34 research outputs found
An efficient and private RFID authentication protocol supporting ownership transfer
Radio Frequency IDentification (RFID) systems are getting pervasively deployed in many daily life applications. But this increased usage of RFID systems brings some serious problems together, security and privacy. In some applications, ownership transfer of RFID labels is sine qua non need. Specifically, the owner of RFID tag might be required to change several times during its lifetime. Besides, after ownership transfer, the authentication protocol should also prevent the old owner to trace the tags and disallow the new owner to trace old transactions of the tags. On the other hand, while achieving privacy and security concerns, the computation complexity should be considered. In order to resolve these issues, numerous authentication protocols have been proposed in the literature. Many of them failed and their computation load on the server side is very high. Motivated by this need, we propose an RFID mutual authentication protocol to provide ownership transfer. In our protocol, the server needs only a constant-time complexity for identification when the tag and server are synchronized. In case of ownership transfer, our protocol preserves both old and new owners’ privacy. Our protocol is backward untraceable against a strong adversary who compromise tag, and also forward untraceable under an assumption
Anonymous RFID authentication for cloud services
Cloud computing is one of the fastest growing segments of IT industry since the users’ commitments for investment and operations are minimized, and costs are in direct relation to usage and demand. In general, cloud services are required to authenticate the user and most of the practical cloud services do not provide anonymity of the users. Namely, cloud provider can track the users easily, so privacy and authenticity are two critical aspects of security. Anonymous authentication is a technique enabling users to prove that they have privilege without disclosing real identities. This type of authentication can be useful especially in scenarios where it is sufficient to ensure the server that the claiming parties are indeed registered. Some motivating applications in the cloud for an anonymous authentication protocol are E-commerce, E-voting, E-library, Ecashand mobile agent applications. Many existing anonymous authentication protocols assume absolute trust to the cloud provider in which all private keys are stored. This trust may result in serious security and privacy issues in case of private key leakage from the cloud provider. In this paper, we propose forward secure anonymous and mutual authentication protocols using RFID technology for cloud services. These protocols avoid the trustworthiness to the cloud provider. Meaning that, even if the private keys are obtained from the corrupted tags or from the server owners of these tags cannot be traced from the past authentication actions. In fact, anonymity of the users will still be ensured even the private keys of tags are compromised
Security Attacks and Enhancements to Chaotic Map-Based RFID Authentication Protocols
Radio frequency identification (RFID) technology has been increasingly integrated into numerous applications for authentication of objects or individuals. However, because of its limited computation power, RFID technology may cause several security and privacy issues such as tracking the owner of the tag, cloning of the tags and etc. Recently, two chaotic map-based authentication protocols have been proposed for low-cost RFID tags in order to eliminate these issues. In this paper, we give the security analysis of these protocols and uncover their weaknesses. We prove that these protocols are vulnerable to tag tracing, tag impersonation and desynchronization attacks. The attack complexity of an adversary is polynomial and the success probability of these attacks are substantial. Moreover, we also propose an improved RFID authentication protocol that employs Chebyshev chaotic maps and complies with the EPC global Class 1 Generation 2 standard. Finally, we show that our protocol is resistant against those security issues
Identifying Large-Scale RFID Tags Using Non-Cryptographic Approach
In this paper, we propose a new approach to identify a tag of a RFID system in constant time while keeping untraceability to the tag. Our scheme does not use any cryptographic primitives. Instead, we use a line in a plane to represent a tag. The points on the line, which are infinite and different each other, can be used as tag identification. We also explore the scalability of the proposed scheme. The result of experiments showed that a tag of the RFID system over 1,000,000 tags, embedded 3000 gates, can store 559 dynamic identity proofs
Wireless Protocols for Anti Cloning and Security
RFID system (Radio-Frequency Identification) is a technology for automated identification of objects and people. Human beings are smart enough to identify an object under a variety of challenge circumstances. RFID systems are emerging as one of the most pervasive computing technologies. But there are still a large number of problems that are to be addressed. One of the fundamental issues still to be addressed is privacy, which concludes association threat, location threat, preference threat, constellation threat, transaction threat, action threat and breadcrumb threat (Kim, J., Yang, C, Jeon, J,2007). Misbehaviours of both readers and tags will lead to attacks to the system. The common attacks on the readers, tags and the air interface between them comprise: Tracking or Tracing, Tamper, Clandestine Scanning, Counterfeit Tags, Cloning Tags, Eavesdropping, Replay, man-in-the-middle attack, Spoofing, Differential power analysis, Timing Attacks, Denial of Service, Physical Attacking and so on (P. Cuenca and L. Orozco-Barbosa, 2006.),(Kim, J., Yang, C, Jeon, J, 2007). Due to scarceness of resources most of the proposed protocols were designed using symmetric key cryptographic algorithms. However, it has been shown that it is inevitable to use public-key cryptographic algorithms to satisfy these requirements. A number of mechanisms have been devised to overcome the problems related to security and privacy issue of RFID systems. In this paper we propose three anonymous RFID authentication protocols and prove that they are secure in the traditional cryptographic framework. Our model allows most of the threats that apply to RFIDs systems including, denial of service, impersonation, malicious traceability, information leakage through power analysis and active man-in-the middle attacks. Our protocols are efficient and scalable
RFID Authentification Protocols using Symmetric Cryptography
Radio Frequency IDentification (RFID) is emerging in a variety
of applications as an important technology for identifying and
tracking goods and assets. The spread of RFID technology,
however, also gives rise to significant user privacy and
security issues. One possible solution to these challenges is
the use of a privacy-enhancing cryptographic protocol to
protect RFID communications.
This thesis considers RFID authentication protocols that make
use of symmetric cryptography. We first identify the privacy,
security and performance requirements for RFID systems. We then
review recent related work, and assess the capabilities of
previously proposed protocols with respect to the identified
privacy, security and performance properties.
The thesis makes four main contributions. First, we introduce
server impersonation attacks as a novel security threat to RFID
protocols. RFID tag memory is generally not tamper-proof, since
tag costs must be kept low, and thus it is vulnerable to
compromise by physical attacks. We show that such attacks can
give rise to desynchronisation between server and tag in a
number of existing RFID authentication protocols. We also
describe possible countermeasures to this novel class of
attacks.
Second, we propose a new authentication protocol for RFID
systems that provides most of the identified privacy and
security features. The new protocol resists tag information
leakage, tag location tracking, replay attacks, denial of
service attacks and backward traceability. It is also more
resistant to forward traceability and server impersonation
attacks than previously proposed schemes. The scheme requires
less tag-side storage than existing protocols and requires only
a moderate level of tag-side computation.
Next, we survey the security requirements for RFID tag
ownership transfer. In some applications, the bearer of an RFID
tag might change, with corresponding changes required for the
RFID system infrastructure. We propose novel authentication
protocols for tag ownership and authorisation transfer. The
proposed protocols satisfy the requirements presented, and have
desirable performance characteristics.
Finally, we address the issue of scalability in anonymous RFID
authentication protocols. Many previously proposed protocols
suffer from scalability issues because they require a linear
search to identify or authenticate a tag. Some RFID protocols,
however, only require constant time for tag identification;
unfortunately, all previously proposed schemes of this type
have serious shortcomings. We propose a novel RFID pseudonym
protocol that takes constant time to authenticate a tag, and
meets the identified privacy, security and performance
requirements. The proposed scheme also supports tag delegation
and ownership transfer in an efficient way