Novel Cryptographic Authentication Mechanisms for Supply Chains and OpenStack

In this dissertation, first, we studied the Radio-Frequency Identification (RFID) tag authentication problem in supply chains. RFID tags have been widely used as a low-cost wireless method for detecting counterfeit product injection in supply chains. We open a new direction toward solving this problem by using the Non-Volatile Memory (NVM) of recent RFID tags. We propose a method based on this direction that significantly improves the availability of the system and costs less. In our method, we introduce the notion of Software Unclonability, which is a kind of one-time MAC for authenticating random inputs. Also, we introduce three lightweight constructions that are software unclonable. Second, we focus on OpenStack that is a prestigious open-source cloud platform. OpenStack takes advantage of some tokening mechanisms to establish trust between its modules and users. It turns out that when an adversary captures user tokens by exploiting a bug in a module, he gets extreme power on behalf of users. Here, we propose a novel tokening mechanism that ties commands to tokens and enables OpenStack to support short life tokens while it keeps the performance up

Survey on Prominent RFID Authentication Protocols for Passive Tags

Radio Frequency Identification (RFID) is one of the leading technologies in the Internet of Things (IoT) to create an efficient and reliable system to securely identify objects in many environments such as business, health, and manufacturing areas. Recent RFID authentication protocols have been proposed to satisfy the security features of RFID communication. In this article, we identify and review some of the most recent and enhanced authentication protocols that mainly focus on the authentication between a reader and a tag. However, the scope of this survey includes only passive tags protocols, due to the large scale of the RFID framework. We examined some of the recent RFID protocols in term of security requirements, computation, and attack resistance. We conclude that only five protocols resist all of the major attacks, while only one protocol satisfies all of the security requirements of the RFID system.http://dx.doi.org/10.3390/s1810358

Self-powered Time-Keeping and Time-of-Occurrence Sensing

Self-powered and passive Internet-of-Things (IoT) devices (e.g. RFID tags, financial assets, wireless sensors and surface-mount devices) have been widely deployed in our everyday and industrial applications. While diverse functionalities have been implemented in passive systems, the lack of a reference clock limits the design space of such devices used for applications such as time-stamping sensing, recording and dynamic authentication. Self-powered time-keeping in passive systems has been challenging because they do not have access to continuous power sources. While energy transducers can harvest power from ambient environment, the intermittent power cannot support continuous operation for reference clocks. The thesis of this dissertation is to implement self-powered time-keeping devices on standard CMOS processes. In this dissertation, a novel device that combines the physics of quantum tunneling and floating-gate (FG) structures is proposed for self-powered time-keeping in CMOS process. The proposed device is based on thermally assisted Fowler-Nordheim (FN) tunneling process across high-quality oxide layer to discharge the floating-gate node, therefore resulting in a time-dependent FG potential. The device was fully characterized in this dissertation, and it does not require external powering during runtime, making it feasible for passive devices and systems. Dynamic signature based on the synchronization and desynchronization behavior of the FN timer is proposed for authentication of IoT devices. The self-compensating physics ensure that when distributed timers are subjected to identical environment variances that are common-mode noise, they can maintain synchronization with respect to each other. On the contrary, different environment conditions will desynchronize the timers creating unique signatures. The signatures could be used to differentiate between products that belong to different supply-chains or products that were subjected to malicious tampering. SecureID type dynamic authentication protocols based on the signature generated by the FN timers are proposed and they are proven to be robust to most attacks. The protocols are further analyzed to be lightweight enough for passive devices whose computational sources are limited. The device could also be applied for self-powered sensing of time-of-occurrence. The prototype was verified by integrating the device with a self-powered mechanical sensor to sense and record time-of-occurrence of mechanical events. The system-on-chip design uses the timer output to modulate a linear injector to stamp the time information into the sensing results. Time-of-occurrence can be reconstructed by training the mathematical model and then applying that to the test data. The design was verified to have a high reconstruction accuracy

Criptografía ligera en dispositivos de identificación por radiofrecuencia- RFID

Esta tesis se centra en el estudio de la tecnología de identificación por radiofrecuencia (RFID), la cual puede ser considerada como una de las tecnologías más prometedoras dentro del área de la computación ubicua. La tecnología RFID podría ser el sustituto de los códigos de barras. Aunque la tecnología RFID ofrece numerosas ventajas frente a otros sistemas de identificación, su uso lleva asociados riesgos de seguridad, los cuales no son fáciles de resolver. Los sistemas RFID pueden ser clasificados, atendiendo al coste de las etiquetas, distinguiendo principalmente entre etiquetas de alto coste y de bajo coste. Nuestra investigación se centra fundamentalmente en estas últimas. El estudio y análisis del estado del arte nos ha permitido identificar la necesidad de desarrollar soluciones criptográficas ligeras adecuadas para estos dispositivos limitados. El uso de soluciones criptográficas estándar supone una aproximación correcta desde un punto de vista puramente teórico. Sin embargo, primitivas criptográficas estándar (funciones resumen, código de autenticación de mensajes, cifradores de bloque/flujo, etc.) exceden las capacidades de las etiquetas de bajo coste. Por tanto, es necesario el uso de criptografía ligera._______________________________________This thesis examines the security issues of Radio Frequency Identification (RFID) technology, one of the most promising technologies in the field of ubiquitous computing. Indeed, RFID technology may well replace barcode technology. Although it offers many advantages over other identification systems, there are also associated security risks that are not easy to address. RFID systems can be classified according to tag price, with distinction between high-cost and low-cost tags. Our research work focuses mainly on low-cost RFID tags. An initial study and analysis of the state of the art identifies the need for lightweight cryptographic solutions suitable for these very constrained devices. From a purely theoretical point of view, standard cryptographic solutions may be a correct approach. However, standard cryptographic primitives (hash functions, message authentication codes, block/stream ciphers, etc.) are quite demanding in terms of circuit size, power consumption and memory size, so they make costly solutions for low-cost RFID tags. Lightweight cryptography is therefore a pressing need. First, we analyze the security of the EPC Class-1 Generation-2 standard, which is considered the universal standard for low-cost RFID tags. Secondly, we cryptanalyze two new proposals, showing their unsuccessful attempt to increase the security level of the specification without much further hardware demands. Thirdly, we propose a new protocol resistant to passive attacks and conforming to low-cost RFID tag requirements. In this protocol, costly computations are only performed by the reader, and security related computations in the tag are restricted to very simple operations. The protocol is inspired in the family of Ultralightweight Mutual Authentication Protocols (UMAP: M2AP, EMAP, LMAP) and the recently proposed SASI protocol. The thesis also includes the first published cryptanalysis of xi SASI under the weakest attacker model, that is, a passive attacker. Fourthly, we propose a new protocol resistant to both passive and active attacks and suitable for moderate-cost RFID tags. We adapt Shieh et.’s protocol for smart cards, taking into account the unique features of RFID systems. Finally, because this protocol is based on the use of cryptographic primitives and standard cryptographic primitives are not supported, we address the design of lightweight cryptographic primitives. Specifically, we propose a lightweight hash function (Tav-128) and a lightweight Pseudo-Random Number Generator (LAMED and LAMED-EPC).We analyze their security level and performance, as well as their hardware requirements and show that both could be realistically implemented, even in low-cost RFID tags

SLEC: A Novel Serverless RFID Authentication Protocol Based on Elliptic Curve Cryptography

Internet of Things (IoT) is a new paradigm that has been evolving into the wireless sensor networks to expand the scope of networked devices (or things). This evolution drives communication engineers to design secure and reliable communication at a low cost for many network applications such as radio frequency identification (RFID). In the RFID system, servers, readers, and tags communicate wirelessly. Therefore, mutual authentication is necessary to ensure secure communication. Normally, a central server supports the authentication of readers and tags by distributing and managing the credentials. Recent lightweight RFID authentication protocols have been proposed to satisfy the security features of RFID networks. Using a serverless RFID system is an alternative solution to using a central server. In this model, both the reader and the tag perform mutual authentication without the need for the central server. However, many security challenges arise from implementing lightweight authentication protocols in serverless RFID systems. We propose a new secure serverless RFID authentication protocol based on the famous elliptic curve cryptography (ECC). The protocol also maintains the confidentiality and privacy of the messages, tag information, and location. Although most of the current serverless protocols assume secure channels in the setup phase, we assume an insecure environment during the setup phase between the servers, readers, and tags. We ensure that the credentials can be renewed by any checkpoint server in the mobile RFID network. Thus, we implement ECC in the setup phase (renewal phase), to transmit and store the communication credentials of the server to multiple readers so that the tags can perform the mutual authentication successfully while far from the server. The proposed protocol is compared with other serverless frameworks proposed in the literature in terms of computation cost and attacks resistance.http://dx.doi.org/10.3390/electronics810116

Security protocols for EPC class-1 Gen-2 RFID multi-tag systems

The objective of the research is to develop security protocols for EPC C1G2 RFID Passive Tags in the areas of ownership transfer and grouping proof

A control theoretic approach for security of cyber-physical systems

In this dissertation, several novel defense methodologies for cyber-physical systems have been proposed. First, a special type of cyber-physical system, the RFID system, is considered for which a lightweight mutual authentication and ownership management protocol is proposed in order to protect the data confidentiality and integrity. Then considering the fact that the protection of the data confidentiality and integrity is insufficient to guarantee the security in cyber-physical systems, we turn to the development of a general framework for developing security schemes for cyber-physical systems wherein the cyber system states affect the physical system and vice versa. After that, we apply this general framework by selecting the traffic flow as the cyber system state and a novel attack detection scheme that is capable of capturing the abnormality in the traffic flow in those communication links due to a class of attacks has been proposed. On the other hand, an attack detection scheme that is capable of detecting both sensor and actuator attacks is proposed for the physical system in the presence of network induced delays and packet losses. Next, an attack detection scheme is proposed when the network parameters are unknown by using an optimal Q-learning approach. Finally, this attack detection and accommodation scheme has been further extended to the case where the network is modeled as a nonlinear system with unknown system dynamics --Abstract, page iv

Advanced Radio Frequency Identification Design and Applications

Radio Frequency Identification (RFID) is a modern wireless data transmission and reception technique for applications including automatic identification, asset tracking and security surveillance. This book focuses on the advances in RFID tag antenna and ASIC design, novel chipless RFID tag design, security protocol enhancements along with some novel applications of RFID