Privacy analysis of forward and backward untraceable RFID authentication schemes

In this paper, we analyze the rst known provably secure RFID authentication schemes that are designed to provide forward untraceability and backward untraceability: the L-K and S-M schemes. We show how to trace tags in the L-K scheme without needing to corrupt tags. We also show that if a standard cryptographic pseudorandom bit generator (PRBG) is used in the S-M scheme, then the scheme may fail to provide forward untraceability and backward untraceability. To achieve the desired untraceability features, we show that the S-M scheme can use a robust PRBG which provides forward security and backward security. We also note that the backward security is stronger than necessary for the backward untraceability of the S-M scheme

How To Ensure Forward and Backward Untraceability of RFID Identification Schemes By Using A Robust PRBG

In this paper, we analyze an RFID identification scheme which is designed to provide forward untraceability and backward untraceability. We show that if a standard cryptographic pseudorandom bit generator (PRBG) is used in the scheme, then the scheme may fail to provide forward untraceability and backward untraceability. To achieve the desired untraceability features, the scheme can use a robust PRBG which provides forward security and backward security. We also note that the backward security is stronger than necessary for the backward untraceability of the scheme

Cryptographic Protocols, Sensor Network Key Management, and RFID Authentication

This thesis includes my research on efficient cryptographic protocols, sensor network key management, and radio frequency identification (RFID) authentication protocols. Key exchange, identification, and public key encryption are among the fundamental protocols studied in cryptography. There are two important requirements for these protocols: efficiency and security. Efficiency is evaluated using the computational overhead to execute a protocol. In modern cryptography, one way to ensure the security of a protocol is by means of provable security. Provable security consists of a security model that specifies the capabilities and the goals of an adversary against the protocol, one or more cryptographic assumptions, and a reduction showing that breaking the protocol within the security model leads to breaking the assumptions. Often, efficiency and provable security are not easy to achieve simultaneously. The design of efficient protocols in a strict security model with a tight reduction is challenging. Security requirements raised by emerging applications bring up new research challenges in cryptography. One such application is pervasive communication and computation systems, including sensor networks and radio frequency identification (RFID) systems. Specifically, sensor network key management and RFID authentication protocols have drawn much attention in recent years. In the cryptographic protocol part, we study identification protocols, key exchange protocols, and ElGamal encryption and its variant. A formal security model for challenge-response identification protocols is proposed, and a simple identification protocol is proposed and proved secure in this model. Two authenticated key exchange (AKE) protocols are proposed and proved secure in the extended Canetti-Krawczyk (eCK) model. The proposed AKE protocols achieve tight security reduction and efficient computation. We also study the security of ElGamal encryption and its variant, Damgard’s ElGamal encryption (DEG). Key management is the cornerstone of the security of sensor networks. A commonly recommended key establishment mechanism is based on key predistribution schemes (KPS). Several KPSs have been proposed in the literature. A KPS installs pre-assigned keys to sensor nodes so that two nodes can communicate securely if they share a key. Multi-path key establishment (MPKE) is one component of KPS which enables two nodes without a shared key to establish a key via multiple node-disjoint paths in the network. In this thesis, methods to compute the k-connectivity property of several representative key predistribution schemes are developed. A security model for MPKE and efficient and secure MPKE schemes are proposed. Scalable, privacy-preserving, and efficient authentication protocols are essential for the success of RFID systems. Two such protocols are proposed in this thesis. One protocol uses finite field polynomial operations to solve the scalability challenge. Its security is based on the hardness of the polynomial reconstruction problem. The other protocol improves a randomized Rabin encryption based RFID authentication protocol. It reduces the hardware cost of an RFID tag by using a residue number system in the computation, and it provides provable security by using secure padding schemes

Symmetric Encryption Based Privacy using Lightweight Cryptography for RFID Tags

RFID technology emerged as the promising technology for its ease of use and implementation in the ubiquitous computing world. RFID is deployed widely in various applications that use automatic identification and processing for information retrieval. The primary components of an RFID system are the RFID tag (active and passive), the reader and the back-end server (database). Cost is the main factor that drove RFID tags to its immense utilization in which passive tags dominate in today's widely deployed RFID practice. Passive tags are low cost RFID tags conjoined to several consumer products (like clothes, smart cards and devices, courier, container, etc) for the purpose of unique identification. Readers on the other hand act as a source to track and record the passive RFID tag's activities (like modifications, updates and authentication). Due to the rapid growth of RFID practice in the past few years, measures for consumer privacy and security has been researched. The uncertainties that arise with the passive RFID tags are handling of user's private information (like name, ID, house address, credit card number, health statement, etc) which are posed to considerable threat from the adversary. Passive tags are inexpensive and contain less overhead and are considered good performers and consequently lack in providing security and privacy. Lightweight cryptography is an area of cryptography developed for low cost resourced environment. Mutual authentication is defined as the process of verifying an authorized tag and a reader (reader and server respectively) by an agreed algorithm to mutually prove their legitimacy with each other. Adversary is a third party who tries to hear the ongoing communication between the tag and the reader (reader and server respectively) anonymously. In this thesis, symmetric lightweight ciphers like Present and Grain are introduced as mutual authentication protocols to rescue the privacy aspects and properties of the RFID tags. These ciphers are simple, faster and suitable to implement within the passive RFID network and reasonably lay a foundation for the preservation of privacy and security of the RFID system. Lightweight ciphers use hash functions, pseudo random generators, SP networks and linear feedback shift registers to randomize data while mutual authentication scheme uses lightweight ciphers to manage authorize the legitimacy of every device in the RFID network

RFID Authentification Protocols using Symmetric Cryptography

Radio Frequency IDentification (RFID) is emerging in a variety of applications as an important technology for identifying and tracking goods and assets. The spread of RFID technology, however, also gives rise to significant user privacy and security issues. One possible solution to these challenges is the use of a privacy-enhancing cryptographic protocol to protect RFID communications. This thesis considers RFID authentication protocols that make use of symmetric cryptography. We first identify the privacy, security and performance requirements for RFID systems. We then review recent related work, and assess the capabilities of previously proposed protocols with respect to the identified privacy, security and performance properties. The thesis makes four main contributions. First, we introduce server impersonation attacks as a novel security threat to RFID protocols. RFID tag memory is generally not tamper-proof, since tag costs must be kept low, and thus it is vulnerable to compromise by physical attacks. We show that such attacks can give rise to desynchronisation between server and tag in a number of existing RFID authentication protocols. We also describe possible countermeasures to this novel class of attacks. Second, we propose a new authentication protocol for RFID systems that provides most of the identified privacy and security features. The new protocol resists tag information leakage, tag location tracking, replay attacks, denial of service attacks and backward traceability. It is also more resistant to forward traceability and server impersonation attacks than previously proposed schemes. The scheme requires less tag-side storage than existing protocols and requires only a moderate level of tag-side computation. Next, we survey the security requirements for RFID tag ownership transfer. In some applications, the bearer of an RFID tag might change, with corresponding changes required for the RFID system infrastructure. We propose novel authentication protocols for tag ownership and authorisation transfer. The proposed protocols satisfy the requirements presented, and have desirable performance characteristics. Finally, we address the issue of scalability in anonymous RFID authentication protocols. Many previously proposed protocols suffer from scalability issues because they require a linear search to identify or authenticate a tag. Some RFID protocols, however, only require constant time for tag identification; unfortunately, all previously proposed schemes of this type have serious shortcomings. We propose a novel RFID pseudonym protocol that takes constant time to authenticate a tag, and meets the identified privacy, security and performance requirements. The proposed scheme also supports tag delegation and ownership transfer in an efficient way

A Secure Quorum Based Multi-Tag RFID System

Radio Frequency Identification (RFID) technology has been expanded to be used in different fields that need automatic identifying and verifying of tagged objects without human intervention. RFID technology offers a great advantage in comparison with barcodes by providing accurate information, ease of use and reducing of labour cost. These advantages have been utilised by using passive RFID tags. Although RFID technology can enhance the efficiency of different RFID applications systems, researchers have reported issues regarding the use of RFID technology. These issues are making the technology vulnerable to many threats in terms of security and privacy. Different RFID solutions, based on different cryptography primitives, have been developed. Most of these protocols focus on the use of passive RFID tags. However, due to the computation feasibility in passive RFID tags, these tags might be vulnerable to some of the security and privacy threats. , e.g. unauthorised reader can read the information inside tags, illegitimate tags or cloned tags can be accessed by a reader. Moreover, most consideration of reserchers is focus on single tag authentication and mostly do not consider scenarios that need multi-tag such as supply chain management and healthcare management. Secret sharing schemes have been also proposed to overcome the key management problem in supply chain management. However, secret sharing schemes have some scalability limitations when applied with high numbers of RFID tags. This work is mainly focused on solving the problem of the security and privacy in multi-tag RFID based system. In this work firstly, we studied different RFID protocols such as symmetric key authentication protocols, authentication protocols based on elliptic curve cryptography, secret sharing schemes and multi-tag authentication protocols. Secondly, we consider the significant research into the mutual authentication of passive RFID tags. Therefore, a mutual authentication scheme that is based on zero-knowledge proof have been proposed . The main object of this work is to develop an ECC- RFID based system that enables multi-RFID tags to be authenticated with one reader by using different versions of ECC public key encryption schemes. The protocol are relied on using threshold cryptosystems that operate ECC to generate secret keys then distribute and stored secret keys among multi RFID tags. Finally, we provide performance measurement for the implementation of the proposed protocols.Ministry of higher education and scientific research, Baghdad-Ira