4,395 research outputs found
Cryptanalysis of two mutual authentication protocols for low-cost RFID
Radio Frequency Identification (RFID) is appearing as a favorite technology
for automated identification, which can be widely applied to many applications
such as e-passport, supply chain management and ticketing. However, researchers
have found many security and privacy problems along RFID technology. In recent
years, many researchers are interested in RFID authentication protocols and
their security flaws. In this paper, we analyze two of the newest RFID
authentication protocols which proposed by Fu et al. and Li et al. from several
security viewpoints. We present different attacks such as desynchronization
attack and privacy analysis over these protocols.Comment: 17 pages, 2 figures, 1 table, International Journal of Distributed
and Parallel system
Privacy of Recent RFID Authentication Protocols
Privacy is a major concern in RFID systems, especially with widespread deployment of wireless-enabled interconnected personal devices e.g. PDAs and mobile phones, credit cards, e-passports, even clothing and tires. An RFID authentication protocol should not only allow a legitimate reader to authenticate a tag but it should also protect the privacy of the tag against unauthorized tracing: an adversary should not be able to get any useful information about the tag for tracking or discovering the tag’s identity. In this paper, we analyze the privacy of some recently proposed RFID authentication protocols (2006 and 2007) and show attacks on them that compromise their privacy. Our attacks consider the simplest adversaries that do not corrupt nor open the tags. We describe our attacks against a general untraceability model; from experience we view this endeavour as a good practice to keep in mind when designing and analyzing security protocols
RFID Authentification Protocols using Symmetric Cryptography
Radio Frequency IDentification (RFID) is emerging in a variety
of applications as an important technology for identifying and
tracking goods and assets. The spread of RFID technology,
however, also gives rise to significant user privacy and
security issues. One possible solution to these challenges is
the use of a privacy-enhancing cryptographic protocol to
protect RFID communications.
This thesis considers RFID authentication protocols that make
use of symmetric cryptography. We first identify the privacy,
security and performance requirements for RFID systems. We then
review recent related work, and assess the capabilities of
previously proposed protocols with respect to the identified
privacy, security and performance properties.
The thesis makes four main contributions. First, we introduce
server impersonation attacks as a novel security threat to RFID
protocols. RFID tag memory is generally not tamper-proof, since
tag costs must be kept low, and thus it is vulnerable to
compromise by physical attacks. We show that such attacks can
give rise to desynchronisation between server and tag in a
number of existing RFID authentication protocols. We also
describe possible countermeasures to this novel class of
attacks.
Second, we propose a new authentication protocol for RFID
systems that provides most of the identified privacy and
security features. The new protocol resists tag information
leakage, tag location tracking, replay attacks, denial of
service attacks and backward traceability. It is also more
resistant to forward traceability and server impersonation
attacks than previously proposed schemes. The scheme requires
less tag-side storage than existing protocols and requires only
a moderate level of tag-side computation.
Next, we survey the security requirements for RFID tag
ownership transfer. In some applications, the bearer of an RFID
tag might change, with corresponding changes required for the
RFID system infrastructure. We propose novel authentication
protocols for tag ownership and authorisation transfer. The
proposed protocols satisfy the requirements presented, and have
desirable performance characteristics.
Finally, we address the issue of scalability in anonymous RFID
authentication protocols. Many previously proposed protocols
suffer from scalability issues because they require a linear
search to identify or authenticate a tag. Some RFID protocols,
however, only require constant time for tag identification;
unfortunately, all previously proposed schemes of this type
have serious shortcomings. We propose a novel RFID pseudonym
protocol that takes constant time to authenticate a tag, and
meets the identified privacy, security and performance
requirements. The proposed scheme also supports tag delegation
and ownership transfer in an efficient way
SLEC: A Novel Serverless RFID Authentication Protocol Based on Elliptic Curve Cryptography
Radio Frequency Identification (RFID) is one of the leading technologies in the Internet of Things (IoT) to create an efficient and reliable system to securely identify objects in many environments such as business, health, and manufacturing areas. Since the RFID server, reader, and tag communicate via insecure channels, mutual authentication between the reader and the tag is necessary for secure communication. The central database server supports the authentication of the reader and the tag by storing and managing the network data. Recent lightweight RFID authentication protocols have been proposed to satisfy the security features of RFID communication. A serverless RFID system is a new promising solution to alternate the central database for mobile RFID models. In this model, the reader and the tag perform the mutual authentication without the support of the central database server. However, many security challenges arise from implementing the lightweight RFID authentication protocols in the serverless RFID network. We propose a new robust serverless RFID authentication protocol based on the Elliptic Curve Cryptography (ECC) to prevent the security attacks on the network and maintain the confidentiality and the privacy of the authentication messages and tag information and location. While most of the current protocols assume a secure channel in the setup phase to transmit the communication data, we consider in our protocol an insecure setup phase between the server, reader, and tag to ensure that the data can be renewed from any checkpoint server along with the route of the mobile RFID network. Thus, we implemented the elliptic curve cryptography in the setup phase (renewal phase) to transmit and store the data and the public key of the server to any reader or tag so that the latter can perform the mutual authentication successfully. The proposed model is compared under the classification of the serverless model in term of computation cost and security resistance
A Survey of RFID Authentication Protocols Based on Hash-Chain Method
Security and privacy are the inherent problems in RFID communications. There
are several protocols have been proposed to overcome those problems. Hash chain
is commonly employed by the protocols to improve security and privacy for RFID
authentication. Although the protocols able to provide specific solution for
RFID security and privacy problems, they fail to provide integrated solution.
This article is a survey to closely observe those protocols in terms of its
focus and limitations.Comment: Third ICCIT 2008 International Conference on Convergence and Hybrid
Information Technolog
- …