403 research outputs found
Criptografía ligera en dispositivos de identificación por radiofrecuencia- RFID
Esta tesis se centra en el estudio de la tecnología de identificación por radiofrecuencia (RFID), la cual puede ser considerada como una de las tecnologías más prometedoras dentro del área de la computación ubicua. La tecnología RFID podría ser el sustituto de los códigos de barras. Aunque la tecnología RFID ofrece numerosas ventajas frente a otros sistemas de identificación, su uso lleva asociados riesgos de seguridad, los cuales no son fáciles de resolver. Los sistemas RFID pueden ser clasificados, atendiendo al coste de las etiquetas, distinguiendo principalmente entre etiquetas de alto coste y de bajo coste. Nuestra investigación se centra fundamentalmente en estas últimas. El estudio y análisis del estado del arte nos ha permitido identificar la necesidad de desarrollar soluciones criptográficas ligeras adecuadas para estos dispositivos limitados. El uso de soluciones criptográficas estándar supone una aproximación correcta desde un punto de vista puramente teórico. Sin embargo, primitivas criptográficas estándar (funciones resumen, código de autenticación de mensajes, cifradores de bloque/flujo, etc.) exceden las capacidades de las etiquetas de bajo coste. Por tanto, es necesario el uso de criptografía ligera._______________________________________This thesis examines the security issues of Radio Frequency Identification
(RFID) technology, one of the most promising technologies in the field of
ubiquitous computing. Indeed, RFID technology may well replace barcode
technology. Although it offers many advantages over other identification
systems, there are also associated security risks that are not easy to address.
RFID systems can be classified according to tag price, with distinction
between high-cost and low-cost tags. Our research work focuses mainly
on low-cost RFID tags. An initial study and analysis of the state of the
art identifies the need for lightweight cryptographic solutions suitable for
these very constrained devices. From a purely theoretical point of view,
standard cryptographic solutions may be a correct approach. However,
standard cryptographic primitives (hash functions, message authentication
codes, block/stream ciphers, etc.) are quite demanding in terms of circuit
size, power consumption and memory size, so they make costly solutions
for low-cost RFID tags. Lightweight cryptography is therefore a pressing
need.
First, we analyze the security of the EPC Class-1 Generation-2 standard,
which is considered the universal standard for low-cost RFID tags.
Secondly, we cryptanalyze two new proposals, showing their unsuccessful
attempt to increase the security level of the specification without much further
hardware demands. Thirdly, we propose a new protocol resistant to
passive attacks and conforming to low-cost RFID tag requirements. In this
protocol, costly computations are only performed by the reader, and security
related computations in the tag are restricted to very simple operations.
The protocol is inspired in the family of Ultralightweight Mutual Authentication
Protocols (UMAP: M2AP, EMAP, LMAP) and the recently proposed
SASI protocol. The thesis also includes the first published cryptanalysis of
xi
SASI under the weakest attacker model, that is, a passive attacker. Fourthly,
we propose a new protocol resistant to both passive and active attacks and
suitable for moderate-cost RFID tags. We adapt Shieh et.’s protocol for
smart cards, taking into account the unique features of RFID systems. Finally,
because this protocol is based on the use of cryptographic primitives
and standard cryptographic primitives are not supported, we address the
design of lightweight cryptographic primitives. Specifically, we propose
a lightweight hash function (Tav-128) and a lightweight Pseudo-Random
Number Generator (LAMED and LAMED-EPC).We analyze their security
level and performance, as well as their hardware requirements and show that both could be realistically implemented, even in low-cost RFID tags
PGMAP: a privacy guaranteed mutual authentication protocol conforming to EPC class 1 gen 2 standards
To resolve the security vulnerabilities and comply with EPC Class 1 Gen 2 UHF RFID (EPC C1G2) Standard at the same time, we present a Privacy Guaranteed Mutual Authentication Protocol (PGMAP). By utilizing the existing functions and memory bank of tag, we amend the processing sequence based on current EPC architecture. An auto-updating index number IDS is enrolled to provide privacy protection to EPC code and a set of light weight algorithms utilizing tag's PRNG are added for authentication. Several attacks to the existing security solutions can be effectively resolved in our protocol. © 2008 IEEE.published_or_final_versionThe IEEE International Conference on e-Business Engineering (ICEBE 2008), Xi'an, China, 22-24 October 2008. In Proceedings of ICEBE, 2008, p. 289-29
Lightweight Mutual Authentication Protocol for Low Cost RFID Tags
Radio Frequency Identification (RFID) technology one of the most promising
technologies in the field of ubiquitous computing. Indeed, RFID technology may
well replace barcode technology. Although it offers many advantages over other
identification systems, there are also associated security risks that are not
easy to be addressed. When designing a real lightweight authentication protocol
for low cost RFID tags, a number of challenges arise due to the extremely
limited computational, storage and communication abilities of Low-cost RFID
tags. This paper proposes a real mutual authentication protocol for low cost
RFID tags. The proposed protocol prevents passive attacks as active attacks are
discounted when designing a protocol to meet the requirements of low cost RFID
tags. However the implementation of the protocol meets the limited abilities of
low cost RFID tags.Comment: 11 Pages, IJNS
Towards Secure and Scalable Tag Search approaches for Current and Next Generation RFID Systems
The technology behind Radio Frequency Identification (RFID) has been around for a while, but dropping tag prices and standardization efforts are finally facilitating the expansion of RFID systems. The massive adoption of this technology is taking us closer to the well known ubiquitous computing scenarios. However, the widespread deployment of RFID technology also gives rise to significant user security issues. One possible solution to these challenges is the use of secure authentication protocols to protect RFID communications. A natural extension of RFID authentication is RFID tag searching, where a reader needs to search for a particular RFID tag out of a large collection of tags. As the number of tags of the system increases, the ability to search for the tags is invaluable when the reader requires data from a few tags rather than all the tags of the system. Authenticating each tag one at a time until the desired tag is found is a time consuming process. Surprisingly, RFID search has not been widely addressed in the literature despite the availability of search capabilities in typical RFID tags. In this thesis, we examine the challenges of extending security and scalability issues to RFID tag search and suggest several solutions.
This thesis aims to design RFID tag search protocols that ensure security and scalability using lightweight cryptographic primitives. We identify the security and performance requirements for RFID systems. We also point out and explain the major attacks that are typically launched against an RFID system. This thesis makes four main contributions. First, we propose a serverless (without a central server) and untraceable search protocol that is secure against major attacks we identified earlier. The unique feature of this protocol is that it provides security protection and searching capacity same as an RFID system with a central server. In addition, this approach is no more vulnerable to a single point-of-failure. Second, we propose a scalable tag search protocol that provides most of the identified security and performance features. The highly scalable feature of this protocol allows it to be deployed in large scale RFID systems. Third, we propose a hexagonal cell based distributed architecture for efficient RFID tag searching in an emergency evacuation system. Finally, we introduce tag monitoring as a new dimension of tag searching and propose a Slotted Aloha based scalable tag monitoring protocol for next generation WISP (Wireless Identification and Sensing Platform) tags
Radio Frequency Identification Technology: Applications, Technical Challenges and Strategies
Purpose - The purpose of this paper is to discuss the technology behind RFID systems, identify the applications of RFID in various industries, and discuss the technical challenges of RFID implementation and the corresponding strategies to overcome those challenges.
Design/methodology/approach - Comprehensive literature review and integration of the findings from literature. Findings - Technical challenges of RFID implementation include tag cost, standards, tag and reader selection, data management, systems integration and security. The corresponding solution is suggested for each challenge.
Research limitations/implications - A survey type research is needed to validate the results.
Practical implications - This research offers useful technical guidance for companies which plan to implement RFID and we expect it to provide the motivation for much future research in this area.
Originality/value - As the infancy of RFID applications, few researches have existed to address the technical issues of RFID implementation. Our research filled this gap
SLRV: An RFID Mutual Authentication Protocol Conforming to EPC Generation-2 Standard
Having done an analysis on the security vulnerabilities of Radio Frequency Identification (RFID) through a desynchronization and an impersonation attacks, it is revealed that the secret information (i.e.: secret key and static identifier) shared between the tag and the reader is unnecessary. To overcome the vulnerability, this paper introduces Shelled Lightweight Random Value (SLRV) protocol; a mutual authentication protocol with high-security potentials conforming to electronic product code (EPC) Class-1 Generation-2 Tags, based on lightweight and standard cryptography on the tag’s and reader’s side, respectively. SLRV prunes de-synchronization attacks where the updating of internal values is only executed on the tag’s side and is a condition to a successful mutual authentication. Results of security analysis of SLRV, and comparison with existing protocols, are presented
Hybrid approach to ensure data confidentiality and tampered data recovery for RFID tag
Radio Frequency Identification (RFID) is an emerging wireless object identification technology with many potential applications such as supply chain management, personnel tracking and healthcare. However, security vulnerabilities of the RFID system have been a serious concern for its wide adoption in many applications. Although there are lots of work to provide privacy and anonymity, little focus has been given to ensure confidentiality and integrity of RFID tag data. To this end, we propose a lightweight hybrid approach based on stenographic and watermarking to ensure data confidentiality, linkability resistance and integrity on the RFID tags data. The proposed technique is capable of tampered data recovering and restoring for RFID tag. It has been validated and tested on EPC class 1 gen2 tags
- …