A Fault Analytic Method against HB+

The search for lightweight authentication protocols suitable for low-cost RFID tags constitutes an active and challenging research area. In this context, a family of protocols based on the LPN problem has been proposed: the so-called HB-family. Despite the rich literature regarding the cryptanalysis of these protocols, there are no published results about the impact of fault analysis over them. The purpose of this paper is to fill this gap by presenting a fault analytic method against a prominent member of the HB-family: HB+ protocol. We demonstrate that the fault analysis model can lead to a flexible and effective attack against HB-like protocols, posing a serious threat over them

Design and Analysis for RFID Authentication Protocol

Radio frequency identification (RFID) technology has been widely used in ubiquitous infrastructures. On the other hand, the low-cost RFID system has potential risks such as privacy and security problems, which would be a big barrier for the application. First of all, we analyze the current security protocols for the RFID system. To protect user privacy and remove security vulnerabilities, we propose a robust and privacy preserving mutual authentication protocol that is suitable for the low-cost RFID environment. Finally, the correctness of the proposed authentication protocol is proved by the BAN logic.published_or_final_versio

Enhancing the security of RCIA ultra-lightweight authentication protocol by using random number generator (RNG) technique

With the growing demand for low-cost Radio Frequency Identification (RFID) system, there is a necessity to design RFID ultra-lightweight authentication protocols to be compatible with the system and also resistant against possible attacks. However, the existing ultra-lightweight authentication protocols are susceptible to wide range of attacks. This study is an attempt to enhance the security of Robust Confidentiality, Integrity, and Authentication (RCIA) ultra-lightweight authentication protocols especially with regard to privacy issue. In the RCIA protocol, IDs value is sent between reader and tag as a constant value. The constant value will enable attacker to trace the location of the tag which violates the privacy users. In order to enhance the security of RCIA protocol, Random Number Generator (RNG) technique has been used. This technique relies on generating random numbers in the tag side, based on Bitwise operations. The idea of this technique is to change the IDs of a tag on every query session so that it will not stay as a constant value. The implementation of Enhanced RCIA has been conducted by using a simulation. The simulation provided the ability to show that the operations of RCIA protocol as to compare with the enhanced RCIA. The outcome shows that the enhanced RCIA outperforms existing one in terms of privacy

Security Analysis of Fan et al. Lightweight RFID Authentication Protocol for Privacy Protection in IoT

The designers of Radio-Frequency IDentification (RFID) systems have a challenging task for proposing secure mutual authentication protocols for Internet of Things (IoT) applications. Recently, Fan et al. proposed a new lightweight RFID mutual authentication protocol in the journal of IEEE Transactions on Industrial Informatics. They claimed that their protocol meets necessary security properties for RFID systems and can be applied for IoT. In this paper, we analyze the security of this protocol and show that it is vulnerable against secret disclosure, reader impersonation and tag traceability attacks. Additionally, we show that in their protocol the anonymity of the tag does not held

Analysis and Construction of Efficient RFID Authentication Protocol with Backward Privacy

Privacy of RFID systems is receiving increasing attentions in the RFID community and an important issue required as to the security of RFID system. Backward privacy means the adversary can not trace the tag later even if he reveals the internal states of the tag sometimes before. In this paper, we analyze two recently proposed RFID authentication schemes: Randomized GPS and Randomized Hashed GPS scheme. We show both of them can not provide backward privacy in Juels and Weis privacy model, which allows the adversary to know whether the reader authenticates the tag successfully or not. In addition, we present a new protocol, called Challenge-Hiding GPS, based on the Schnorr identification scheme. The challenge is hidden from the eavesdropping through the technique of Diffie-Hellman key agreement protocol. The new protocol can satisfy backward privacy, and it has less communication overheads and almost the same computation, compared with the two schemes analyzed

Ensuring Dual Security Modes in RFID-Enabled Supply Chain Systems

Singapore A*Star SER

A context‐aware approach to defend against unauthorized reading and relay attacks in RFID systems

Radio frequency identification (RFID) systems are becoming increasingly ubiquitous in both public and private domains. However, because of the inherent weaknesses of underlying wireless radio communications, RFID systems are plagued with a wide variety of security and privacy threats. A large number of these threats arise because of the tag's promiscuous response to any reader requests. This renders sensitive tag information easily subject to unauthorized reading . Promiscuous tag response also incites different forms of relay attacks whereby a malicious colluding pair, relaying messages between a tag and a reader, can successfully impersonate the tag without actually possessing it. Because of the increasing ubiquity of RFID devices, there is a pressing need for the development of security primitives and protocols to defeat unauthorized reading and relay attacks. However, currently deployed or proposed solutions often fail to satisfy the constraints and requirements of the underlying RFID applications in terms of (one or more of) efficiency, security, and usability. This paper proposes a novel research direction, one that utilizes sensing technologies, to tackle the problems of unauthorized reading and relay attacks with a goal of reconciling the requirements of efficiency, security, and usability. The premise of the proposed work is based on a current technological advancement that enables many RFID tags with low‐cost sensing capabilities. The on‐board tag sensors will be used to acquire useful contextual information about the tag's environment (or its owner, or the tag itself). For defense against unauthorized reading and relay attacks, such context information can be leveraged in two ways. First, contextual information can be used to design context‐aware selective unlocking mechanisms so that tags can selectively respond to reader interrogations and thus minimize the likelihood of unauthorized reading and “ghost‐and‐leech” relay attacks. Second, contextual information can be used as a basis for context‐aware secure transaction verification to defend against special types of relay attacks involving malicious readers. Copyright © 2011 John Wiley & Sons, Ltd. This paper proposes a novel research direction, one that utilizes sensing technologies to tackle the challenging problems of unauthorized reading and relay attacks in radio frequency identification systems. First, contextual information is used to design context‐aware selective unlocking mechanisms, so that tags can selectively respond to reader interrogations and, thus, minimize the likelihood of unauthorized reading and “ghost‐and‐leech” relay attacks. Second, contextual information is used as a basis for context‐aware secure transaction verification to defend against special types of relay attacks involving malicious readers.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/109577/1/sec404.pd

On the Security of HB# against a Man-in-the-Middle Attack

At EuroCrypt ’08, Gilbert, Robshaw and Seurin proposed HB# to improve on HB+ in terms of transmission cost and security against man-in-the-middle attacks. Although the security of HB# is formally proven against a certain class of man- in-the-middle adversaries, it is only conjectured for the general case. In this paper, we present a general man-in-the-middle attack against HB# and Random-HB#, which can also be applied to all anterior HB-like protocols, that recovers the shared secret in 225 or 220 authentication rounds for HB# and 234 or 228 for Random-HB#, depending on the parameter set. We further show that the asymptotic complexity of our attack is polynomial under some conditions on the parameter set which are met on one of those proposed in [8]