CRYPTANALYSIS AND ENHANCEMENT OF TWO LOW COST RFID AUTHENTICATION PROTOCOLS

ABSTRAC

Security Analysis of RAPP An RFID Authentication Protocol based on Permutation

One of the key problems in Radio Frequency Identification(RFID) is security and privacy. Many RFID authentication protocols have been proposed to preserve security and privacy of the system. Nevertheless, most of these protocols are analyzed and it is shown that they can not provide security against some RFID attacks. RAPP is a new ultralightweight authentication protocol with permutation. In RAPP, only three operations are involved: bitwise XOR, left rotation and permutation. In this paper, we give an active attack on RAPP. We first collect some authentication messages through impersonating valid tag and readers; Then we forge valid reader to communicate with the tag about times. Using the property of the left rotation and permutation operation, we can deduce the relationship of bits of random number or secret keys at different positions, thus obtain all the secret shared by the reader and the tag

On the Security of RFID Anti Cloning Security Protocol(ACSP)

Recently Qian et al. have proposed a new attack for RFID systems, called counting attack, where the attacker just aims to estimate the number of tagged objects instead of steal the tags\u27 private information. They have stated that most of the existing RFID mutual authentication protocols are vulnerable to this attack. To defend against counting attack, they propose a novel Anti-Counting Security Protocol called ACSP. The designers of ACSP have claimed that their protocol is resistant against counting attack and also the other known RFID security threats. However in this paper we present the following efficient attacks against this protocol: 1) Tag impersonation attack: the success probability of attack is 1 while the complexity is two runs of protocol. 2) Two single tag de-synchronization attacks, the success probability of both attacks are 1 while the complexity is at most two runs of protocol. 3)Group of tags de-synchronization attack: this attack, which can de-synchronize all tags in the range at once, has success probability of 1 while its complexity is one run of protocol. 4) Traceability attack: the adversary\u27s advantage in this attack is almost 0.5 , which is almost the maximum of possible advantages for an adversary in the same model. The complexity of attack is three runs of protoco

Design And Implementation Of A Secure Uhf Rfid Protocol On Fpga

Tez (Yüksek Lisans) -- İstanbul Teknik Üniversitesi, Fen Bilimleri Enstitüsü, 2013Thesis (M.Sc.) -- İstanbul Technical University, Institute of Science and Technology, 2013Tezin ilk aşamasında, yeni okuyucu ve etiket yapılarının geliştirilmesinin ardından güvenli bir UHF RFID sisteminin FPGA üzerinde tasarımı yapılmış ve gerçeklenmiştir. Haberleşme mesafesini geniş ve güvenlik seviyesini yüksek tutmak amacıyla sistem tasarımında aktif etiket yapısı kullanılmıştır. Avrupa UHF RFID standartları göz önüne alınarak merkez frekansı 868MHz olarak belirlenmiştir. Düşük güç tüketimi ve ayarlanabilir çalışma noktası özelliklerine bağlı olarak Okuyucu ve etiket yapılarının alıcı verici katlarında RFM22B modülleri kullanılmıştır. Işlem kapasitesinin yüksek tutulması amacıyla mikroişlemci katında FPGA kitleri kullanılmıştır. Haberleşme protokolünde 2 yönlü doğrulama yapan bir protokol tercih edilmiştir. Iletilen verinin sifrelenmesi Tiny Encryption Algorithm ile gerçekleştirilmiştir. Sonuç olarak 64 bit veri ile kimlik doğrulama işlemi gerçekleştiren bir RFID sistemi başarıyla gerçeklenmiştir. Tezin ikinci aşamasında okuyucuya karşı yeniden oynatma atakları yapılmıştır. Bu ataklar ile asıl etiketin yerine geçilerek okuyucunun gerçek etiket ile haberleştiğine inandırılması amaçlanmıştır. Bu amaçla, daha önceden tasarlanan okuyucu ve etiket yapılarına benzer bir atak birimi tasarlanmış ve öncelikli olarak okuyucu-etiket arasındaki haberleşme 1000 defa dinlenmiştir. Dinleme sonucu elde edilen verilen bilgisayar ortamında saklanmıştır. Sonrasında, asıl etiketin aktif olmadığı durumda, atak birimi okuyucudan gelen veriyi daha önceden kaydedilen veriyle karşılaştırmış ve eşleşme olduğu takdirde bahsedilen okuyucu verisine cevap olan etiket verisini okuyucuya geri göndermiştir. Sonuç olarak tasarlanan RFID sisteminin yeniden oynatma ataklarına karşı güvenilirliği arttırılmıştır.Design and implementation of a secure UHF RFID system was accomplished in first phase of the thesis, by proposing new reader and transponder hardware. Active tag architecture was preferred in system design to keep the communication range long and security level high. 868 MHz center frequency is selected for system operation considering European UHF band RFID regulations defined by European Telecommunication Standards Institute (ETSI). RFM22B transceiver modules were decided on and used for RF front-end stages of reader and tag taking into low power consumption and flexible operating features. FPGA boards formed up microcontroller part of designed reader and tag to keep the computational power substantially high. A communication protocol with two way authentication mechanism was used between receiver and transmitter devices. Tiny Encryption Algorithm was preferred in the design to secure the transmitted data. As a result, a secure RFID system with 64 byte authentication procedure was implemented. In second part, attack studies were held on designed system. The aim of the attacks were to impersonate the original tag with an attack device and convince the reader that original tag is in range of communication. To accomplish replay attacks, an attack device similar to the reader and tag architecture, was designed and prepared for operation. Firstly, reader and tag data was listened by attack device and sent to a personal computer for storage over serial communication link. Later on, stored data is replayed back to the reader when the original tag was out of communication range.Yüksek LisansM.Sc