Efficient and Low-Cost RFID Authentication Schemes

Security in passive resource-constrained Radio Frequency Identification (RFID) tags is of much interest nowadays. Resistance against illegal tracking, cloning, timing, and replay attacks are necessary for a secure RFID authentication scheme. Reader authentication is also necessary to thwart any illegal attempt to read the tags. With an objective to design a secure and low-cost RFID authentication protocol, Gene Tsudik proposed a timestamp-based protocol using symmetric keys, named YA-TRAP*. Although YA-TRAP* achieves its target security properties, it is susceptible to timing attacks, where the timestamp to be sent by the reader to the tag can be freely selected by an adversary. Moreover, in YA-TRAP*, reader authentication is not provided, and a tag can become inoperative after exceeding its pre-stored threshold timestamp value. In this paper, we propose two mutual RFID authentication protocols that aim to improve YA-TRAP* by preventing timing attack, and by providing reader authentication. Also, a tag is allowed to refresh its pre-stored threshold value in our protocols, so that it does not become inoperative after exceeding the threshold. Our protocols also achieve other security properties like forward security, resistance against cloning, replay, and tracking attacks. Moreover, the computation and communication costs are kept as low as possible for the tags. It is important to keep the communication cost as low as possible when many tags are authenticated in batch-mode. By introducing aggregate function for the reader-to-server communication, the communication cost is reduced. We also discuss different possible applications of our protocols. Our protocols thus capture more security properties and more efficiency than YA-TRAP*. Finally, we show that our protocols can be implemented using the current standard low-cost RFID infrastructures.Comment: 21 pages, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), Vol 2, No 3, pp. 4-25, 201

Efficient Detection of Counterfeit Products in Large-scale RFID Systems Using Batch Authentication Protocols

RFID technology facilitates processing of product information, making it a promising technology for anti-counterfeiting. However, in large-scale RFID applications, such as supply chain, retail industry, pharmaceutical industry, total tag estimation and tag authentication are two major research issues. Though there are per-tag authentication protocols and probabilistic approaches for total tag estimation in RFID systems, the RFID authentication protocols are mainly per-tag-based where the reader authenticates one tag at each time. For a batch of tags, current RFID systems have to identify them and then authenticate each tag sequentially, one at a time. This increases the protocol execution time due to the large volume of authentication data. In this paper, we propose to detect counterfeit tags in large-scale system using efficient batch authentication protocol. We propose FSA-based protocol, FTest, to meet the requirements of prompt and reliable batch authentication in large-scale RFID applications. FTest can determine the validity of a batch of tags with minimal execution time which is a major goal of large-scale RFID systems. FTest can reduce protocol execution time by ensuring that the percentage of potential counterfeit products is under the user-defined threshold. The experimental result demonstrates that FTest performs significantly better than the existing counterfeit detection approaches, for example, existing authentication techniques

Ensuring Application Specific Security, Privacy and Performance Goals in RFID Systems

Radio Frequency IDentification (RFID) is an automatic identification technology that uses radio frequency to identify objects. Securing RFID systems and providing privacy in RFID applications has been the focus of much academic work lately. To ensure universal acceptance of RFID technology, security and privacy issued must be addressed into the design of any RFID application. Due to the constraints on memory, power, storage capacity, and amount of logic on RFID devices, traditional public key based strong security mechanisms are unsuitable for them. Usually, low cost general authentication protocols are used to secure RFID systems. However, the generic authentication protocols provide relatively low performance for different types of RFID applications. We identified that each RFID application has unique research challenges and different performance bottlenecks based on the characteristics of the system. One strategy is to devise security protocols such that application specific goals are met and system specific performance requirements are maximized. This dissertation aims to address the problem of devising application specific security protocols for current and next generation RFID systems so that in each application area maximum performance can be achieved and system specific goals are met. In this dissertation, we propose four different authentication techniques for RFID technologies, providing solutions to the following research issues: 1) detecting counterfeit as well as ensuring low response time in large scale RFID systems, 2) preserving privacy and maintaining scalability in RFID based healthcare systems, 3) ensuring security and survivability of Computational RFID (CRFID) networks, and 4) detecting missing WISP tags efficiently to ensure reliability of CRFID based system\u27s decision. The techniques presented in this dissertation achieve good levels of privacy, provide security, scale to large systems, and can be implemented on resource-constrained RFID devices

Evaluating the reading performance of semi-passive RFID tags to enhance locating of warehouse resources: An experiment design

Copyright @ 2011 8th European, Mediterranean and Middle Eastern Conference on Information Systems (EMCIS 2011)In the supply chain, a warehouse is a crucial component for linking all chain parties. It is necessary to track the real time resource location and status to support warehouse operations effectively. Therefore, RFID technology has been adopted to facilitate the collection and sharing of data in a warehouse environment. However, an essential decision should be made on the type of RFID tags the warehouse managers should adopt, because it is very important to implement RFID tags that work in warehouse environment. As a result, the warehouse resources will be easily tracked and accurately located which will improve the visibility of warehouse operations, enhance the productivity and reduce the operation costs of the warehouse. Therefore, it is crucial to evaluate the reading performance of all types of RFID tags in a warehouse environment in order to choose the most appropriate RFID tags which will enhance the operational efficiency of a warehouse. Reading performance of active and passive RFID tags have been evaluated before while, semi-passive RFID tag, which is battery-assisted with greater sensitivity than passive tags and cheaper than active tags, has not been examined yet in a warehouse environment. This research is in- progress research and it is aiming to perform tests for evaluating the reading performance of semi-passive RFID apparatus to provide an extensive RFID performance comparison for formulating an efficient RFID solution in warehousing environment

Security and privacy issues of physical objects in the IoT: Challenges and opportunities

In the Internet of Things (IoT), security and privacy issues of physical objects are crucial to the related applications. In order to clarify the complicated security and privacy issues, the life cycle of a physical object is divided into three stages of pre-working, in-working, and post-working. On this basis, a physical object-based security architecture for the IoT is put forward. According to the security architecture, security and privacy requirements and related protecting technologies for physical objects in different working stages are analyzed in detail. Considering the development of IoT technologies, potential security and privacy challenges that IoT objects may face in the pervasive computing environment are summarized. At the same time, possible directions for dealing with these challenges are also pointed out

Stability of synchronous queued RFID networks

Queued Radio Frequency Identification (RFID) networks arise naturally in many applications, where tags are grouped into batches, and each batch must be processed before the next reading job starts. In these cases, the system must be able to handle all incoming jobs, keeping the queue backlogs bounded. This property is called stability. Besides, in RFID networks, it is common that some readers cannot operate at the same time, due to mutual interferences. This fact reduces the maximum traffic that readers can process since they have to share the channel. Synchronous networks share the channel using a TDMA approach. The goal of this work is to analytically determine whether a synchronous queued RFID network attains stable operation under a given incoming traffic. Stability depends on the service rate, which is characterized in this paper using an exact numerical method based on a recursive analytical approach, overcoming the limitations of previous works, which were based on simplifications. We also address different flow optimization problems, such as computing the maximum joint traffic that a network can process stably, selecting the minimal number of readers to process a given total load, or determining the optimal timeslot duration, which are novel in the RFID literature.This work was supported by the Project AIM, (AEI/FEDER, EU) under Grant TEC2016-76465-C2-1-R