preservation in RFID systems is a very important issue in modern day world. Privacy activists have been worried about the invasion of user privacy while using various RFID systems and services. Hence, significant efforts have been made to design RFID systems that preserve users\u27 privacy. Majority of the privacy preserving protocols for RFID systems require the reader to search all tags in the system in order to identify a single RFID tag which not efficient for large scale systems. In order to achieve high-speed authentication in large-scale RFID systems, researchers propose tree-based approaches, in which any pair of tags share a number of key components. Another technique is to perform group-based authentication that improves the tradeoff between scalability and privacy by dividing the tags into a number of groups. This novel authentication scheme ensures privacy of the tags. However, the level of privacy provided by the scheme decreases as more and more tags are compromised. To address this issue, in this paper, we propose a group based anonymous private authentication protocol (AnonPri) that provides higher level of privacy than the above mentioned group based scheme and achieves better efficiency (in terms of providing privacy) than the approaches that prompt the reader to perform an exhaustive search. Our protocol guarantees that the adversary cannot link the tag responses even if she can learn the identifier of the tags. Our evaluation results demonstrates that the level of privacy provided by AnonPri is higher than that of the group based authentication technique
Protecting Privacy and Ensuring Security of RFID Systems Using Private Authentication Protocols
Radio Frequency IDentification (RFID) systems have been studied as an emerging technology for automatic identification of objects and assets in various applications ranging from inventory tracking to point of sale applications and from healthcare applications to e-passport. The expansion of RFID technology, however, gives rise to severe security and privacy concerns. To ensure the widespread deployment of this technology, the security and privacy threats must be addressed. However, providing solutions to the security and privacy threats has been a challenge due to extremely inadequate resources of typical RFID tags. Authentication protocols can be a possible solution to secure RFID communications. In this thesis, we consider RFID authentication protocols based on symmetric key cryptography. We identify the security and privacy requirements for an RFID system. We present four protocols in this thesis. First, we propose a lightweight authentication protocol for typical tags that can perform symmetric key operations. This protocol makes use of pseudo random number generators (PRNG) and one way hash functions to ensure the security and privacy requirements of RFID systems. Second, we define the desynchronizing attack and describe the vulnerabilities of this attack in RFID systems. We propose a robust authentication protocol that can prevent the desynchronizing attack. This protocol can recover the disabled tags that are desynchronized with the reader because of this attack. Third, we introduce a novel authentication protocol based on elliptic curve cryptography (ECC) to avoid the counterfeiting problem of RFID systems. This protocol is appropriate for the RFID tags that can perform the operations of ECC. Finally, to address the tradeoff between scalability and privacy of RFID systems, we propose an efficient anonymous authentication protocol. We characterize the privacy of RFID systems and prove that our protocol preserves the privacy of RFID tags and achieves better scalability as well
Privacy-Preserving Mutual Authentication in RFID with Designated Readers
We study privacy-preserving mutual authentication in radio-frequency identification systems with designated readers (PP-MADR in short). In PP-MADR, each tag has its designated-reader group instead of all readers, and only tags and their designated readers can authenticate each other. Other readers and adversaries cannot trace tags or know their designated readers. The most challenging task of constructing such a PP-MADR protocol is the verification of reader designation without compromising tag privacy. We found that traditional solutions are impractical due to linear storage growth on tags, linear computation growth on tags, or requiring new key generations for designated readers. In this paper, we show how to construct such an efficient PP-MADR protocol. In our protocol, each tag stores constant-size secret state and performs constant-time computation for mutual authentication. When a tag is created, the server does not generate new private keys for designated readers. Our protocol captures the strong privacy property, where tags cannot be traced and designated readers cannot be distinguished, even if tags are corrupted by adversaries
An Implementing A Continuous Authentication Protocol To Improve Robustness Security Threats On IoT Using ESP8266
The Internet of Things (IoT) is a network of physical things that are outfitted with sensors, software, and other technologies that are able to communicate and exchange data with other devices and systems over the Internet. Because of the diversity of their surroundings, IoT systems are sensitive to network attacks. The IoT could be the source of these dangers and attacks. There are a lot of devices that communicate with each other via the IoT, and one of the most critical components of this is to maintain IoT security. IoT devices are a prime target for attackers and pose a serious risk of impersonation during a call. Proposals to prevent session hijacking in device-to-device communication are made in this research study. User-to-device authentication relies on usernames and passwords, but continuous authentication doesn't. This protocol relies on device features and contextual information. Moreover, this protocol reduces the synchronization losses using shadow IDs and emergency key. In addition, the protocolâs robustness will be tested by providing security and performance analysis
Towards end-to-end security in internet of things based healthcare
Healthcare IoT systems are distinguished in that they are designed to serve human beings, which primarily raises the requirements of security, privacy, and reliability. Such systems have to provide real-time notifications and responses concerning the status of patients. Physicians, patients, and other caregivers demand a reliable system in which the results are accurate and timely, and the service is reliable and secure. To guarantee these requirements, the smart components in the system require a secure and efficient end-to-end communication method between the end-points (e.g., patients, caregivers, and medical sensors) of a healthcare IoT system.
The main challenge faced by the existing security solutions is a lack of secure end-to-end communication. This thesis addresses this challenge by presenting a novel end-to-end security solution enabling end-points to securely and efficiently communicate with each other. The proposed solution meets the security requirements of a wide range of healthcare IoT systems while minimizing the overall hardware overhead of end-to-end communication. End-to-end communication is enabled by the holistic integration of the following contributions.
The first contribution is the implementation of two architectures for remote monitoring of bio-signals. The first architecture is based on a low power IEEE 802.15.4 protocol known as ZigBee. It consists of a set of sensor nodes to read data from various medical sensors, process the data, and send them wirelessly over ZigBee to a server node. The second architecture implements on an IP-based wireless sensor network, using IEEE 802.11 Wireless Local Area Network (WLAN). The system consists of a IEEE 802.11 based sensor module to access bio-signals from patients and send them over to a remote server. In both architectures, the server node collects the health data from several client nodes and updates a remote database. The remote webserver accesses the database and updates the webpage in real-time, which can be accessed remotely.
The second contribution is a novel secure mutual authentication scheme for Radio Frequency Identification (RFID) implant systems. The proposed scheme relies on the elliptic curve cryptography and the D-Quark lightweight hash design. The scheme consists of three main phases: (1) reader authentication and verification, (2) tag identification, and (3) tag verification. We show that among the existing public-key crypto-systems, elliptic curve is the optimal choice due to its small key size as well as its efficiency in computations. The D-Quark lightweight hash design has been tailored for resource-constrained devices.
The third contribution is proposing a low-latency and secure cryptographic keys generation approach based on Electrocardiogram (ECG) features. This is performed by taking advantage of the uniqueness and randomness properties of ECG's main features comprising of PR, RR, PP, QT, and ST intervals. This approach achieves low latency due to its reliance on reference-free ECG's main features that can be acquired in a short time. The approach is called Several ECG Features (SEF)-based cryptographic key generation.
The fourth contribution is devising a novel secure and efficient end-to-end security scheme for mobility enabled healthcare IoT. The proposed scheme consists of: (1) a secure and efficient end-user authentication and authorization architecture based on the certificate based Datagram Transport Layer Security (DTLS) handshake protocol, (2) a secure end-to-end communication method based on DTLS session resumption, and (3) support for robust mobility based on interconnected smart gateways in the fog layer.
Finally, the fifth and the last contribution is the analysis of the performance of the state-of-the-art end-to-end security solutions in healthcare IoT systems including our end-to-end security solution. In this regard, we first identify and present the essential requirements of robust security solutions for healthcare IoT systems. We then analyze the performance of the state-of-the-art end-to-end security solutions (including our scheme) by developing a prototype healthcare IoT system
Privacy in rfid and mobile objects
Los sistemas RFID permiten la identificaciĂłn rĂĄpida y automĂĄtica de etiquetas RFID a travĂ©s de un canal de comunicaciĂłn inalĂĄmbrico. Dichas etiquetas son dispositivos con cierto poder de cĂłmputo y capacidad de almacenamiento de informaciĂłn. Es por ello que los objetos que contienen una etiqueta RFID adherida permiten la lectura de una cantidad rica y variada de datos que los describen y caracterizan, por ejemplo, un cĂłdigo Ășnico de identificaciĂłn, el nombre, el modelo o la fecha de expiraciĂłn. AdemĂĄs, esta informaciĂłn puede ser leĂda sin la necesidad de un contacto visual entre el lector y la etiqueta, lo cual agiliza considerablemente los procesos de inventariado, identificaciĂłn, o control automĂĄtico.
Para que el uso de la tecnologĂa RFID se generalice con Ă©xito, es conveniente cumplir con varios objetivos: eficiencia, seguridad y protecciĂłn de la privacidad. Sin embargo, el diseño de protocolos de identificaciĂłn seguros, privados, y escalables es un reto difĂcil de abordar dada las restricciones computacionales de las etiquetas RFID y su naturaleza inalĂĄmbrica. Es por ello que, en la presente tesis, partimos de protocolos de identificaciĂłn seguros y privados, y mostramos cĂłmo se puede lograr escalabilidad mediante una arquitectura distribuida y colaborativa. De este modo, la seguridad y la privacidad se alcanzan mediante el propio protocolo de identificaciĂłn, mientras que la escalabilidad se logra por medio de novedosos mĂ©todos colaborativos que consideran la posiciĂłn espacial y temporal de las etiquetas RFID.
Independientemente de los avances en protocolos inalĂĄmbricos de identificaciĂłn, existen ataques que pueden superar exitosamente cualquiera de estos protocolos sin necesidad de conocer o descubrir claves secretas vĂĄlidas ni de encontrar vulnerabilidades en sus implementaciones criptogrĂĄficas. La idea de estos ataques, conocidos como ataques de ârelayâ, consiste en crear inadvertidamente un puente de comunicaciĂłn entre una etiqueta legĂtima y un lector legĂtimo. De este modo, el adversario usa los derechos de la etiqueta legĂtima para pasar el protocolo de autenticaciĂłn usado por el lector. NĂłtese que, dada la naturaleza inalĂĄmbrica de los protocolos RFID, este tipo de ataques representa una amenaza importante a la seguridad en sistemas RFID. En esta tesis proponemos un nuevo protocolo que ademĂĄs de autenticaciĂłn realiza un chequeo de la distancia a la cual se encuentran el lector y la etiqueta. Este tipo de protocolos se conocen como protocolos de acotaciĂłn de distancia, los cuales no impiden este tipo de ataques, pero sĂ pueden frustrarlos con alta probabilidad.
Por Ășltimo, afrontamos los problemas de privacidad asociados con la publicaciĂłn de informaciĂłn recogida a travĂ©s de sistemas RFID. En particular, nos concentramos en datos de movilidad que tambiĂ©n pueden ser proporcionados por otros sistemas ampliamente usados tales como el sistema de posicionamiento global (GPS) y el sistema global de comunicaciones mĂłviles. Nuestra soluciĂłn se basa en la conocida nociĂłn de k-anonimato, alcanzada mediante permutaciones y microagregaciĂłn. Para este fin, definimos una novedosa funciĂłn de distancia entre trayectorias con la cual desarrollamos dos mĂ©todos diferentes de anonimizaciĂłn de trayectorias.Els sistemes RFID permeten la identificaciĂł rĂ pida i automĂ tica dâetiquetes RFID a travĂ©s dâun canal de comunicaciĂł sense fils. Aquestes etiquetes sĂłn dispositius amb cert poder de cĂČmput i amb capacitat dâemmagatzematge de informaciĂł. Es per aixĂČ que els objectes que porten una etiqueta RFID adherida permeten la lectura dâuna quantitat rica i variada de dades que els descriuen i caracteritzen, com per exemple un codi Ășnic dâidentificaciĂł, el nom, el model o la data dâexpiraciĂł. A mĂ©s, aquesta informaciĂł pot ser llegida sense la necessitat dâun contacte visual entre el lector i lâetiqueta, la qual cosa agilitza considerablement els processos dâinventariat, identificaciĂł o control automĂ tic.
Per a que lâĂșs de la tecnologia RFID es generalitzi amb Ăšxit, es convenient complir amb diversos objectius: eficiĂšncia, seguretat i protecciĂł de la privacitat. No obstant aixĂČ, el disseny de protocols dâidentificaciĂł segurs, privats i escalables, es un repte difĂcil dâabordar dades les restriccions computacionals de les etiquetes RFID i la seva naturalesa sense fils. Es per aixĂČ que, en la present tesi, partim de protocols dâidentificaciĂł segurs i privats, i mostrem com es pot aconseguir escalabilitat mitjançant una arquitectura distribuĂŻda i colâąlaborativa. Dâaquesta manera, la seguretat i la privacitat sâaconsegueixen mitjançant el propi protocol dâidentificaciĂł, mentre que lâescalabilitat sâaconsegueix per mitjĂ de nous protocols colâąlaboratius que consideren la posiciĂł espacial i temporal de les etiquetes RFID.
Independentment dels avenços en protocols dâidentificaciĂł sense fils, existeixen atacs que poden passar exitosament qualsevol dâaquests protocols sense necessitat de conĂšixer o descobrir claus secretes vĂ lides, ni de trobar vulnerabilitats a les seves implantacions criptogrĂ fiques. La idea dâaquestos atacs, coneguts com atacs de ârelayâ, consisteix en crear inadvertidament un pont de comunicaciĂł entre una etiqueta legĂtima i un lector legĂtim. Dâaquesta manera, lâadversari utilitza els drets de lâetiqueta legĂtima per passar el protocol dâautentificaciĂł utilitzat pel lector. Es important tindre en compte que, dada la naturalesa sense fils dels protocols RFID, aquests tipus dâatacs representen una amenaça important a la seguretat en sistemes RFID. En aquesta dissertaciĂł proposem un nou protocol que, a mĂ©s dâautentificaciĂł, realitza una revisiĂł de la distĂ ncia a la qual es troben el lector i lâetiqueta. Aquests tipus de protocols es coneixen com a âdistance-boulding protocolsâ, els quals no prevenen aquests tipus dâatacs, perĂČ si que poden frustrar-los amb alta probabilitat.
Per Ășltim, afrontem els problemes de privacitat associats amb la publicaciĂł de informaciĂł recolâąlectada a travĂ©s de sistemes RFID. En concret, ens concentrem en dades de mobilitat, que tambĂ© poden ser proveĂŻdes per altres sistemes Ă mpliament utilitzats tals com el sistema de posicionament global (GPS) i el sistema global de comunicacions mĂČbils. La nostra soluciĂł es basa en la coneguda nociĂł de privacitat âk-anonymityâ i parcialment en micro-agregaciĂł. Per a aquesta finalitat, definim una nova funciĂł de distĂ ncia entre trajectĂČries amb la qual desenvolupen dos mĂštodes diferents dâanonimitzaciĂł de trajectĂČries.Radio Frequency Identification (RFID) is a technology aimed at efficiently identifying and tracking goods and assets. Such identification may be performed without requiring line-of-sight alignment or physical contact between the RFID tag and the RFID reader, whilst tracking is naturally achieved due to the short interrogation field of RFID readers. That is why the reduction in price of the RFID tags has been accompanied with an increasing attention paid to this technology. However, since tags are resource-constrained devices sending identification data wirelessly, designing secure and private RFID identification protocols is a challenging task. This scenario is even more complex when scalability must be met by those protocols.
Assuming the existence of a lightweight, secure, private and scalable RFID identification protocol, there exist other concerns surrounding the RFID technology. Some of them arise from the technology itself, such as distance checking, but others are related to the potential of RFID systems to gather huge amount of tracking data. Publishing and mining such moving objects data is essential to improve efficiency of supervisory control, assets management and localisation, transportation, etc. However, obvious privacy threats arise if an individual can be linked with some of those published trajectories.
The present dissertation contributes to the design of algorithms and protocols aimed at dealing with the issues explained above. First, we propose a set of protocols and heuristics based on a distributed architecture that improve the efficiency of the identification process without compromising privacy or security. Moreover, we present a novel distance-bounding protocol based on graphs that is extremely low-resource consuming. Finally, we present two trajectory anonymisation methods aimed at preserving the individuals' privacy when their trajectories are released
CriptografĂa ligera en dispositivos de identificaciĂłn por radiofrecuencia- RFID
Esta tesis se centra en el estudio de la tecnologĂa de identificaciĂłn por radiofrecuencia (RFID), la cual puede ser considerada como una de las tecnologĂas mĂĄs prometedoras dentro del ĂĄrea de la computaciĂłn ubicua. La tecnologĂa RFID podrĂa ser el sustituto de los cĂłdigos de barras. Aunque la tecnologĂa RFID ofrece numerosas ventajas frente a otros sistemas de identificaciĂłn, su uso lleva asociados riesgos de seguridad, los cuales no son fĂĄciles de resolver. Los sistemas RFID pueden ser clasificados, atendiendo al coste de las etiquetas, distinguiendo principalmente entre etiquetas de alto coste y de bajo coste. Nuestra investigaciĂłn se centra fundamentalmente en estas Ășltimas. El estudio y anĂĄlisis del estado del arte nos ha permitido identificar la necesidad de desarrollar soluciones criptogrĂĄficas ligeras adecuadas para estos dispositivos limitados. El uso de soluciones criptogrĂĄficas estĂĄndar supone una aproximaciĂłn correcta desde un punto de vista puramente teĂłrico. Sin embargo, primitivas criptogrĂĄficas estĂĄndar (funciones resumen, cĂłdigo de autenticaciĂłn de mensajes, cifradores de bloque/flujo, etc.) exceden las capacidades de las etiquetas de bajo coste. Por tanto, es necesario el uso de criptografĂa ligera._______________________________________This thesis examines the security issues of Radio Frequency Identification
(RFID) technology, one of the most promising technologies in the field of
ubiquitous computing. Indeed, RFID technology may well replace barcode
technology. Although it offers many advantages over other identification
systems, there are also associated security risks that are not easy to address.
RFID systems can be classified according to tag price, with distinction
between high-cost and low-cost tags. Our research work focuses mainly
on low-cost RFID tags. An initial study and analysis of the state of the
art identifies the need for lightweight cryptographic solutions suitable for
these very constrained devices. From a purely theoretical point of view,
standard cryptographic solutions may be a correct approach. However,
standard cryptographic primitives (hash functions, message authentication
codes, block/stream ciphers, etc.) are quite demanding in terms of circuit
size, power consumption and memory size, so they make costly solutions
for low-cost RFID tags. Lightweight cryptography is therefore a pressing
need.
First, we analyze the security of the EPC Class-1 Generation-2 standard,
which is considered the universal standard for low-cost RFID tags.
Secondly, we cryptanalyze two new proposals, showing their unsuccessful
attempt to increase the security level of the specification without much further
hardware demands. Thirdly, we propose a new protocol resistant to
passive attacks and conforming to low-cost RFID tag requirements. In this
protocol, costly computations are only performed by the reader, and security
related computations in the tag are restricted to very simple operations.
The protocol is inspired in the family of Ultralightweight Mutual Authentication
Protocols (UMAP: M2AP, EMAP, LMAP) and the recently proposed
SASI protocol. The thesis also includes the first published cryptanalysis of
xi
SASI under the weakest attacker model, that is, a passive attacker. Fourthly,
we propose a new protocol resistant to both passive and active attacks and
suitable for moderate-cost RFID tags. We adapt Shieh et.âs protocol for
smart cards, taking into account the unique features of RFID systems. Finally,
because this protocol is based on the use of cryptographic primitives
and standard cryptographic primitives are not supported, we address the
design of lightweight cryptographic primitives. Specifically, we propose
a lightweight hash function (Tav-128) and a lightweight Pseudo-Random
Number Generator (LAMED and LAMED-EPC).We analyze their security
level and performance, as well as their hardware requirements and show that both could be realistically implemented, even in low-cost RFID tags
- âŠ