ENERGY-EFFICIENT CRYPTOGRAPHIC PRIMITIVES

Our society greatly depends on services and applications provided by mobile communication networks. As billions of people and devices become connected, it becomes increasingly important to guarantee security of interactions of all players. In this talk we address several aspects of this important, many-folded problem. First, we show how to design cryptographic primitives which can assure integrity and confidentiality of transmitted messages while satisfying resource constrains of low-end low-cost wireless devices such as sensors or RFID tags. Second, we describe counter measures which can enhance the resistance of hardware implementing cryptographic algorithms to hardware Trojans

Secured e-payment system based on automated authentication data and iterated salted hash algorithm

Electronic payment has been considered as one of the most significant and convenient applications of modern electronic services e-University compared to traditional methods that impose time-consuming, human resources, and inefficiency. Different automatic identification technologies have been widely used, such as radio frequency identification (RFID). Extensive research and several applications are focusing on taking the maximum advantage of RFID technology. Data and information security had considered a crucial role when information concerning e-commerce, e-banking, or e-payments, especially due to it required real data to establish accessed illegally. Hence, data originality and security fall a very significant and critical issue in data communication services in recent years. Applications such as e-banking or e-commerce regularly contain sensitive and personal information that should be managed and controlled by authorized persons. Thus, keeping a secure password is important to prevent unauthorized users from illegal access. The password hashing is one of the safety methods and means of preventing attacks. In this article, focuses on proposing an RFID based electronic payment and also provide multi-level security privileges for an academic domain by using RFID technology besides the programmable logic circuit as well the system used VB.Net C# environment also desktop and web-based application for system working purposes. The proposed system aims to manage student payments in a secure manner and provides the capabilities of getting a bus ticket, copying books, buying food, paying registration fees, and other services. The results have shown the system is secured by using the confirmation code in addition to password encryption

Survey on Lightweight Primitives and Protocols for RFID in Wireless Sensor Networks

The use of radio frequency identification (RFID) technologies is becoming widespread in all kind of wireless network-based applications. As expected, applications based on sensor networks, ad-hoc or mobile ad hoc networks (MANETs) can be highly benefited from the adoption of RFID solutions. There is a strong need to employ lightweight cryptographic primitives for many security applications because of the tight cost and constrained resource requirement of sensor based networks. This paper mainly focuses on the security analysis of lightweight protocols and algorithms proposed for the security of RFID systems. A large number of research solutions have been proposed to implement lightweight cryptographic primitives and protocols in sensor and RFID integration based resource constraint networks. In this work, an overview of the currently discussed lightweight primitives and their attributes has been done. These primitives and protocols have been compared based on gate equivalents (GEs), power, technology, strengths, weaknesses and attacks. Further, an integration of primitives and protocols is compared with the possibilities of their applications in practical scenarios

Evaluation and Cryptanalysis of the Pandaka Lightweight Cipher

There is a growing need to develop lightweight cryptographic primitives suitable for resource-constrained devices permeating in increasing numbers into the fabric of life. Such devices are exemplified none more so than by batteryless radio frequency identification (RFID) tags in applications ranging from automatic identification and monitoring to anti-counterfeiting. Pandaka is a lightweight cipher together with a protocol proposed in INFOCOM 2014 for extremely resource limited RFID tags. It is designed to reduce the hardware cost (area of silicon) required for implementing the cipher by shifting the computationally intensive task of cryptographically secure random number generation to the reader. In this paper we evaluate Pandaka and demonstrate that the communication protocol contains flaws which completely break the security of the cipher and make Pandaka susceptible to de-synchronisation. Furthermore, we show that, even without the protocol flaws, we can use a guess and determine method to mount an attack on the cipher for the more challenging scenario of a known-plaintext attack with an expected complexity of only $2^{55}$. We conclude that Pandaka needs to be amended and highlight simple measures to prevent the above attacks

Efficient and Low-Cost RFID Authentication Schemes

Security in passive resource-constrained Radio Frequency Identification (RFID) tags is of much interest nowadays. Resistance against illegal tracking, cloning, timing, and replay attacks are necessary for a secure RFID authentication scheme. Reader authentication is also necessary to thwart any illegal attempt to read the tags. With an objective to design a secure and low-cost RFID authentication protocol, Gene Tsudik proposed a timestamp-based protocol using symmetric keys, named YA-TRAP*. Although YA-TRAP* achieves its target security properties, it is susceptible to timing attacks, where the timestamp to be sent by the reader to the tag can be freely selected by an adversary. Moreover, in YA-TRAP*, reader authentication is not provided, and a tag can become inoperative after exceeding its pre-stored threshold timestamp value. In this paper, we propose two mutual RFID authentication protocols that aim to improve YA-TRAP* by preventing timing attack, and by providing reader authentication. Also, a tag is allowed to refresh its pre-stored threshold value in our protocols, so that it does not become inoperative after exceeding the threshold. Our protocols also achieve other security properties like forward security, resistance against cloning, replay, and tracking attacks. Moreover, the computation and communication costs are kept as low as possible for the tags. It is important to keep the communication cost as low as possible when many tags are authenticated in batch-mode. By introducing aggregate function for the reader-to-server communication, the communication cost is reduced. We also discuss different possible applications of our protocols. Our protocols thus capture more security properties and more efficiency than YA-TRAP*. Finally, we show that our protocols can be implemented using the current standard low-cost RFID infrastructures.Comment: 21 pages, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), Vol 2, No 3, pp. 4-25, 201

A holistic approach examining RFID design for security and privacy

This paper adopts a holistic approach to Radio Frequency Identification (RFID) security that considers security and privacy under resource constraints concurrently. In this context, a practical realisation of a secure passive (battery-less) RFID tag is presented. The tag consists of an off the shelf front end combined with a bespoke 0.18 μm Application Specific Integrated Circuit (ASIC) assembled as a -sized prototype. The ASIC integrates the authors’ ultra low power novel Advanced Encryption Standard (AES) design together with a novel random number generator and a novel protocol, which provides both security and privacy. The analysis presented shows a security of 64-bits against many attack methods. Both modelled and measured power results are presented. The measured average core power consumed during continuous normal operation is 1.36 μW

Role of Cryptographic Welch-Gong (WG-5) Stream Cipher in RFID Security

The purpose of this thesis is to design a secure and optimized cryptographic stream cipher for passive type Radio Frequency Identification (RFID) tags. RFID technology is a wireless automatic tracking and identification device. It has become an integral part of our daily life and it is used in many applications such as electronic passports, contactless payment systems, supply chain management and so on. But the information carried on RFID tags are vulnerable to unauthorized access (or various threats) which raises the security and privacy concern over RFID devices. One of the possible solutions to protect the confidentiality, integrity and to provide authentication is, to use a cryptographic stream cipher which encrypts the original information with a pseudo-random bit sequence. Besides that RFID tags require a resource constrained environment such as efficient area, power and high performance cryptographic systems with large security margins. Therefore, the architecture of stream cipher provides the best trade-off between the cryptographic security and the hardware efficiency. In this thesis, we first described the RFID technology and explain the design requirements for passive type RFID tags. The hardware design for passive tags is more challenging due to its stringent requirements like power consumption and the silicon area. We presented different design measures and some of the optimization techniques required to achieve low-resource cryptographic hardware implementation for passive tags. Secondly, we propose and implement a lightweight WG-5 stream cipher, which has good proven cryptographic mathematical properties. Based on these properties we measured the security analysis of WG-5 and showed that the WG-5 is immune to different types of attacks such as algebraic attack, correlation attack, cube attack, differential attack, Discrete Fourier Transform attack (DFT), Time-Memory-Data trade-off attack. The implementation of WG-5 was carried out using 65 nm and 130 nm CMOS technologies. We achieved promising results of WG-5 implementation in terms of area, power, speed and optimality. Our results outperforms most of the other stream ciphers which are selected in eSTREAM project. Finally, we proposed RFID mutual authentication protocol based on WG-5. The security and privacy analysis of the proposed protocol showed that it is resistant to various RFID attacks such as replay attacks, Denial-of-service (DoS) attack, ensures forward privacy and impersonation attack

Telemedicine patient identification with RFID; an embedded approach

Radio Frequency Identification (RFID) has potential for application in the new field of telemedicine, as the use of radio waves offers advantages over traditional optical technology such as bar codes. Radio waves are not limited by line of sight, they can penetrate objects and communicate in a wireless fashion. However, the same advantage is also the inherent weakness, as radio waves are susceptible to attack. Ongoing efforts have identified forward secure chain hashing as a viable security protocol for RFID authentication. Today\u27s typical RFID communications take place with the host-reader-tag arrangement where the computational requirements are performed by a back end server system which holds all the intelligence and houses all records for an entire facility. One server can easily utilize multiple readers, but a compromise of this single system could have serious ramifications. Why not make a smaller system that is more robust and tolerant of intrusion. This can be achieved by implementing a stand alone reader that relies only on itself. We propose a server-less system that can accomplish the same results. Because our enhanced reader does not require a server to perform its function, if any readers are breached it only impacts that specific reader, not the entire server. By eliminating the resource heavy server device, we can yield a more robust overall system. We have selected a forward secure protocol to implement on an embedded platform that will be able to authenticate a tag without the resources of a back end server

Towards end-to-end security in internet of things based healthcare

Healthcare IoT systems are distinguished in that they are designed to serve human beings, which primarily raises the requirements of security, privacy, and reliability. Such systems have to provide real-time notifications and responses concerning the status of patients. Physicians, patients, and other caregivers demand a reliable system in which the results are accurate and timely, and the service is reliable and secure. To guarantee these requirements, the smart components in the system require a secure and efficient end-to-end communication method between the end-points (e.g., patients, caregivers, and medical sensors) of a healthcare IoT system. The main challenge faced by the existing security solutions is a lack of secure end-to-end communication. This thesis addresses this challenge by presenting a novel end-to-end security solution enabling end-points to securely and efficiently communicate with each other. The proposed solution meets the security requirements of a wide range of healthcare IoT systems while minimizing the overall hardware overhead of end-to-end communication. End-to-end communication is enabled by the holistic integration of the following contributions. The first contribution is the implementation of two architectures for remote monitoring of bio-signals. The first architecture is based on a low power IEEE 802.15.4 protocol known as ZigBee. It consists of a set of sensor nodes to read data from various medical sensors, process the data, and send them wirelessly over ZigBee to a server node. The second architecture implements on an IP-based wireless sensor network, using IEEE 802.11 Wireless Local Area Network (WLAN). The system consists of a IEEE 802.11 based sensor module to access bio-signals from patients and send them over to a remote server. In both architectures, the server node collects the health data from several client nodes and updates a remote database. The remote webserver accesses the database and updates the webpage in real-time, which can be accessed remotely. The second contribution is a novel secure mutual authentication scheme for Radio Frequency Identification (RFID) implant systems. The proposed scheme relies on the elliptic curve cryptography and the D-Quark lightweight hash design. The scheme consists of three main phases: (1) reader authentication and verification, (2) tag identification, and (3) tag verification. We show that among the existing public-key crypto-systems, elliptic curve is the optimal choice due to its small key size as well as its efficiency in computations. The D-Quark lightweight hash design has been tailored for resource-constrained devices. The third contribution is proposing a low-latency and secure cryptographic keys generation approach based on Electrocardiogram (ECG) features. This is performed by taking advantage of the uniqueness and randomness properties of ECG's main features comprising of PR, RR, PP, QT, and ST intervals. This approach achieves low latency due to its reliance on reference-free ECG's main features that can be acquired in a short time. The approach is called Several ECG Features (SEF)-based cryptographic key generation. The fourth contribution is devising a novel secure and efficient end-to-end security scheme for mobility enabled healthcare IoT. The proposed scheme consists of: (1) a secure and efficient end-user authentication and authorization architecture based on the certificate based Datagram Transport Layer Security (DTLS) handshake protocol, (2) a secure end-to-end communication method based on DTLS session resumption, and (3) support for robust mobility based on interconnected smart gateways in the fog layer. Finally, the fifth and the last contribution is the analysis of the performance of the state-of-the-art end-to-end security solutions in healthcare IoT systems including our end-to-end security solution. In this regard, we first identify and present the essential requirements of robust security solutions for healthcare IoT systems. We then analyze the performance of the state-of-the-art end-to-end security solutions (including our scheme) by developing a prototype healthcare IoT system