An efficient and private RFID authentication protocol supporting ownership transfer

Radio Frequency IDentification (RFID) systems are getting pervasively deployed in many daily life applications. But this increased usage of RFID systems brings some serious problems together, security and privacy. In some applications, ownership transfer of RFID labels is sine qua non need. Specifically, the owner of RFID tag might be required to change several times during its lifetime. Besides, after ownership transfer, the authentication protocol should also prevent the old owner to trace the tags and disallow the new owner to trace old transactions of the tags. On the other hand, while achieving privacy and security concerns, the computation complexity should be considered. In order to resolve these issues, numerous authentication protocols have been proposed in the literature. Many of them failed and their computation load on the server side is very high. Motivated by this need, we propose an RFID mutual authentication protocol to provide ownership transfer. In our protocol, the server needs only a constant-time complexity for identification when the tag and server are synchronized. In case of ownership transfer, our protocol preserves both old and new owners’ privacy. Our protocol is backward untraceable against a strong adversary who compromise tag, and also forward untraceable under an assumption

Cryptanalysis of two mutual authentication protocols for low-cost RFID

Radio Frequency Identification (RFID) is appearing as a favorite technology for automated identification, which can be widely applied to many applications such as e-passport, supply chain management and ticketing. However, researchers have found many security and privacy problems along RFID technology. In recent years, many researchers are interested in RFID authentication protocols and their security flaws. In this paper, we analyze two of the newest RFID authentication protocols which proposed by Fu et al. and Li et al. from several security viewpoints. We present different attacks such as desynchronization attack and privacy analysis over these protocols.Comment: 17 pages, 2 figures, 1 table, International Journal of Distributed and Parallel system

Responsibility and non-repudiation in resource-constrained Internet of Things scenarios

The proliferation and popularity of smart autonomous systems necessitates the development of methods and models for ensuring the effective identification of their owners and controllers. The aim of this paper is to critically discuss the responsibility of Things and their impact on human affairs. This starts with an in-depth analysis of IoT Characteristics such as Autonomy, Ubiquity and Pervasiveness. We argue that Things governed by a controller should have an identifiable relationship between the two parties and that authentication and non-repudiation are essential characteristics in all IoT scenarios which require trustworthy communications. However, resources can be a problem, for instance, many Things are designed to perform in low-powered hardware. Hence, we also propose a protocol to demonstrate how we can achieve the authenticity of participating Things in a connectionless and resource-constrained environment

Analysis domain model for shared virtual environments

The field of shared virtual environments, which also encompasses online games and social 3D environments, has a system landscape consisting of multiple solutions that share great functional overlap. However, there is little system interoperability between the different solutions. A shared virtual environment has an associated problem domain that is highly complex raising difficult challenges to the development process, starting with the architectural design of the underlying system. This paper has two main contributions. The first contribution is a broad domain analysis of shared virtual environments, which enables developers to have a better understanding of the whole rather than the part(s). The second contribution is a reference domain model for discussing and describing solutions - the Analysis Domain Model

Modernizing payment systems in emerging economies

The authors address the following questions in this overview of payment systems: What is a payment system? How can efficient systems contribute to the development of modern, market-based financial institutions and markets? What elements are necessary for payment systems to operate efficiently? What are the operational characteristics of a modern payment system? What is the World Bank approach to selected payment system initiatives, design, and development? Effective, efficient payment systems, they conclude, are vital for the economic development of emerging economies. Efficient payment systems help promote the development of commerce, enhance economic policy oversight, control the risk inherent in moving large values, and reduce the financial, capital and human resources devoted to the transfer of payments. Many emerging economies lack the financial and technical resources to develop such systems. Many turn technical resources to develop such systems. Many turn to the World Bank and other international agencies for assistance. Unfortunately, some believe that the entire solution for an effective payment system rests in obtaining modern computer hardware and believe the World Bank's sole contribution is to finance hardware costs. Hardware procurement alone will not solve problems of payment systems. These countries need organizational plans and structure for national payment systems before they spend money on computer equipment. They often lack the expertise to design and operate modern payment systems, so they may need technical assistance from financial experts before they invest in systems development. The design of a new payment system should be kept simple. Many emerging economies lack the infrastructure and banking sophistication to leapfrog from basic to state-of-the-art payment systems. The first task is to fix the most serious problems. The second is to upgrade the current systems incrementally, to meet basic standards of timeliness, security, and reliability. As these improvements are made, the countries can turn their attention to long-term, advanced solutions. Each country's payments system is unique. To simply import another country's system without adjusting for the target country's geography, infrastructure, banking and legal structures, culture, and needs could lead to suboptimal solutions. Development of the system should follow a disciplined plan for defining the needs of users and for organizing the project team and project goals.Payment Systems&Infrastructure,Banks&Banking Reform,Economic Theory&Research,Financial Intermediation,Information Technology