Product Authentication Using Hash Chains and Printed QR Codes

This thesis explores the usage of simple printed tags for authenticating products. Printed tags are a cheap alternative to RFID and other tag based systems and do not require specialized equipment. Due to the simplistic nature of such printed codes, many security issues like tag impersonation, server impersonation, reader impersonation, replay attacks and denial of service present in RFID based solutions need to be handled differently. An algorithm that utilizes hash chains to secure such simple tags while still keeping cost low is discussed. The security characteristics of this scheme as well as other product authentication schemes that use RFID tags are compared. Arguments for static tags being at least as secure as RFID tags is discussed. Finally, a scheme for combining RFID authentication with static tags to achieve security throughout the supply chain is discussed

A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication

We present a lightweight PUF-based authentication approach that is practical in settings where a server authenticates a device, and for use cases where the number of authentications is limited over a device's lifetime. Our scheme uses a server-managed challenge/response pair (CRP) lockdown protocol: unlike prior approaches, an adaptive chosen-challenge adversary with machine learning capabilities cannot obtain new CRPs without the server's implicit permission. The adversary is faced with the problem of deriving a PUF model with a limited amount of machine learning training data. Our system-level approach allows a so-called strong PUF to be used for lightweight authentication in a manner that is heuristically secure against today's best machine learning methods through a worst-case CRP exposure algorithmic validation. We also present a degenerate instantiation using a weak PUF that is secure against computationally unrestricted adversaries, which includes any learning adversary, for practical device lifetimes and read-out rates. We validate our approach using silicon PUF data, and demonstrate the feasibility of supporting 10, 1,000, and 1M authentications, including practical configurations that are not learnable with polynomial resources, e.g., the number of CRPs and the attack runtime, using recent results based on the probably-approximately-correct (PAC) complexity-theoretic framework

Radio Frequency Identification Technology: Applications, Technical Challenges and Strategies

Purpose - The purpose of this paper is to discuss the technology behind RFID systems, identify the applications of RFID in various industries, and discuss the technical challenges of RFID implementation and the corresponding strategies to overcome those challenges. Design/methodology/approach - Comprehensive literature review and integration of the findings from literature. Findings - Technical challenges of RFID implementation include tag cost, standards, tag and reader selection, data management, systems integration and security. The corresponding solution is suggested for each challenge. Research limitations/implications - A survey type research is needed to validate the results. Practical implications - This research offers useful technical guidance for companies which plan to implement RFID and we expect it to provide the motivation for much future research in this area. Originality/value - As the infancy of RFID applications, few researches have existed to address the technical issues of RFID implementation. Our research filled this gap

Secure Code Generation for Multi-Level Mutual Authentication

Any secured system requires one or more logging policies to make that system safe. Static passwords alone cannot be furthermore enough for securing systems, even with strong passwords illegal intrusions occur or it suffers the risk of forgotten. Authentication using many levels (factors) might complicate the steps when intruders try to reach system resources. Any person to be authorized for logging-in a secured system must provide some predefined data or present some entities that identify his/her authority. Predefined information between the client and the system help to get more secure level of logging-in. In this paper, the user that aims to log-in to a secured system must provide a recognized RFID card with a mobile number, which is available in the secured systems database, then the secured system with a simple algorithm generates a One-Time Password that is sent via GSM Arduino compatible shield to the user announcing him/her as an authorized person

Towards a model of factors affecting resistance to using multi-method authentication systems in higher-education environments

Over the course of history, different means of object as well as person identification and verification have evolved for user authentication. In recent years, a new concern has emerged regarding the accuracy of authentication and of protection of personal identifying information (PII), because previous information systems (IS) misuses have resulted in significant financial loss. Such losses have escalated more noticeably because of identity-theft incidents due to breaches of PII within multiple public-access environments, such asinstitutions of higher-education. Although the use of various biometric and radio frequency identification (RFID) technologies is expanding, resistance to using these technologies remains an issue. As such, in this research-in-progress paper, we outline a predictive study to assess the contribution of campus students’ perceptions of the importance of protecting their PII, noted as Perceived Value of Organizational Protection of PII (PVOP), authentication complexity (AC), and invasion of privacy (IOP) on their resistance to using multi-method authentication systems (RMS) in higher-education environments. In this work-in-progress study, we seek to better understand the theoretical foundations for the effect of students’ perceptions on their resistance to using multi-method authentication systems (RMS) in higher-education environments and uncover key constructs that may significantly contribute to such resistance. A quasiexperiment is proposed including clearly identified procedures and data analyses

An RFID Enabled Authentication System for Transaction and Abridgement of ATM Card Blocking and unblocking Intricacies

In the modern world, everything has become online and work gets completed in a quick span of time. The flexibility of credit and debit card transactions has led to increase in number of users and also has cautioned us on security risks. The prevailing complications associated with blocking and unblocking of ATM cards involves a tedious interactive processes. In order to overcome the blocking intricacies and transaction liabilities, a three level authentication scheme involving IMEI, One-time password and Graphical pattern is used with the help of RFID (Radio Frequency Authentication). Here OTP is transmitted from mobile to ATM system which is achieved by Bluetooth. The implementation of this takes the help of RFID card, RFID reader housed in ATM, Microcontroller and Bluetooth. The proposed system is thus cost effective which also ensures faster transactions and blocking/unblocking along with tight security

On the Security of HB# against a Man-in-the-Middle Attack

At EuroCrypt ’08, Gilbert, Robshaw and Seurin proposed HB# to improve on HB+ in terms of transmission cost and security against man-in-the-middle attacks. Although the security of HB# is formally proven against a certain class of man- in-the-middle adversaries, it is only conjectured for the general case. In this paper, we present a general man-in-the-middle attack against HB# and Random-HB#, which can also be applied to all anterior HB-like protocols, that recovers the shared secret in 225 or 220 authentication rounds for HB# and 234 or 228 for Random-HB#, depending on the parameter set. We further show that the asymptotic complexity of our attack is polynomial under some conditions on the parameter set which are met on one of those proposed in [8]