188 research outputs found
On the Privacy of Two Tag Ownership Transfer Protocols for RFIDs
In this paper, the privacy of two recent RFID tag ownership transfer
protocols are investigated against the tag owners as adversaries. The first
protocol called ROTIV is a scheme which provides a privacy-preserving ownership
transfer by using an HMAC-based authentication with public key encryption.
However, our passive attack on this protocol shows that any legitimate owner
which has been the owner of a specific tag is able to trace it either in the
past or in the future. Tracing the tag is also possible via an active attack
for any adversary who is able to tamper the tag and extract its information.
The second protocol called, Chen et al.'s protocol, is an ownership transfer
protocol for passive RFID tags which conforms EPC Class1 Generation2 standard.
Our attack on this protocol shows that the previous owners of a particular tag
are able to trace it in future. Furthermore, they are able even to obtain the
tag's secret information at any time in the future which makes them capable of
impersonating the tag
Formal Verification of Safety Properties for Ownership Authentication Transfer Protocol
In ubiquitous computing devices, users tend to store some valuable
information in their device. Even though the device can be borrowed by the
other user temporarily, it is not safe for any user to borrow or lend the
device as it may cause private data of the user to be public. To safeguard the
user data and also to preserve user privacy we propose and model the technique
of ownership authentication transfer. The user who is willing to sell the
device has to transfer the ownership of the device under sale. Once the device
is sold and the ownership has been transferred, the old owner will not be able
to use that device at any cost. Either of the users will not be able to use the
device if the process of ownership has not been carried out properly. This also
takes care of the scenario when the device has been stolen or lost, avoiding
the impersonation attack. The aim of this paper is to model basic process of
proposed ownership authentication transfer protocol and check its safety
properties by representing it using CSP and model checking approach. For model
checking we have used a symbolic model checker tool called NuSMV. The safety
properties of ownership transfer protocol has been modeled in terms of CTL
specification and it is observed that the system satisfies all the protocol
constraint and is safe to be deployed.Comment: 16 pages, 7 figures,Submitted to ADCOM 201
Privacy & authentication in extreme low power wireless devices: RFID and µ-sensors
Authentication and Privacy are important concerns in current low power wireless devices like RFID and µ-sensors. µ-sensors are low power devices which have been identified as being useful in variety of domains including battlefield and perimeter defense etc. Radio-Frequency Identification (RFID) is a technology for automated identification of objects and people. An RFID device frequently called RFID tag is a small microchip device that holds limited amount of data and transmits the same over the various frequency ranges. An RFID tag is typically attached to an item and contain identification information like serial numbers unique to that item. RFID tags are recently being used in several application areas like inventory management, medicines and security systems etc. Since sensors are deployed in an unattended hostile environment, they are vulnerable to various kinds of attacks. An adversary can pose insider or outsider attacks into the network with the goal of both deceiving the base station and depleting the resources of the relaying nodes. Authentication schemes are implemented that will enable base station to detect any false data transmission. RFIDs, on the other hand pose two main security concerns for users: clandestine tracking and inventorying. RFID tags respond to reader interrogation without alerting their owners or bearers. Thus, where read range permits clandestine scanning of tags is a plausible threat. Security requirements in both of these low power devices are comprised of authentication, integrity, privacy and anti-playback. The recipient of the message needs to be able to unequivocally assure that the message came from its stated source. Similarly, the recipient needs to be assured that the message was not altered in transit and that it is not an earlier message being re-played in order to veil the current environment. Finally, all communications needs to be kept private such that eavesdroppers cannot intercept study and analyze, and devise countermeasures to circumvent the purposes of the sensor network. This thesis implements authentication schemes in µ-sensors that will detect false injection of data into the communication path of the base station and sensors. In addition to that this thesis focuses on an application of RFIDs deployed in library application. Discusses the privacy and authentication issues in RFID tags particularly in the library domain. Describes an authentication scheme implementation to handle these vulnerabilities
Efficient and Low-Cost RFID Authentication Schemes
Security in passive resource-constrained Radio Frequency Identification
(RFID) tags is of much interest nowadays. Resistance against illegal tracking,
cloning, timing, and replay attacks are necessary for a secure RFID
authentication scheme. Reader authentication is also necessary to thwart any
illegal attempt to read the tags. With an objective to design a secure and
low-cost RFID authentication protocol, Gene Tsudik proposed a timestamp-based
protocol using symmetric keys, named YA-TRAP*. Although YA-TRAP* achieves its
target security properties, it is susceptible to timing attacks, where the
timestamp to be sent by the reader to the tag can be freely selected by an
adversary. Moreover, in YA-TRAP*, reader authentication is not provided, and a
tag can become inoperative after exceeding its pre-stored threshold timestamp
value. In this paper, we propose two mutual RFID authentication protocols that
aim to improve YA-TRAP* by preventing timing attack, and by providing reader
authentication. Also, a tag is allowed to refresh its pre-stored threshold
value in our protocols, so that it does not become inoperative after exceeding
the threshold. Our protocols also achieve other security properties like
forward security, resistance against cloning, replay, and tracking attacks.
Moreover, the computation and communication costs are kept as low as possible
for the tags. It is important to keep the communication cost as low as possible
when many tags are authenticated in batch-mode. By introducing aggregate
function for the reader-to-server communication, the communication cost is
reduced. We also discuss different possible applications of our protocols. Our
protocols thus capture more security properties and more efficiency than
YA-TRAP*. Finally, we show that our protocols can be implemented using the
current standard low-cost RFID infrastructures.Comment: 21 pages, Journal of Wireless Mobile Networks, Ubiquitous Computing,
and Dependable Applications (JoWUA), Vol 2, No 3, pp. 4-25, 201
Privacy analysis of forward and backward untraceable RFID authentication schemes
In this paper, we analyze the rst known provably secure RFID authentication schemes that are
designed to provide forward untraceability and backward untraceability: the L-K and S-M schemes. We show how
to trace tags in the L-K scheme without needing to corrupt tags. We also show that if a standard cryptographic
pseudorandom bit generator (PRBG) is used in the S-M scheme, then the scheme may fail to provide forward
untraceability and backward untraceability. To achieve the desired untraceability features, we show that the S-M
scheme can use a robust PRBG which provides forward security and backward security. We also note that the
backward security is stronger than necessary for the backward untraceability of the S-M scheme
Secure Autonomous UAVs Fleets by Using New Specific Embedded Secure Elements
International audienc
Tag Ownership Transfer in Radio Frequency Identification Systems: A Survey of Existing Protocols and Open Challenges
Radio frequency identification (RFID) is a modern approach to identify and track several assets at once in a supply chain environment. In many RFID applications, tagged items are frequently transferred from one owner to another. Thus, there is a need for secure ownership transfer (OT) protocols that can perform the transfer while, at the same time, protect the privacy of owners. Several protocols have been proposed in an attempt to fulfill this requirement. In this paper, we provide a comprehensive and systematic review of the RFID OT protocols that appeared over the years of 2005-2018. In addition, we compare these protocols based on the security goals which involve their support of OT properties and their resistance to attacks. From the presented comparison, we draw attention to the open issues in this field and provide suggestions for the direction that future research should follow. Furthermore, we suggest a set of guidelines to be considered in the design of new protocols. To the best of our knowledge, this is the first comprehensive survey that reviews the available OT protocols from the early start up to the current state of the art
KP+ : Fixing Availability Issues on KP Ownership Transfer Protocols
Ownership Transfer Protocols for RFID allow transferring the rights over a tag from a current owner to a new owner in a secure and private way. Recently, Kapoor and Piramuthu have proposed two schemes which solve most of the security weaknesses detected in previously
published protocols. However, this paper reviews this work and points out that such schemes still present some practical and security issues. We then propose some modifications in these protocols that overcome such problems
- …