Criptografía ligera en dispositivos de identificación por radiofrecuencia- RFID

Esta tesis se centra en el estudio de la tecnología de identificación por radiofrecuencia (RFID), la cual puede ser considerada como una de las tecnologías más prometedoras dentro del área de la computación ubicua. La tecnología RFID podría ser el sustituto de los códigos de barras. Aunque la tecnología RFID ofrece numerosas ventajas frente a otros sistemas de identificación, su uso lleva asociados riesgos de seguridad, los cuales no son fáciles de resolver. Los sistemas RFID pueden ser clasificados, atendiendo al coste de las etiquetas, distinguiendo principalmente entre etiquetas de alto coste y de bajo coste. Nuestra investigación se centra fundamentalmente en estas últimas. El estudio y análisis del estado del arte nos ha permitido identificar la necesidad de desarrollar soluciones criptográficas ligeras adecuadas para estos dispositivos limitados. El uso de soluciones criptográficas estándar supone una aproximación correcta desde un punto de vista puramente teórico. Sin embargo, primitivas criptográficas estándar (funciones resumen, código de autenticación de mensajes, cifradores de bloque/flujo, etc.) exceden las capacidades de las etiquetas de bajo coste. Por tanto, es necesario el uso de criptografía ligera._______________________________________This thesis examines the security issues of Radio Frequency Identification (RFID) technology, one of the most promising technologies in the field of ubiquitous computing. Indeed, RFID technology may well replace barcode technology. Although it offers many advantages over other identification systems, there are also associated security risks that are not easy to address. RFID systems can be classified according to tag price, with distinction between high-cost and low-cost tags. Our research work focuses mainly on low-cost RFID tags. An initial study and analysis of the state of the art identifies the need for lightweight cryptographic solutions suitable for these very constrained devices. From a purely theoretical point of view, standard cryptographic solutions may be a correct approach. However, standard cryptographic primitives (hash functions, message authentication codes, block/stream ciphers, etc.) are quite demanding in terms of circuit size, power consumption and memory size, so they make costly solutions for low-cost RFID tags. Lightweight cryptography is therefore a pressing need. First, we analyze the security of the EPC Class-1 Generation-2 standard, which is considered the universal standard for low-cost RFID tags. Secondly, we cryptanalyze two new proposals, showing their unsuccessful attempt to increase the security level of the specification without much further hardware demands. Thirdly, we propose a new protocol resistant to passive attacks and conforming to low-cost RFID tag requirements. In this protocol, costly computations are only performed by the reader, and security related computations in the tag are restricted to very simple operations. The protocol is inspired in the family of Ultralightweight Mutual Authentication Protocols (UMAP: M2AP, EMAP, LMAP) and the recently proposed SASI protocol. The thesis also includes the first published cryptanalysis of xi SASI under the weakest attacker model, that is, a passive attacker. Fourthly, we propose a new protocol resistant to both passive and active attacks and suitable for moderate-cost RFID tags. We adapt Shieh et.’s protocol for smart cards, taking into account the unique features of RFID systems. Finally, because this protocol is based on the use of cryptographic primitives and standard cryptographic primitives are not supported, we address the design of lightweight cryptographic primitives. Specifically, we propose a lightweight hash function (Tav-128) and a lightweight Pseudo-Random Number Generator (LAMED and LAMED-EPC).We analyze their security level and performance, as well as their hardware requirements and show that both could be realistically implemented, even in low-cost RFID tags

Security protocols for EPC class-1 Gen-2 RFID multi-tag systems

The objective of the research is to develop security protocols for EPC C1G2 RFID Passive Tags in the areas of ownership transfer and grouping proof

Using Yoking Proof Mechanism of RFID to Design Various Applications

由於無線射頻率識別（RFID）技術可以快速地識別一個物件，而毋需實體接觸，它提供有效的身份驗證的單個物件。目前有許多實際應用的RFID系統在各個領域，如供應鏈和醫療系統的應用。在本論文中，我們使用RFID應用在海關檢查和用藥安全。我們所提出的機制適用於群體的驗證 第一個協定改善原有的yoking proof機制來證明在同一個空間中同時共存兩個或兩個以上的RFID標籤。該協定可以確保所有的小組成員同時存在，以防止遺失。此外，該方案不僅符合EPCglobal的C1G2標準的標準，但還能夠抵抗已知的攻擊。此外，藉由改善後的yoking proof機制，我們的協定能夠實現前向保密性以及減少人力需求。 第二個協定採用符合C1G2標準的RFID標準和yoking proof 技術，證明司機是貨櫃和貨車的擁有者，然後檢查每個成員(司機, 貨櫃,貨車)合法與否。該協定可以讓海關在貨櫃場快速檢查貨櫃達到快速盤點的目的。此外，該協定使用RFID符合C1G2標籤標準和合適的相互認證與安全性較高，因此海關不需要支援複雜和昂貴的設備。而且海關可以防止盜竊。 在第三個協定中，我們使用了RFID yoking防範機制以提高病人的安全和減少醫療錯誤，並且符合EPCglobal class1 generation 2。該協定不僅能提供更高質量的醫療服務，並提供了不可抵賴性的功能，以保護病人的利益。 在這三部份的應用，都可以有效地解決目前常見的問題-貨品遺失、檢查貨櫃，用藥安全再加上符合C1G2標準RFID的低成本運算，此三項協定都可以有效防堵已知的攻擊，更讓此兩項應用具更高的實用價值。As Radio-Frequency Identification (RFID) can quickly identify an object without requiring physical contact; it provides efficient identification to verify individual objects. There are currently numerous practical applications for RFID systems in various domains such as a supply-chain system and medical application. Therefore, we use the RFID application in the custom check and medical system. Our proposed mechanism is used to authenticate the each member of group. The first scheme improves yoking proof mechanism to generate coexistence proofs demonstrating two or more RFID tags simultaneously in same place. The proposed protocol can ensure all of group members presented simultaneously to prevent the lost. In addition, the proposed scheme not only conforms to EPCglobal C1G2 standards, but also resists known attacks. Furthermore, our scheme can achieve forward secrecy and reduce manpower requirements by our improved yoking proof mechanism. The second scheme adopts RFID conforming to C1G2 standards and yoking proofs technology to prove the driver is the owner of the container and car, and then check if each member (driver, container and car) is legal or not. The proposed protocol can quickly check the containers for the custom in the container pool. In addition, this protocol uses RFID conforming to C1G2 standards and provides mutual authentication with higher security such that the custom needs not support complex and expensive equipments. And then the custom can prevent from container-stealing. In the third scheme, we use an RFID yoking proof mechanism which conforms to EPCglobal C1G2 standards to improve the patient safety and reduce medical errors. The proposed scheme can offer higher quality of medical care and provides a non-repudiation property to protect the patients' interests. Because the proposed protocols can solve the problems - lost of goods, container check and medical errors, low cost and resist the known attacks, our schemes achieve higher practical value.Table of Contents 中文摘要 i Abstract ii Table of Contents iii List of Tables vi List of Figures vii Chapter 1 Introduction 1 1.1. Motivations 1 1.2. Thesis Organization 2 Chapter 2 The introduction of RFID 3 2.1. The basis knowledge of RFID 3 2.2. The introduction of RFID attacks 4 2.3. The basis knowledge of yoking proofs 5 2.4. The derivative of Juels’s yoking proofs 6 Chapter 3 8 An RFID system yoking proof conforming EPCglobal C1G2 standards 8 3.1. The introduction of our improved yoking proof 8 3.2. The proposed scheme of our improved yoking proof 8 3.2.1. Notation 10 3.2.2. Registration phase 11 3.2.3. Yoking proof phase 11 3.3. Security, mechanism analyses and discussions of our improved yoking proof 18 3.3.1. Security analyses 18 3.3.2. Mechanism analyses 23 3.3.3. Discussions 25 3.3.3.1. Security comparison issue 25 3.3.3.2. Mechanism comparison issue 26 3.3.3.3. Time complexity issue 26 3.4. The conclusion of our improved yoking proof 26 Chapter 4 29 RFID yoking proof technology: supply-chain applications for customs check 29 4.1. The introduction of custom system 29 4.2. The proposed scheme of custom system 29 4.2.1. Notation 31 4.2.2. Initial phase 32 4.2.3. Authentication phase 32 4.3. Security, mechanism analyses and discussions of our custom system 37 4.3.1. Security analyses 37 4.3.2. Mechanism analyses 40 4.3.2. Discussions 42 4.3.3.1. Security comparison issue 42 4.3.3.2. Mechanism comparison issue 42 4.3.3.3. Time complexity issue 43 4.4. The conclusion of our custom system 43 Chapter 5 45 Using RFID yoking proof protocol to enhance inpatient medication safety 45 5.1. The introduction of medical system 45 5.2. The proposed scheme of medical system 45 5.2.1. Notation 48 5.2.2. Initial phase 49 5.2.3. Login phase 51 5.2.3. Authentication phase 54 5.3. Security, mechanism analyses and discussions of our medical system 58 5.3.1. Security analyses 58 5.3.2. Mechanism analyses 61 5.3.3. Discussions 63 5.3.3.1. Security comparison issue 63 5.3.3.2. Mechanism comparison issue 63 5.3.3.3. Time complexity issue 64 5.4. The conclusion of our medical system 65 Chapter 6 Conclusions 66 References 68 List of Tables Table 1: The security comparison of our improved yoking proof 25 Table 2: The mechanism comparison of our improved yoking proof 26 Table 3:The time complexity of our improved yoking proof 27 Table 4: The security comparison of the custom system 42 Table 5: The mechanism comparison of the custom system 42 Table 6:The time complexity of the custom system 43 Table 7: The non-repudiation proofs of the transaction 62 Table 8: The security comparison of the related yoking-proof schemes 63 Table 9: The mechanism comparison of related yoking-proof schemes 64 Table 10:The time complexity of related yoking-proof schemes 64 List of Figures Fig. 1 The overview of Juels’s scheme 7 Fig. 2 The overview of our improved yoking proof 9 Fig. 3 The overview of the register phase of our improved yoking proof 11 Fig. 4 The first part of the yoking proof phase of our improved yoking proof 13 Fig. 5 The second part of the yoking proof phase of our improved yoking proof 14 Fig. 6 The overview of our custom system 30 Fig. 7 The first part of the authentication phase of our custom system 31 Fig. 8 The second part of the authentication phase of our custom system 33 Fig. 9 The overview of our medical system 47 Fig. 10 The overview of the initial phase of our medical system 50 Fig. 11 The overview of the login phase of our medical system 52 Fig. 12 The overview of the authentication phase of our medical system 5