On the Improper Use of CRC for Cryptographic Purposes in RFID Mutual Authentication Protocols

Mutual authentication is essential to guarantee the confidentiality, integrity, and availability of an RFID system. One area of interest is the design of lightweight mutual authentication protocols that meet the limited computational and energy resources of the tags. These protocols use simple operations such as permutation and cyclic redundancy code for cryptographic purposes. However, these functions are cryptographically weak and are easily broken. In this work, we present a case against the use of these functions for cryptographic purposes, due to their simplicity and linear properties, by analyzing the LPCP protocol. We evaluate the claims of the LPCP resistance to de-synchronization and full disclosure attacks and show that the protocol is weak and can be easily broken by eavesdropping on a few mutual authentication sessions. This  weakness stems from the functions themselves as well as the improper use of inputs to these functions. We further offer suggestions that would help in designing more secure protocols

Tag Ownership Transfer in Radio Frequency Identification Systems: A Survey of Existing Protocols and Open Challenges

Radio frequency identification (RFID) is a modern approach to identify and track several assets at once in a supply chain environment. In many RFID applications, tagged items are frequently transferred from one owner to another. Thus, there is a need for secure ownership transfer (OT) protocols that can perform the transfer while, at the same time, protect the privacy of owners. Several protocols have been proposed in an attempt to fulfill this requirement. In this paper, we provide a comprehensive and systematic review of the RFID OT protocols that appeared over the years of 2005-2018. In addition, we compare these protocols based on the security goals which involve their support of OT properties and their resistance to attacks. From the presented comparison, we draw attention to the open issues in this field and provide suggestions for the direction that future research should follow. Furthermore, we suggest a set of guidelines to be considered in the design of new protocols. To the best of our knowledge, this is the first comprehensive survey that reviews the available OT protocols from the early start up to the current state of the art

Symmetric Encryption Based Privacy using Lightweight Cryptography for RFID Tags

RFID technology emerged as the promising technology for its ease of use and implementation in the ubiquitous computing world. RFID is deployed widely in various applications that use automatic identification and processing for information retrieval. The primary components of an RFID system are the RFID tag (active and passive), the reader and the back-end server (database). Cost is the main factor that drove RFID tags to its immense utilization in which passive tags dominate in today's widely deployed RFID practice. Passive tags are low cost RFID tags conjoined to several consumer products (like clothes, smart cards and devices, courier, container, etc) for the purpose of unique identification. Readers on the other hand act as a source to track and record the passive RFID tag's activities (like modifications, updates and authentication). Due to the rapid growth of RFID practice in the past few years, measures for consumer privacy and security has been researched. The uncertainties that arise with the passive RFID tags are handling of user's private information (like name, ID, house address, credit card number, health statement, etc) which are posed to considerable threat from the adversary. Passive tags are inexpensive and contain less overhead and are considered good performers and consequently lack in providing security and privacy. Lightweight cryptography is an area of cryptography developed for low cost resourced environment. Mutual authentication is defined as the process of verifying an authorized tag and a reader (reader and server respectively) by an agreed algorithm to mutually prove their legitimacy with each other. Adversary is a third party who tries to hear the ongoing communication between the tag and the reader (reader and server respectively) anonymously. In this thesis, symmetric lightweight ciphers like Present and Grain are introduced as mutual authentication protocols to rescue the privacy aspects and properties of the RFID tags. These ciphers are simple, faster and suitable to implement within the passive RFID network and reasonably lay a foundation for the preservation of privacy and security of the RFID system. Lightweight ciphers use hash functions, pseudo random generators, SP networks and linear feedback shift registers to randomize data while mutual authentication scheme uses lightweight ciphers to manage authorize the legitimacy of every device in the RFID network

Security protocol based on random key generation for an Rfid system

Radio Frequency Identification (RFID) is a technology, which describes the transmission of unique information by a wireless device, over Radio waves, when prompted or read by a compatible reader; The basic components in implementing RFID are RFID tags which are small microchips attached to a radio antenna, mounted on a substrate, and a wireless transceiver/reader that queries the RFID tags; This thesis deals with research issues related to security aspects in the communication between an RFID tag and its reader. More precisely, it deals with a new, simple and efficient security protocol based on an encryption that uses the concept of regular public key regeneration, which can be effortlessly adopted in an RFID application

A Survey on Privacy and Security of Internet of Things

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Internet of Things (IoT) has fundamentally changed the way information technology and communication environments work, with significant advantages derived from wireless sensors and nanotechnology, among others. While IoT is still a growing and expanding platform, the current research in privacy and security shows there is little integration and unification of security and privacy that may affect user adoption of the technology because of fear of personal data exposure. The surveys conducted so far focus on vulnerabilities based on information exchange technologies applicable to the Internet. None of the surveys has brought out the integrated privacy and security perspective centred on the user. The aim of this paper is to provide the reader with a comprehensive discussion on the current state of the art of IoT, with particular focus on what have been done in the areas of privacy and security threats, attack surface, vulnerabilities and countermeasures and to propose a threat taxonomy. IoT user requirements and challenges were identified and discussed to highlight the baseline security and privacy needs and concerns of the user. The paper also proposed threat taxonomy to address the security requirements in broader perspective. This survey of IoT Privacy and Security has been undertaken through a systematic literature review using online databases and other resources to search for all articles that meet certain criteria, entering information about each study into a personal database, and then drawing up tables summarizing the current state of literature. As a result, the paper distills the latest development

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Security Frameworks for Machine-to-Machine Devices and Networks

Attacks against mobile systems have escalated over the past decade. There have been increases of fraud, platform attacks, and malware. The Internet of Things (IoT) offers a new attack vector for Cybercriminals. M2M contributes to the growing number of devices that use wireless systems for Internet connection. As new applications and platforms are created, old vulnerabilities are transferred to next-generation systems. There is a research gap that exists between the current approaches for security framework development and the understanding of how these new technologies are different and how they are similar. This gap exists because system designers, security architects, and users are not fully aware of security risks and how next-generation devices can jeopardize safety and personal privacy. Current techniques, for developing security requirements, do not adequately consider the use of new technologies, and this weakens countermeasure implementations. These techniques rely on security frameworks for requirements development. These frameworks lack a method for identifying next generation security concerns and processes for comparing, contrasting and evaluating non-human device security protections. This research presents a solution for this problem by offering a novel security framework that is focused on the study of the “functions and capabilities” of M2M devices and improves the systems development life cycle for the overall IoT ecosystem