An Gen2 Based Security Authentication Protocol for RFID System

AbstractEPC Class-1 Generation-2 specification(Gen2 in brief) has been accepted as the standard for RFID tags under grant number ISO18000-6C. However, Gen2 does not pay due attention to security. For this reason, a Gen2 based security authentication protocol is developed in this paper. In details, we study the security requirements presented in the current Gen2 based RFID authentication protocols[7–13]. Then we point out the security flaws of Chien's mutual authentication protocol[7], and improve the protocol based on a 11 security requirements. Our improved protocol merely uses CRC and PRNG operations supported by Gen2 and meets the 11 security requirements. In contrast to the similar work [14,15] on Chien's protocol or other Gen2 based schemes, our protocol is more secure and our security analysis is much more comprehensive and qualitative

An Analysis of and Perspective on the Information Security Maturity Model: a case study of a Public and a Private Sector Company

Information Security (IS) is a concept that is related to protecting a set of data in order to preserve the value it has for an individual or an organization. A review of the literature shows there are four main aspects related to IS: confidentiality, integrity, availability and non-repudiation. Based on these four aspects, a new framework is put forward for analyzing the information security maturity model (ISMM) in an organization, assuming that each organization has a minimum level of information security policies in each aspect, taking into consideration the percentage of policies that this organization has from all those cited in our model. At the end, a case study was conducted in order to analyze the ISMM of a public and private sector company

Survey: An overview of lightweight RFID authentication protocols suitable for the maritime internet of things

The maritime sector employs the Internet of Things (IoT) to exploit many of its benefits to maintain a competitive advantage and keep up with the growing demands of the global economy. The maritime IoT (MIoT) not only inherits similar security threats as the general IoT, it also faces cyber threats that do not exist in the traditional IoT due to factors such as the support for long-distance communication and low-bandwidth connectivity. Therefore, the MIoT presents a significant concern for the sustainability and security of the maritime industry, as a successful cyber attack can be detrimental to national security and have a flow-on effect on the global economy. A common component of maritime IoT systems is Radio Frequency Identification (RFID) technology. It has been revealed in previous studies that current RFID authentication protocols are insecure against a number of attacks. This paper provides an overview of vulnerabilities relating to maritime RFID systems and systematically reviews lightweight RFID authentication protocols and their impacts if they were to be used in the maritime sector. Specifically, this paper investigates the capabilities of lightweight RFID authentication protocols that could be used in a maritime environment by evaluating those authentication protocols in terms of the encryption system, authentication method, and resistance to various wireless attacks

Secure and Lightweight Authentication Protocols for Devices in Internet of Things

The Internet of Things (IoT) has become an intriguing trend worldwide as it allows any smart device with an IP address to participate in a highly immersive and connected environment that integrates physical, digital and social aspects of the user’s lives. The perpetual growth of IoT devices is resulting in less attention on the security side allowing attackers to find easy ways to exploit the devices. Hence, security is one of the important and challenging research areas in IoT. Furthermore, the resource-constrained nature of these devices results in poor performance when the traditional security protocols are used. In this thesis, we propose secure and lightweight authentication protocols for devices in IoT. A centralized network model is considered where the devices in the perception layer are mutually authenticated with the gateway of the system. A mutual authentication mechanism which uses symmetric key negotiation using Elliptic Curve Diffie-Hellman(ECDH) in the registration part of the protocol to protect the credentials of the devices and at the same time it minimizes the computation cost on the devices. At the end of the authentication, key agreement based on the symmetric key cryptography is established between the sensor devices and the gateway. Further, Elliptic Curve Integrated Encryption Scheme (ECIES) method is used to avoid the possibility of man-in-the-middle attack(MITM) in the registration phase of the previous protocol. An informal security verification of the protocols is presented which proves that they are resilient against perception layer attacks. The performance evaluation based on the metrics such as execution time, communication cost, computation cost of the protocol has been performed after the protocol is simulated in the Cooja simulator under Contiki OS environment. Further, the comparison results with the existing protocols show that the proposed system is lightweight as it provides low computation cost and better execution time

Design And Implementation Of A Secure Uhf Rfid Protocol On Fpga

Tez (Yüksek Lisans) -- İstanbul Teknik Üniversitesi, Fen Bilimleri Enstitüsü, 2013Thesis (M.Sc.) -- İstanbul Technical University, Institute of Science and Technology, 2013Tezin ilk aşamasında, yeni okuyucu ve etiket yapılarının geliştirilmesinin ardından güvenli bir UHF RFID sisteminin FPGA üzerinde tasarımı yapılmış ve gerçeklenmiştir. Haberleşme mesafesini geniş ve güvenlik seviyesini yüksek tutmak amacıyla sistem tasarımında aktif etiket yapısı kullanılmıştır. Avrupa UHF RFID standartları göz önüne alınarak merkez frekansı 868MHz olarak belirlenmiştir. Düşük güç tüketimi ve ayarlanabilir çalışma noktası özelliklerine bağlı olarak Okuyucu ve etiket yapılarının alıcı verici katlarında RFM22B modülleri kullanılmıştır. Işlem kapasitesinin yüksek tutulması amacıyla mikroişlemci katında FPGA kitleri kullanılmıştır. Haberleşme protokolünde 2 yönlü doğrulama yapan bir protokol tercih edilmiştir. Iletilen verinin sifrelenmesi Tiny Encryption Algorithm ile gerçekleştirilmiştir. Sonuç olarak 64 bit veri ile kimlik doğrulama işlemi gerçekleştiren bir RFID sistemi başarıyla gerçeklenmiştir. Tezin ikinci aşamasında okuyucuya karşı yeniden oynatma atakları yapılmıştır. Bu ataklar ile asıl etiketin yerine geçilerek okuyucunun gerçek etiket ile haberleştiğine inandırılması amaçlanmıştır. Bu amaçla, daha önceden tasarlanan okuyucu ve etiket yapılarına benzer bir atak birimi tasarlanmış ve öncelikli olarak okuyucu-etiket arasındaki haberleşme 1000 defa dinlenmiştir. Dinleme sonucu elde edilen verilen bilgisayar ortamında saklanmıştır. Sonrasında, asıl etiketin aktif olmadığı durumda, atak birimi okuyucudan gelen veriyi daha önceden kaydedilen veriyle karşılaştırmış ve eşleşme olduğu takdirde bahsedilen okuyucu verisine cevap olan etiket verisini okuyucuya geri göndermiştir. Sonuç olarak tasarlanan RFID sisteminin yeniden oynatma ataklarına karşı güvenilirliği arttırılmıştır.Design and implementation of a secure UHF RFID system was accomplished in first phase of the thesis, by proposing new reader and transponder hardware. Active tag architecture was preferred in system design to keep the communication range long and security level high. 868 MHz center frequency is selected for system operation considering European UHF band RFID regulations defined by European Telecommunication Standards Institute (ETSI). RFM22B transceiver modules were decided on and used for RF front-end stages of reader and tag taking into low power consumption and flexible operating features. FPGA boards formed up microcontroller part of designed reader and tag to keep the computational power substantially high. A communication protocol with two way authentication mechanism was used between receiver and transmitter devices. Tiny Encryption Algorithm was preferred in the design to secure the transmitted data. As a result, a secure RFID system with 64 byte authentication procedure was implemented. In second part, attack studies were held on designed system. The aim of the attacks were to impersonate the original tag with an attack device and convince the reader that original tag is in range of communication. To accomplish replay attacks, an attack device similar to the reader and tag architecture, was designed and prepared for operation. Firstly, reader and tag data was listened by attack device and sent to a personal computer for storage over serial communication link. Later on, stored data is replayed back to the reader when the original tag was out of communication range.Yüksek LisansM.Sc

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Desarrollo de un sistema exportable de confianza corporativa: Aplicación a entornos de trazabilidad de productos

Cada vez es más habitual que en los procesos de fabricación participen diversos fabricantes y empresas. Por otro lado, una característica de los productos muy valorada hoy en día por los consumidores, es la calidad. Ya no es suficiente con producir barato, sino que cada vez es más importante producir con calidad, siendo ésta un factor diferenciador de las manufacturas que se realizan bajo las diversas marcas. La calidad se está integrando cada vez más en las empresas y en sus procesos productivos y de gestión, como un valor añadido y diferenciador del producto. Es habitual encontrar diversos controles de calidad a lo largo de los procesos de fabricación. Lo que ya no es tan habitual es que se pueda identificar a los operarios encargados del control de calidad. A lo sumo, el encargado del control de calidad final deja algún tipo de identificación (por ejemplo un pequeño adhesivo o etiqueta con un número impreso), pero esta identificación carece de sentido en cuanto el producto entra en otra cadena de producción o llega al comprador. En este escenario, aparece otro factor importante como es la confianza. En los actuales sistemas productivos se deben establecer relaciones de confianza entre las empresas encargadas de las diferentes fases de producción (todas esperan que las demás hagan su trabajo según lo acordado). Además, los agentes designados para verificar la adecuación de los productos a lo esperado en las diversas fases de producción, son depositarios de la confianza de la empresa a la que pertenecen. El objetivo principal de la tesis es el desarrollo de un modelo de confianza corporativa exportable, que sea sencillo y económico de implementar. Para ello, se ha propuesto un sistema confiable de identidad digital de los productos. Es decir, cada producto posee un conjunto de atributos que definen su identidad digital, que lo hace único, pero además, cada uno de estos atributos está avalado por el agente de control que lo verificó, por tanto se puede afirmar que es una identidad de calidad. Con este planteamiento, y con una infraestructura mínima, se pueden integrar en el sistema todos los procesos y compañías involucrados en la cadena de producción, bajo un sello de calidad común: la identidad de calidad del producto. Para comprobar la validez de esta propuesta, se ha realizado una prueba de concepto, integrando este sistema de identidad de calidad en un entorno de trazabilidad alimentaria basada en RFID (identificación por radiofrecuencia). Este prototipo, que sirve para securizar la trazabilidad de un producto cárnico elaborado, se ha realizado sobre la tecnología de etiquetado basada en RFID. Con esta tecnología, y para las condiciones ambientales donde se ha desarrollado el proceso de producción de las piezas a controlar en este caso concreto, el tipo de etiquetas idóneo dispone de una cantidad de memoria extremadamente reducida. Además, debido a que anualmente deben utilizarse cientos de miles de etiquetas, el coste de estas etiquetas debe ser sumamente bajo, por lo que sólo es posible utilizar etiquetas muy sencillas (y por tanto sin capacidades de cálculo). Para poder utilizar este tipo de etiquetas, se ha planteado que las operaciones criptográficas no sean realizadas en la etiqueta, sino en un sistema externo basado en una Infraestructura de Clave Pública (PKI), de manera que la etiqueta sólo sirve como soporte de datos en texto plano (sin cifrar), pero firmados electrónicamente. Para resolver el problema del poco espacio de memoria disponible para las firmas de los diferentes agentes de control, se ha recurrido a la utilización de firmas agregadas. Además, al trabajar con criptografía de curvas elípticas, el tamaño de la firma es notablemente menor, para un mismo nivel de seguridad, que el de otros sistemas. Adicionalmente, el sistema propuesto permite transferir la confianza entre las compañías implicadas en un proceso de producción (basta compartir las claves públicas de los firmantes y sus nombres), y se adapta a cualquier entorno productivo. Por todo ello, el sistema propuesto resuelve de forma eficaz la integración de diversas empresas en el proceso de fabricación de un producto, con escaso coste, y permitiendo una verificación de la identidad digital en cualquier parte del proceso, incluida la fase de comercialización