Practical Schemes For Privacy & Security Enhanced RFID

Proper privacy protection in RFID systems is important. However, many of the schemes known are impractical, either because they use hash functions instead of the more hardware efficient symmetric encryption schemes as a efficient cryptographic primitive, or because they incur a rather costly key search time penalty at the reader. Moreover, they do not allow for dynamic, fine-grained access control to the tag that cater for more complex usage scenarios. In this paper we investigate such scenarios, and propose a model and corresponding privacy friendly protocols for efficient and fine-grained management of access permissions to tags. In particular we propose an efficient mutual authentication protocol between a tag and a reader that achieves a reasonable level of privacy, using only symmetric key cryptography on the tag, while not requiring a costly key-search algorithm at the reader side. Moreover, our protocol is able to recover from stolen readers.Comment: 18 page

NOVEL RESOURCE EFFICIENT CIRCUIT DESIGNS FOR REBOOTING COMPUTING

CMOS based computing is reaching its limits. To take computation beyond Moores law (the number of transistors and hence processing power on a chip doubles every 18 months to 3 years) requires research explorations in (i) new materials, devices, and processes, (ii) new architectures and algorithms, (iii) new paradigm of logic bit representation. The focus is on fundamental new ways to compute under the umbrella of rebooting computing such as spintronics, quantum computing, adiabatic and reversible computing. Therefore, this thesis highlights explicitly Quantum computing and Adiabatic logic, two new computing paradigms that come under the umbrella of rebooting computing. Quantum computing is investigated for its promising application in high-performance computing. The first contribution of this thesis is the design of two resource-efficient designs for quantum integer division. The first design is based on non-restoring division algorithm and the second one is based on restoring division algorithm. Both the designs are compared and shown to be superior to the existing work in terms of T-count and T-depth. The proliferation of IoT devices which work on low-power also has drawn interests to the rebooting computing. Hence, the second contribution of this thesis is proving that Adiabatic Logic is a promising candidate for implementation in IoT devices. The adiabatic logic family called Symmetric Pass Gate Adiabatic Logic (SPGAL) is implemented in PRESENT-80 lightweight algorithm. Adiabatic Logic is extended to emerging transistor devices

Improving Security and Privacy in Large-Scale RFID Systems

Radio Frequency Identification (RFID) technologies lay in the very heart of Internet of Things (IoT), in which every physical objects are tagged and identified in an internet-like structure. High performance and privacy-preserving interrogations of individual tags, generally called private tag authentication, is crucial for effective monitoring and management of a large number of objects with RFID tags. An RFID system consists of RF readers and RF tags. RF tags are attached to objects, and used as a unique identifier of the objects. RFID technologies enable a number of business and personal applications, and smooth the way for physical transactions in the real world, such as supply chain management, transportation payment, animal identification, warehouse operations, and more. Though bringing great productivity gains, RFID systems may cause new security and privacy threats to individuals or organizations, which have become a major obstacle for their wide adaptions. Therefore, it is important to address the security and privacy issues in RFID systems. In this dissertation, we investigate two important security and privacy issues for large-scale RFID systems. First, we discuss the private tag authentication problems. In a singulation process, an RF reader first sends a query and energizes an RF tag, and then the tag replies its ID or data to the reader. As the tag\u27s ID itself is sensitive information, the reply from tags must be protected against various threats, such as eavesdropping and compromise attacks, where tags are physically tampered and the keys associated with compromised tags are disclosed to adversaries. Fast and secure object identification, generally called private tag authentication, is critical to efficiently monitor and manage a large number of objects with Radio Frequency Identification (RFID) technologies. In a singulation process, an RF reader queries an RF tag, and then the tag replies its ID or data to the reader. Since the tags ID itself is private information, the reply must be protected against various threats, such as eavesdropping and com-promised attacks, where tags are physically tampered and the keys associated with compromised tags are disclosed to adversaries. Hence a large amount of efforts have been made to protect tags replies with low-cost operations, e.g., the XOR operation and 16-bit pseudo random functions (PRFs). In the primitive solution, a tag sends a hashed ID, instead of its real ID, to a reader, and then, the reader searches the corresponding entry in the back-end server. While this approach defends tags replies against various attacks, the authentication speed is of 0(N), where N is the number of tags in the system. Hence, such a straightforward approach is not practical for large-scale RFID systems. In order to efficiently and securely read tags content, private authentication protocols with structured key management have been proposed. In these schemes, each tag has its unique key and a set of groups keys. Groups keys are shared by several tags and used to confine the search space of a unique key. With efficient data structures, the tag authentication completes within 0(log k N). How-ever, private authentication protocols with structured key management unfortunately reduce the degree of privacy, should some tags in the system be compromised. This is because group keys are shared by several tags, and physical tampering of some tags makes the other tags less anonymous. How to remedy this issue is equivalent to reducing the probability that two tags share common group keys (hence after we refer to it as the correlation probability). The introduction of random walking over a data structure, e.g., randomized tree-walking and randomized skip-lists, significantly reduces the correlation probability. Nevertheless, two tags are still correlated should they have same groups keys at all the levels of in a balanced tree or skip lists. In our study, we design a private tag authentication protocol, namely Randomized Skip Graphs-Based Authentication (RSGA), in which unique and group keys are maintained with a skip graph. The RSGA achieves lower correlation probability than the existing scheme while maintaining the same authentication speed as the tree structure. Second, we discuss the fast and secure grouping problems. In the large-scale RFID systems, categorization and grouping of individual items with RF tags are critical for efficient object monitoring and management. For example, when tags belonging to the same group share a common group ID, the reader can transmit the same data simultaneously to the group ID, and it is possible to save considerably the communication overhead as compared with the conventional unicast transmission. To this end, Liu et al. recently propose a set of tag grouping protocols, which enables multicast-like communications for simultaneous data access and distribution to the tags in the same group. In the reality, not only the performance issue, but also security and privacy-preserving mechanisms in RFID protocols are important for protecting the assets of individuals and organizations. Although a number of works have been done for protecting tag\u27s privacy, to the best of our knowledge, the problem of private tag grouping is yet to be addressed. To address the problem of private tag grouping in a large-scale RFID system, we first formulate the problem of private tag grouping and define the privacy model based on the random oracle model. As a baseline protocol, we design a private traditional polling grouping (PrivTPG) protocol based on traditional tag polling protocol. Since PrivTPG is a straightforward approach, it can take a long time. Hence, based on the idea of broadcasting group IDs, we propose a private enhanced polling grouping (PrivEPG) protocol. To further improve the efficiency of tag grouping, we propose a private Bloom filter-based grouping (PrivBFG) protocol. These protocols broadcast unencrypted group IDs. Therefore, we propose a private Cuckoo filter-based polling grouping (PrivCFG) protocol, which is a more secure protocol using a data structure called a cuckoo filter. Then, the protocol-level tag\u27s privacy of the proposed PrivTPG, PrivEPG, PrivBFG, and PrivCFG is proven by random oracles. In addition, computer simulations are conducted to evaluate the efficiency of the proposed protocols with different configurations.首都大学東京, 2018-03-25, 修士（工学）首都大学東

Tag Ownership Transfer in Radio Frequency Identification Systems: A Survey of Existing Protocols and Open Challenges

Radio frequency identification (RFID) is a modern approach to identify and track several assets at once in a supply chain environment. In many RFID applications, tagged items are frequently transferred from one owner to another. Thus, there is a need for secure ownership transfer (OT) protocols that can perform the transfer while, at the same time, protect the privacy of owners. Several protocols have been proposed in an attempt to fulfill this requirement. In this paper, we provide a comprehensive and systematic review of the RFID OT protocols that appeared over the years of 2005-2018. In addition, we compare these protocols based on the security goals which involve their support of OT properties and their resistance to attacks. From the presented comparison, we draw attention to the open issues in this field and provide suggestions for the direction that future research should follow. Furthermore, we suggest a set of guidelines to be considered in the design of new protocols. To the best of our knowledge, this is the first comprehensive survey that reviews the available OT protocols from the early start up to the current state of the art

Role of Cryptographic Welch-Gong (WG-5) Stream Cipher in RFID Security

The purpose of this thesis is to design a secure and optimized cryptographic stream cipher for passive type Radio Frequency Identification (RFID) tags. RFID technology is a wireless automatic tracking and identification device. It has become an integral part of our daily life and it is used in many applications such as electronic passports, contactless payment systems, supply chain management and so on. But the information carried on RFID tags are vulnerable to unauthorized access (or various threats) which raises the security and privacy concern over RFID devices. One of the possible solutions to protect the confidentiality, integrity and to provide authentication is, to use a cryptographic stream cipher which encrypts the original information with a pseudo-random bit sequence. Besides that RFID tags require a resource constrained environment such as efficient area, power and high performance cryptographic systems with large security margins. Therefore, the architecture of stream cipher provides the best trade-off between the cryptographic security and the hardware efficiency. In this thesis, we first described the RFID technology and explain the design requirements for passive type RFID tags. The hardware design for passive tags is more challenging due to its stringent requirements like power consumption and the silicon area. We presented different design measures and some of the optimization techniques required to achieve low-resource cryptographic hardware implementation for passive tags. Secondly, we propose and implement a lightweight WG-5 stream cipher, which has good proven cryptographic mathematical properties. Based on these properties we measured the security analysis of WG-5 and showed that the WG-5 is immune to different types of attacks such as algebraic attack, correlation attack, cube attack, differential attack, Discrete Fourier Transform attack (DFT), Time-Memory-Data trade-off attack. The implementation of WG-5 was carried out using 65 nm and 130 nm CMOS technologies. We achieved promising results of WG-5 implementation in terms of area, power, speed and optimality. Our results outperforms most of the other stream ciphers which are selected in eSTREAM project. Finally, we proposed RFID mutual authentication protocol based on WG-5. The security and privacy analysis of the proposed protocol showed that it is resistant to various RFID attacks such as replay attacks, Denial-of-service (DoS) attack, ensures forward privacy and impersonation attack

Criptografía ligera en dispositivos de identificación por radiofrecuencia- RFID

Esta tesis se centra en el estudio de la tecnología de identificación por radiofrecuencia (RFID), la cual puede ser considerada como una de las tecnologías más prometedoras dentro del área de la computación ubicua. La tecnología RFID podría ser el sustituto de los códigos de barras. Aunque la tecnología RFID ofrece numerosas ventajas frente a otros sistemas de identificación, su uso lleva asociados riesgos de seguridad, los cuales no son fáciles de resolver. Los sistemas RFID pueden ser clasificados, atendiendo al coste de las etiquetas, distinguiendo principalmente entre etiquetas de alto coste y de bajo coste. Nuestra investigación se centra fundamentalmente en estas últimas. El estudio y análisis del estado del arte nos ha permitido identificar la necesidad de desarrollar soluciones criptográficas ligeras adecuadas para estos dispositivos limitados. El uso de soluciones criptográficas estándar supone una aproximación correcta desde un punto de vista puramente teórico. Sin embargo, primitivas criptográficas estándar (funciones resumen, código de autenticación de mensajes, cifradores de bloque/flujo, etc.) exceden las capacidades de las etiquetas de bajo coste. Por tanto, es necesario el uso de criptografía ligera._______________________________________This thesis examines the security issues of Radio Frequency Identification (RFID) technology, one of the most promising technologies in the field of ubiquitous computing. Indeed, RFID technology may well replace barcode technology. Although it offers many advantages over other identification systems, there are also associated security risks that are not easy to address. RFID systems can be classified according to tag price, with distinction between high-cost and low-cost tags. Our research work focuses mainly on low-cost RFID tags. An initial study and analysis of the state of the art identifies the need for lightweight cryptographic solutions suitable for these very constrained devices. From a purely theoretical point of view, standard cryptographic solutions may be a correct approach. However, standard cryptographic primitives (hash functions, message authentication codes, block/stream ciphers, etc.) are quite demanding in terms of circuit size, power consumption and memory size, so they make costly solutions for low-cost RFID tags. Lightweight cryptography is therefore a pressing need. First, we analyze the security of the EPC Class-1 Generation-2 standard, which is considered the universal standard for low-cost RFID tags. Secondly, we cryptanalyze two new proposals, showing their unsuccessful attempt to increase the security level of the specification without much further hardware demands. Thirdly, we propose a new protocol resistant to passive attacks and conforming to low-cost RFID tag requirements. In this protocol, costly computations are only performed by the reader, and security related computations in the tag are restricted to very simple operations. The protocol is inspired in the family of Ultralightweight Mutual Authentication Protocols (UMAP: M2AP, EMAP, LMAP) and the recently proposed SASI protocol. The thesis also includes the first published cryptanalysis of xi SASI under the weakest attacker model, that is, a passive attacker. Fourthly, we propose a new protocol resistant to both passive and active attacks and suitable for moderate-cost RFID tags. We adapt Shieh et.’s protocol for smart cards, taking into account the unique features of RFID systems. Finally, because this protocol is based on the use of cryptographic primitives and standard cryptographic primitives are not supported, we address the design of lightweight cryptographic primitives. Specifically, we propose a lightweight hash function (Tav-128) and a lightweight Pseudo-Random Number Generator (LAMED and LAMED-EPC).We analyze their security level and performance, as well as their hardware requirements and show that both could be realistically implemented, even in low-cost RFID tags

A Flexible Ultralight Hardware Security Module for EPC RFID Tags

Due to the rapid growth of using Internet of Things (IoT) devices in daily life, the need to achieve an acceptable level of security and privacy for these devices is rising. Security risks may include privacy threats like gaining sensitive information from a device, and authentication problems from counterfeit or cloned devices. It is more challenging to add security features to extremely constrained devices, such as passive Electronic Product Code (EPC) Radio Frequency Identification (RFID) tags, compared to devices that have more computational and storage capabilities. EPC RFID tags are simple and low-cost electronic circuits that are commonly used in supply chains, retail stores, and other applications to identify physical objects. Most tags today are simple "license plates" that just identify the object they are attached to and have minimal security. Due to the security risks of new applications, there is an important need to implement secure RFID tags. Examples of the security risks for these applications include unauthorized physical tracking and inventorying of tags. The current commercial RFID tag designs use specialised hardware circuits approach. This approach can achieve the lowest area and power consumption; however, it lacks flexibility. This thesis presents an optimized application-specific instruction set architecture (ISA) for an ultralight Hardware Security Module (HSM). HSMs are computing devices that protect cryptographic keys and operations for a device. The HSM combines all security-related functions for passive RFID tag. The goal of this research is to demonstrate that using an application-specific instruction set processor (ASIP) architecture for ultralight HSMs provides benefits in terms of trade-offs between flexibility, extensibility, and efficiency. Our novel application specific instruction-set architecture allows flexibility on many design levels and achieves acceptable security level for passive EPC RFID tag. Our solution moves a major design effort from hardware to software, which largely reduces the final unit cost. Our ASIP processor can be implemented with 4,662 gate equivalent units (GEs) for 65 nm CMOS technology excluding cryptographic units and memories. We integrated and analysed four cryptographic modules: AES and Simeck block ciphers, WG-5 stream cipher, and ACE authenticated encryption module. Our HSM achieves very good efficiencies for both block and stream ciphers. Specifically for the AES cipher, we improve over a previous programmable AES implementation result by 32x. We increase performance dramatically and increase/decrease area by 17.97/17.14% respectively. These results fulfill the requirements of extremely constrained devices and allow the inclusion of cryptographic units into the datapath of our ASIP processor