367 research outputs found
Cryptanalysis of two mutual authentication protocols for low-cost RFID
Radio Frequency Identification (RFID) is appearing as a favorite technology
for automated identification, which can be widely applied to many applications
such as e-passport, supply chain management and ticketing. However, researchers
have found many security and privacy problems along RFID technology. In recent
years, many researchers are interested in RFID authentication protocols and
their security flaws. In this paper, we analyze two of the newest RFID
authentication protocols which proposed by Fu et al. and Li et al. from several
security viewpoints. We present different attacks such as desynchronization
attack and privacy analysis over these protocols.Comment: 17 pages, 2 figures, 1 table, International Journal of Distributed
and Parallel system
SecuCode: Intrinsic PUF Entangled Secure Wireless Code Dissemination for Computational RFID Devices
The simplicity of deployment and perpetual operation of energy harvesting
devices provides a compelling proposition for a new class of edge devices for
the Internet of Things. In particular, Computational Radio Frequency
Identification (CRFID) devices are an emerging class of battery-free,
computational, sensing enhanced devices that harvest all of their energy for
operation. Despite wireless connectivity and powering, secure wireless firmware
updates remains an open challenge for CRFID devices due to: intermittent
powering, limited computational capabilities, and the absence of a supervisory
operating system. We present, for the first time, a secure wireless code
dissemination (SecuCode) mechanism for CRFIDs by entangling a device intrinsic
hardware security primitive Static Random Access Memory Physical Unclonable
Function (SRAM PUF) to a firmware update protocol. The design of SecuCode: i)
overcomes the resource-constrained and intermittently powered nature of the
CRFID devices; ii) is fully compatible with existing communication protocols
employed by CRFID devices in particular, ISO-18000-6C protocol; and ii) is
built upon a standard and industry compliant firmware compilation and update
method realized by extending a recent framework for firmware updates provided
by Texas Instruments. We build an end-to-end SecuCode implementation and
conduct extensive experiments to demonstrate standards compliance, evaluate
performance and security.Comment: Accepted to the IEEE Transactions on Dependable and Secure Computin
SLRV: An RFID Mutual Authentication Protocol Conforming to EPC Generation-2 Standard
Having done an analysis on the security vulnerabilities of Radio Frequency Identification (RFID) through a desynchronization and an impersonation attacks, it is revealed that the secret information (i.e.: secret key and static identifier) shared between the tag and the reader is unnecessary. To overcome the vulnerability, this paper introduces Shelled Lightweight Random Value (SLRV) protocol; a mutual authentication protocol with high-security potentials conforming to  electronic product code (EPC) Class-1 Generation-2 Tags, based on lightweight and standard cryptography on the tagâs and readerâs side, respectively. SLRV prunes de-synchronization attacks where the updating of internal values is only executed on the tagâs side and is a condition to a successful mutual authentication. Results of security analysis of SLRV, and comparison with existing protocols, are presented
Privacy Guaranteed Mutual Authentication on EPCglobal Class 1 Gen 2 Scheme
Concerning the security weakness of EPC scheme especially on privacy concerned applications, an anonymous mutual authentication protocol is proposed for light-weight security inauguration on Class 1 Gen 2 UHF RFID (EPC C1G2) scheme. By utilizing the existing functions and memory bank of tag, we amend the processing sequence based on current EPC architecture. And an auto-updating index number IDS is enrolled to provide privacy protection to EPC code. A light weight encryption algorithm utilizing tagpsilas existing PRNG and keys are introduced for mutual authentication. Several attacks to the RFID solutions can be effectively resolved through our improvement.published_or_final_versio
SLEC: A Novel Serverless RFID Authentication Protocol Based on Elliptic Curve Cryptography
Radio Frequency Identification (RFID) is one of the leading technologies in the Internet of Things (IoT) to create an efficient and reliable system to securely identify objects in many environments such as business, health, and manufacturing areas. Since the RFID server, reader, and tag communicate via insecure channels, mutual authentication between the reader and the tag is necessary for secure communication. The central database server supports the authentication of the reader and the tag by storing and managing the network data. Recent lightweight RFID authentication protocols have been proposed to satisfy the security features of RFID communication. A serverless RFID system is a new promising solution to alternate the central database for mobile RFID models. In this model, the reader and the tag perform the mutual authentication without the support of the central database server. However, many security challenges arise from implementing the lightweight RFID authentication protocols in the serverless RFID network. We propose a new robust serverless RFID authentication protocol based on the Elliptic Curve Cryptography (ECC) to prevent the security attacks on the network and maintain the confidentiality and the privacy of the authentication messages and tag information and location. While most of the current protocols assume a secure channel in the setup phase to transmit the communication data, we consider in our protocol an insecure setup phase between the server, reader, and tag to ensure that the data can be renewed from any checkpoint server along with the route of the mobile RFID network. Thus, we implemented the elliptic curve cryptography in the setup phase (renewal phase) to transmit and store the data and the public key of the server to any reader or tag so that the latter can perform the mutual authentication successfully. The proposed model is compared under the classification of the serverless model in term of computation cost and security resistance
CriptografĂa ligera en dispositivos de identificaciĂłn por radiofrecuencia- RFID
Esta tesis se centra en el estudio de la tecnologĂa de identificaciĂłn por radiofrecuencia (RFID), la cual puede ser considerada como una de las tecnologĂas mĂĄs prometedoras dentro del ĂĄrea de la computaciĂłn ubicua. La tecnologĂa RFID podrĂa ser el sustituto de los cĂłdigos de barras. Aunque la tecnologĂa RFID ofrece numerosas ventajas frente a otros sistemas de identificaciĂłn, su uso lleva asociados riesgos de seguridad, los cuales no son fĂĄciles de resolver. Los sistemas RFID pueden ser clasificados, atendiendo al coste de las etiquetas, distinguiendo principalmente entre etiquetas de alto coste y de bajo coste. Nuestra investigaciĂłn se centra fundamentalmente en estas Ășltimas. El estudio y anĂĄlisis del estado del arte nos ha permitido identificar la necesidad de desarrollar soluciones criptogrĂĄficas ligeras adecuadas para estos dispositivos limitados. El uso de soluciones criptogrĂĄficas estĂĄndar supone una aproximaciĂłn correcta desde un punto de vista puramente teĂłrico. Sin embargo, primitivas criptogrĂĄficas estĂĄndar (funciones resumen, cĂłdigo de autenticaciĂłn de mensajes, cifradores de bloque/flujo, etc.) exceden las capacidades de las etiquetas de bajo coste. Por tanto, es necesario el uso de criptografĂa ligera._______________________________________This thesis examines the security issues of Radio Frequency Identification
(RFID) technology, one of the most promising technologies in the field of
ubiquitous computing. Indeed, RFID technology may well replace barcode
technology. Although it offers many advantages over other identification
systems, there are also associated security risks that are not easy to address.
RFID systems can be classified according to tag price, with distinction
between high-cost and low-cost tags. Our research work focuses mainly
on low-cost RFID tags. An initial study and analysis of the state of the
art identifies the need for lightweight cryptographic solutions suitable for
these very constrained devices. From a purely theoretical point of view,
standard cryptographic solutions may be a correct approach. However,
standard cryptographic primitives (hash functions, message authentication
codes, block/stream ciphers, etc.) are quite demanding in terms of circuit
size, power consumption and memory size, so they make costly solutions
for low-cost RFID tags. Lightweight cryptography is therefore a pressing
need.
First, we analyze the security of the EPC Class-1 Generation-2 standard,
which is considered the universal standard for low-cost RFID tags.
Secondly, we cryptanalyze two new proposals, showing their unsuccessful
attempt to increase the security level of the specification without much further
hardware demands. Thirdly, we propose a new protocol resistant to
passive attacks and conforming to low-cost RFID tag requirements. In this
protocol, costly computations are only performed by the reader, and security
related computations in the tag are restricted to very simple operations.
The protocol is inspired in the family of Ultralightweight Mutual Authentication
Protocols (UMAP: M2AP, EMAP, LMAP) and the recently proposed
SASI protocol. The thesis also includes the first published cryptanalysis of
xi
SASI under the weakest attacker model, that is, a passive attacker. Fourthly,
we propose a new protocol resistant to both passive and active attacks and
suitable for moderate-cost RFID tags. We adapt Shieh et.âs protocol for
smart cards, taking into account the unique features of RFID systems. Finally,
because this protocol is based on the use of cryptographic primitives
and standard cryptographic primitives are not supported, we address the
design of lightweight cryptographic primitives. Specifically, we propose
a lightweight hash function (Tav-128) and a lightweight Pseudo-Random
Number Generator (LAMED and LAMED-EPC).We analyze their security
level and performance, as well as their hardware requirements and show that both could be realistically implemented, even in low-cost RFID tags
- âŠ