Optimal security limits of RFID distance bounding protocols

In this paper, we classify the RFID distance bounding protocols having bitwise fast phases and no final signature. We also give the theoretical security bounds for two specific classes, leaving the security bounds for the general case as an open problem. As for the classification, we introduce the notion of k-previous challenge dependent (k-PCD) protocols where each response bit depends on the current and k-previous challenges and there is no final signature. We treat the case k = 0, which means each response bit depends only on the current challenge, as a special case and define such protocols as current challenge dependent (CCD) protocols. In general, we construct a trade-off curve between the security levels of mafia and distance frauds by introducing two generic attack algorithms. This leads to the conclusion that CCD protocols cannot attain the ideal security against distance fraud, i.e. 1/2, for each challenge-response bit, without totally losing the security against mafia fraud. We extend the generic attacks to 1-PCD protocols and obtain a trade-off curve for 1-PCD protocols pointing out that 1-PCD protocols can provide better security than CCD protocols. Thereby, we propose a natural extension of a CCD protocol to a 1-PCD protocol in order to improve its security. As a study case, we give two natural extensions of Hancke and Kuhn protocol to show how to enhance the security against either mafia fraud or distance fraud without extra cost

Distance Bounding Protocols on TH-UWB Link and their Analysis over Noisy Channels

Relay attacks represent nowadays a critical threat to authentication protocols. They cab be thwarted by deploying distance bounding protocols on an UWB radio. Exploiting the characteristics of time-hopping UWB radios to enhance distance bounding protocols leads to two design strategies. The first one is based on a secret time-hopping code while the mapping code is public. The second strategy exploits a secret mapping code with a public time-hopping code. The merits of each strategy are established over noise-free and noist channels as well as for different radio parameters

Security of distance-bounding: A survey

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI linkDistance-bounding protocols allow a verifier to both authenticate a prover and evaluate whether the latter is located in his vicinity. These protocols are of particular interest in contactless systems, e.g., electronic payment or access control systems, which are vulnerable to distance-based frauds. This survey analyzes and compares in a unified manner many existing distance-bounding protocols with respect to several key security and complexity features

Design and Analysis of Security Schemes for Low-cost RFID Systems

With the remarkable progress in microelectronics and low-power semiconductor technologies, Radio Frequency IDentification technology (RFID) has moved from obscurity into mainstream applications, which essentially provides an indispensable foundation to realize ubiquitous computing and machine perception. However, the catching and exclusive characteristics of RFID systems introduce growing security and privacy concerns. To address these issues are particularly challenging for low-cost RFID systems, where tags are extremely constrained in resources, power and cost. The primary reasons are: (1) the security requirements of low-cost RFID systems are even more rigorous due to large operation range and mass deployment; and (2) the passive tags' modest capabilities and the necessity to keep their prices low present a novel problem that goes beyond the well-studied problems of traditional cryptography. This thesis presents our research results on the design and the analysis of security schemes for low-cost RFID systems. Motivated by the recent attention on exploiting physical layer resources in the design of security schemes, we investigate how to solve the eavesdropping, modification and one particular type of relay attacks toward the tag-to-reader communication in passive RFID systems without requiring lightweight ciphers. To this end, we propose a novel physical layer scheme, called Backscatter modulation- and Uncoordinated frequency hopping-assisted Physical Layer Enhancement (BUPLE). The idea behind it is to use the amplitude of the carrier to transmit messages as normal, while to utilize its periodically varied frequency to hide the transmission from the eavesdropper/relayer and to exploit a random sequence modulated to the carrier's phase to defeat malicious modifications. We further improve its eavesdropping resistance through the coding in the physical layer, since BUPLE ensures that the tag-to-eavesdropper channel is strictly noisier than the tag-to-reader channel. Three practical Wiretap Channel Codes (WCCs) for passive tags are then proposed: two of them are constructed from linear error correcting codes, and the other one is constructed from a resilient vector Boolean function. The security and usability of BUPLE in conjunction with WCCs are further confirmed by our proof-of-concept implementation and testing. Eavesdropping the communication between a legitimate reader and a victim tag to obtain raw data is a basic tool for the adversary. However, given the fundamentality of eavesdropping attacks, there are limited prior work investigating its intension and extension for passive RFID systems. To this end, we firstly identified a brand-new attack, working at physical layer, against backscattered RFID communications, called unidirectional active eavesdropping, which defeats the customary impression that eavesdropping is a ``passive" attack. To launch this attack, the adversary transmits an un-modulated carrier (called blank carrier) at a certain frequency while a valid reader and a tag interacts at another frequency channel. Once the tag modulates the amplitude of reader's signal, it causes fluctuations on the blank carrier as well. By carefully examining the amplitude of the backscattered versions of the blank carrier and the reader's carrier, the adversary could intercept the ongoing reader-tag communication with either significantly lower bit error rate or from a significantly greater distance away. Our concept is demonstrated and empirically analyzed towards a popular low-cost RFID system, i.e., EPC Gen2. Although active eavesdropping in general is not trivial to be prohibited, for a particular type of active eavesdropper, namely a greedy proactive eavesdropper, we propose a simple countermeasure without introducing extra cost to current RFID systems. The needs of cryptographic primitives on constraint devices keep increasing with the growing pervasiveness of these devices. One recent design of the lightweight block cipher is Hummingbird-2. We study its cryptographic strength under a novel technique we developed, called Differential Sequence Attack (DSA), and present the first cryptanalytic result on this cipher. In particular, our full attack can be divided into two phases: preparation phase and key recovery phase. During the key recovery phase, we exploit the fact that the differential sequence for the last round of Hummingbird-2 can be retrieved by querying the full cipher, due to which, the search space of the secret key can be significantly reduced. Thus, by attacking the encryption (decryption resp.) of Hummingbird-2, our algorithm recovers 36-bit (another 28-bit resp.) out of 128-bit key with $2^{68}$ ($2^{60}$ resp.) time complexity if particular differential conditions of the internal states and of the keys at one round can be imposed. Additionally, the rest 64-bit of the key can be exhaustively searched and the overall time complexity is dominated by $2^{68}$. During the preparation phase, by investing $2^{81}$ effort in time, the adversary is able to create the differential conditions required in the key recovery phase with at least 0.5 probability. As an additional effort, we examine the cryptanalytic strength of another lightweight candidate known as A2U2, which is the most lightweight cryptographic primitive proposed so far for low-cost tags. Our chosen-plaintext-attack fully breaks this cipher by recovering its secret key with only querying the encryption twice on the victim tag and solving 32 sparse systems of linear equations (where each system has 56 unknowns and around 28 unknowns can be directly obtained without computation) in the worst case, which takes around 0.16 second on a Thinkpad T410 laptop

Security and privacy in RFID systems

RFID is a leading technology that has been rapidly deployed in several daily life applications such as payment, access control, ticketing, e-passport, supply-chain, etc. An RFID tag is an electronic label that can be attached to an object/individual in order to identify or track the object/individual through radio waves. Security and privacy are two major concerns in several applications as the tags are required to provide a proof of identity. The RFID tags are generally not tamper-resistant against strong adversarial attacks. They also have limited computational resources. Therefore, the design of a privacy preserving and cost-effective RFID authentication protocol is a very challenging task for industrial applications. Moreover, RFID systems are also vulnerable to relay attacks (i.e., mafia, terrorist and distance frauds) when they are used for authentication purposes. Distance bounding protocols are particularly designed as a countermeasure against these attacks. These protocols aim to ensure that the tags are in a bounded area by measuring the round-trip delays during a rapid challenge-response exchange of short authentication messages. Several RFID distance bounding protocols have been proposed recently in the literature. However, none of them provides the ideal security against the terrorist fraud. Besides, the requirements of low resources and inefficient data management trigger to make use of cloud computing technology in RFID authentication systems. However, as more and more information on individuals and companies is placed in the cloud, concerns about data safety and privacy raise. Therefore, while integrating cloud services into RFID authentication systems, the privacy of tag owner against the cloud must also be taken into account. Motivated by this need, this dissertation contributes to the design of algorithms and protocols aimed at dealing with the issues explained above. First of all, we introduce two privacy models for RFID authentication protocols based on Physically Unclonable Functions (PUF). We propose several authentication protocols in order to demonstrate these models. Moreover, we study distance bounding protocols having bit-wise fast phases and no final signature. We give analysis for the optimal security limits of the distance bounding protocols. Furthermore, we propose a novel RFID distance bounding protocol based on PUFs and it satisfies the highest security levels. Finally, we provide a new security and privacy model for integrating cloud computing into RFID systems. For the sake of demonstration of this model, we also propose two RFID authentication protocols that require various computational resources and provide different privacy levels

Cooperative Radio Communications for Green Smart Environments

The demand for mobile connectivity is continuously increasing, and by 2020 Mobile and Wireless Communications will serve not only very dense populations of mobile phones and nomadic computers, but also the expected multiplicity of devices and sensors located in machines, vehicles, health systems and city infrastructures. Future Mobile Networks are then faced with many new scenarios and use cases, which will load the networks with different data traffic patterns, in new or shared spectrum bands, creating new specific requirements. This book addresses both the techniques to model, analyse and optimise the radio links and transmission systems in such scenarios, together with the most advanced radio access, resource management and mobile networking technologies. This text summarises the work performed by more than 500 researchers from more than 120 institutions in Europe, America and Asia, from both academia and industries, within the framework of the COST IC1004 Action on "Cooperative Radio Communications for Green and Smart Environments". The book will have appeal to graduates and researchers in the Radio Communications area, and also to engineers working in the Wireless industry. Topics discussed in this book include: • Radio waves propagation phenomena in diverse urban, indoor, vehicular and body environments• Measurements, characterization, and modelling of radio channels beyond 4G networks• Key issues in Vehicle (V2X) communication• Wireless Body Area Networks, including specific Radio Channel Models for WBANs• Energy efficiency and resource management enhancements in Radio Access Networks• Definitions and models for the virtualised and cloud RAN architectures• Advances on feasible indoor localization and tracking techniques• Recent findings and innovations in antenna systems for communications• Physical Layer Network Coding for next generation wireless systems• Methods and techniques for MIMO Over the Air (OTA) testin

Suspect Until Proven Guilty, a Problematization of State Dossier Systems via Two Case Studies: The United States and China

This dissertation problematizes the state dossier system (SDS): the production and accumulation of personal information on citizen subjects exceeding the reasonable bounds of risk management. SDS - comprising interconnecting subsystems of records and identification - damage individual autonomy and self-determination, impacting not only human rights, but also the viability of the social system. The research, a hybrid of case-study and cross-national comparison, was guided in part by a theoretical model of four primary SDS driving forces: technology, political economy, law and public sentiment. Data sources included government documents, academic texts, investigative journalism, NGO reports and industry white papers. The primary analytical instrument was the juxtaposition of two individual cases: the U.S. and China. Research found that constraints on the extent of the U.S. SDS today may not be significantly different from China\u27s, a system undergoing significant change amidst growing public interest in privacy and anonymity. Much activity within the U.S., such as the practice of suspicious activity reporting, is taking place outside the domain of federal privacy laws, while ID systems appear to advance and expand despite clear public opposition. Momentum for increasingly comprehensive SDS appears to be growing, in part because the harms may not be immediately evident to the data subjects. The future of SDS globally will depend on an informed and active public; law and policy will need to adjust to better regulate the production and storage of personal information. To that end, the dissertation offers a general model and linguistic toolkit for the further analysis of SDS

Cooperative Radio Communications for Green Smart Environments

The demand for mobile connectivity is continuously increasing, and by 2020 Mobile and Wireless Communications will serve not only very dense populations of mobile phones and nomadic computers, but also the expected multiplicity of devices and sensors located in machines, vehicles, health systems and city infrastructures. Future Mobile Networks are then faced with many new scenarios and use cases, which will load the networks with different data traffic patterns, in new or shared spectrum bands, creating new specific requirements. This book addresses both the techniques to model, analyse and optimise the radio links and transmission systems in such scenarios, together with the most advanced radio access, resource management and mobile networking technologies. This text summarises the work performed by more than 500 researchers from more than 120 institutions in Europe, America and Asia, from both academia and industries, within the framework of the COST IC1004 Action on "Cooperative Radio Communications for Green and Smart Environments". The book will have appeal to graduates and researchers in the Radio Communications area, and also to engineers working in the Wireless industry. Topics discussed in this book include: • Radio waves propagation phenomena in diverse urban, indoor, vehicular and body environments• Measurements, characterization, and modelling of radio channels beyond 4G networks• Key issues in Vehicle (V2X) communication• Wireless Body Area Networks, including specific Radio Channel Models for WBANs• Energy efficiency and resource management enhancements in Radio Access Networks• Definitions and models for the virtualised and cloud RAN architectures• Advances on feasible indoor localization and tracking techniques• Recent findings and innovations in antenna systems for communications• Physical Layer Network Coding for next generation wireless systems• Methods and techniques for MIMO Over the Air (OTA) testin

Air Force Institute of Technology Research Report 2012

This report summarizes the research activities of the Air Force Institute of Technology’s Graduate School of Engineering and Management. It describes research interests and faculty expertise; lists student theses/dissertations; identifies research sponsors and contributions; and outlines the procedures for contacting the school. Included in the report are: faculty publications, conference presentations, consultations, and funded research projects. Research was conducted in the areas of Aeronautical and Astronautical Engineering, Electrical Engineering and Electro-Optics, Computer Engineering and Computer Science, Systems and Engineering Management, Operational Sciences, Mathematics, Statistics and Engineering Physics