Efficient and Low-Cost RFID Authentication Schemes

Security in passive resource-constrained Radio Frequency Identification (RFID) tags is of much interest nowadays. Resistance against illegal tracking, cloning, timing, and replay attacks are necessary for a secure RFID authentication scheme. Reader authentication is also necessary to thwart any illegal attempt to read the tags. With an objective to design a secure and low-cost RFID authentication protocol, Gene Tsudik proposed a timestamp-based protocol using symmetric keys, named YA-TRAP*. Although YA-TRAP* achieves its target security properties, it is susceptible to timing attacks, where the timestamp to be sent by the reader to the tag can be freely selected by an adversary. Moreover, in YA-TRAP*, reader authentication is not provided, and a tag can become inoperative after exceeding its pre-stored threshold timestamp value. In this paper, we propose two mutual RFID authentication protocols that aim to improve YA-TRAP* by preventing timing attack, and by providing reader authentication. Also, a tag is allowed to refresh its pre-stored threshold value in our protocols, so that it does not become inoperative after exceeding the threshold. Our protocols also achieve other security properties like forward security, resistance against cloning, replay, and tracking attacks. Moreover, the computation and communication costs are kept as low as possible for the tags. It is important to keep the communication cost as low as possible when many tags are authenticated in batch-mode. By introducing aggregate function for the reader-to-server communication, the communication cost is reduced. We also discuss different possible applications of our protocols. Our protocols thus capture more security properties and more efficiency than YA-TRAP*. Finally, we show that our protocols can be implemented using the current standard low-cost RFID infrastructures.Comment: 21 pages, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), Vol 2, No 3, pp. 4-25, 201

Perencanaan Bisnis Provider Transaksi Pembayaran Berbasis RFID pada Hypermarket Makro

RFID (Radio-Frequency IDentification) merupakan sebuah teknologi compact wireless yang diunggulkan untuk mentransformasi dunia komersial. Sebagai suksesor dari barcode, RFID dapat melakukan kontrol otomatis untuk banyak hal. RFID adalah sebuah teknologi yang memanfaatkan frekuensi radio untuk identifikasi otomatis terhadap obyekobyek atau manusia. Kenyataan bahwa manusia amat terampil dalam mengidentifikasi obyek-obyek dalam kondisi lingkungan yang berbedabeda menjadi motivasi dari teknologi ini. Sistem pembayaran dengan menggunakan teknologi RFID dapat dilakukan secara swalayan dengan mudah dan cepat. Penggunaan teknologi ini dapat memudahkan dan mempercepat transaksi pembelian dan dilakukan oleh pembeli itu sendiri. Mereka hanya mendekatkan semua barang yang dibeli kepada alat reader RFID, dan setelah selesai mereka menekan tombol total dan diakhiri dengan mendekatkan kartu pembayaran (sejenis kartu debit atau kartu kredit). Dengan didekatnya kartu yang telah diberikan mikro chip sebagai alat pembayaran tersebut, maka saldo uang pembeli yang berada di kartu tersebut berkurang. Transaksi ini menjadi cepat dan mudah karena tidak diperlukannya uang pengembalian dan dapat dilakukan secara mandiri oleh pembeli

RFID: The Up and Coming Technology

Abstract RFID has been the up and coming technology that many manufacturing and warehousing businesses has been delighted to use, while others still analyse the use and cost variables that come with such a technology. This document will serve as an analysis of the use of RFID and the variables that come along with this future of technology. Keywords RFID, variance, cost, technology, simulation

ALGSICS - Combining physics and cryptography to enhance security and privacy in RFID systems

In this paper, we introduce several new mechanisms that are cheap to implement or integrate into RFID tags and that at the same time enhance their security and privacy properties. Our aim is to provide solutions that make use of existing (or expected) functionality on the tag or that are inherently cheap and thus, enhance the privacy friendliness of the technology "almost" for free. Our proposals, for example, make use of environmental information (presence of light temperature, humidity, etc.) to disable or enable the RFID tag. A second possibility that we explore is the use of delays in revealing a secret key used to later establish a secure communication channel. We also introduce the idea of a "sticky tag," which can be used to re-enable a disabled (or killed) tag whenever the user considers it to be safe. We discuss the security and describe usage scenarios for all solutions. Finally, we review previous works that use physical principles to provide security and privacy in RFID systems

A context‐aware approach to defend against unauthorized reading and relay attacks in RFID systems

Radio frequency identification (RFID) systems are becoming increasingly ubiquitous in both public and private domains. However, because of the inherent weaknesses of underlying wireless radio communications, RFID systems are plagued with a wide variety of security and privacy threats. A large number of these threats arise because of the tag's promiscuous response to any reader requests. This renders sensitive tag information easily subject to unauthorized reading . Promiscuous tag response also incites different forms of relay attacks whereby a malicious colluding pair, relaying messages between a tag and a reader, can successfully impersonate the tag without actually possessing it. Because of the increasing ubiquity of RFID devices, there is a pressing need for the development of security primitives and protocols to defeat unauthorized reading and relay attacks. However, currently deployed or proposed solutions often fail to satisfy the constraints and requirements of the underlying RFID applications in terms of (one or more of) efficiency, security, and usability. This paper proposes a novel research direction, one that utilizes sensing technologies, to tackle the problems of unauthorized reading and relay attacks with a goal of reconciling the requirements of efficiency, security, and usability. The premise of the proposed work is based on a current technological advancement that enables many RFID tags with low‐cost sensing capabilities. The on‐board tag sensors will be used to acquire useful contextual information about the tag's environment (or its owner, or the tag itself). For defense against unauthorized reading and relay attacks, such context information can be leveraged in two ways. First, contextual information can be used to design context‐aware selective unlocking mechanisms so that tags can selectively respond to reader interrogations and thus minimize the likelihood of unauthorized reading and “ghost‐and‐leech” relay attacks. Second, contextual information can be used as a basis for context‐aware secure transaction verification to defend against special types of relay attacks involving malicious readers. Copyright © 2011 John Wiley & Sons, Ltd. This paper proposes a novel research direction, one that utilizes sensing technologies to tackle the challenging problems of unauthorized reading and relay attacks in radio frequency identification systems. First, contextual information is used to design context‐aware selective unlocking mechanisms, so that tags can selectively respond to reader interrogations and, thus, minimize the likelihood of unauthorized reading and “ghost‐and‐leech” relay attacks. Second, contextual information is used as a basis for context‐aware secure transaction verification to defend against special types of relay attacks involving malicious readers.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/109577/1/sec404.pd

Efficient Security Protocols for Constrained Devices

During the last decades, more and more devices have been connected to the Internet.Today, there are more devices connected to the Internet than humans.An increasingly more common type of devices are cyber-physical devices.A device that interacts with its environment is called a cyber-physical device.Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.Devices connected to the Internet risk being compromised by threat actors such as hackers.Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.Many cyber-physical devices are categorized as constrained devices.A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.Devices must be efficient to make the most of the limited resources.Mitigating cyber attacks is a complex task, requiring technical and organizational measures.Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.In our work, we present a novel attack against the protocol.We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.Using a state synchronization protocol, we propagate state changes between the digital and physical twins.The Digital Twin can then monitor and manage devices.We have also designed a protocol for secure ownership transfer of constrained wireless devices. Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.With a formal protocol verification, we can guarantee the security of both the old and new owners.Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.PSA allows devices to send encrypted measurements to an aggregator.The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.No party will learn the measurement except the device that generated it

Unraveling Privacy: The Personal Prospectus and the Threat of a Full-Disclosure Future

Information technologies are reducing the costs of credible signaling, just as they have reduced the costs of data mining and economic sorting. The burgeoning informational privacy field has ignored this evolution, leaving it unprepared to deal with the consequences of these new signaling mechanisms. In an economy with robust signaling, those with valuable credentials, clean medical records, and impressive credit scores will want to disclose those traits to receive preferential economic treatment. Others may then find that they must also disclose private information to avoid the negative inferences attached to staying silent. This unraveling effect creates new types of privacy harms, converting disclosure from a consensual to a more coerced decision. This Article argues that informational privacy law must focus on the economics of signaling and its unraveling of privacy