2,749 research outputs found
Efficient and Low-Cost RFID Authentication Schemes
Security in passive resource-constrained Radio Frequency Identification
(RFID) tags is of much interest nowadays. Resistance against illegal tracking,
cloning, timing, and replay attacks are necessary for a secure RFID
authentication scheme. Reader authentication is also necessary to thwart any
illegal attempt to read the tags. With an objective to design a secure and
low-cost RFID authentication protocol, Gene Tsudik proposed a timestamp-based
protocol using symmetric keys, named YA-TRAP*. Although YA-TRAP* achieves its
target security properties, it is susceptible to timing attacks, where the
timestamp to be sent by the reader to the tag can be freely selected by an
adversary. Moreover, in YA-TRAP*, reader authentication is not provided, and a
tag can become inoperative after exceeding its pre-stored threshold timestamp
value. In this paper, we propose two mutual RFID authentication protocols that
aim to improve YA-TRAP* by preventing timing attack, and by providing reader
authentication. Also, a tag is allowed to refresh its pre-stored threshold
value in our protocols, so that it does not become inoperative after exceeding
the threshold. Our protocols also achieve other security properties like
forward security, resistance against cloning, replay, and tracking attacks.
Moreover, the computation and communication costs are kept as low as possible
for the tags. It is important to keep the communication cost as low as possible
when many tags are authenticated in batch-mode. By introducing aggregate
function for the reader-to-server communication, the communication cost is
reduced. We also discuss different possible applications of our protocols. Our
protocols thus capture more security properties and more efficiency than
YA-TRAP*. Finally, we show that our protocols can be implemented using the
current standard low-cost RFID infrastructures.Comment: 21 pages, Journal of Wireless Mobile Networks, Ubiquitous Computing,
and Dependable Applications (JoWUA), Vol 2, No 3, pp. 4-25, 201
SLEC: A Novel Serverless RFID Authentication Protocol Based on Elliptic Curve Cryptography
Radio Frequency Identification (RFID) is one of the leading technologies in the Internet of Things (IoT) to create an efficient and reliable system to securely identify objects in many environments such as business, health, and manufacturing areas. Since the RFID server, reader, and tag communicate via insecure channels, mutual authentication between the reader and the tag is necessary for secure communication. The central database server supports the authentication of the reader and the tag by storing and managing the network data. Recent lightweight RFID authentication protocols have been proposed to satisfy the security features of RFID communication. A serverless RFID system is a new promising solution to alternate the central database for mobile RFID models. In this model, the reader and the tag perform the mutual authentication without the support of the central database server. However, many security challenges arise from implementing the lightweight RFID authentication protocols in the serverless RFID network. We propose a new robust serverless RFID authentication protocol based on the Elliptic Curve Cryptography (ECC) to prevent the security attacks on the network and maintain the confidentiality and the privacy of the authentication messages and tag information and location. While most of the current protocols assume a secure channel in the setup phase to transmit the communication data, we consider in our protocol an insecure setup phase between the server, reader, and tag to ensure that the data can be renewed from any checkpoint server along with the route of the mobile RFID network. Thus, we implemented the elliptic curve cryptography in the setup phase (renewal phase) to transmit and store the data and the public key of the server to any reader or tag so that the latter can perform the mutual authentication successfully. The proposed model is compared under the classification of the serverless model in term of computation cost and security resistance
Design and Analysis for RFID Authentication Protocol
Radio frequency identification (RFID) technology has been widely used in ubiquitous infrastructures. On the other hand, the low-cost RFID system has potential risks such as privacy and security problems, which would be a big barrier for the application. First of all, we analyze the current security protocols for the RFID system. To protect user privacy and remove security vulnerabilities, we propose a robust and privacy preserving mutual authentication protocol that is suitable for the low-cost RFID environment. Finally, the correctness of the proposed authentication protocol is proved by the BAN logic.published_or_final_versio
MUMAP: Modified Ultralightweight Mutual Authentication protocol for RFID enabled IoT networks
Flawed authentication protocols led to the need for a secured protocol for radio frequency identification (RFID) techniques. In this paper, an authentication protocol named Modified ultralightweight mutual authentication protocol (MUMAP) has been proposed and cryptanalysed by Juel-Weis challenge. The proposed protocol aimed to reduce memory requirements in the authentication process for low-cost RFID tags with limited resources. Lightweight operations like XOR and Left Rotation, are used to circumvent the flaws made in the other protocols. The proposed protocol has three-phase of authentication. Security analysis of the proposed protocol proves its resistivity against attacks like desynchronization, disclosure, tracking, and replay attack. On the other hand, performance analysis indicates that it is an effective protocol to use in low-cost RFID tags. Juel-Weis challenge verifies the proposed protocol where it shows insusceptibility against modular operations
An efficient and private RFID authentication protocol supporting ownership transfer
Radio Frequency IDentification (RFID) systems are getting pervasively deployed in many daily life applications. But this increased usage of RFID systems brings some serious problems together, security and privacy. In some applications, ownership transfer of RFID labels is sine qua non need. Specifically, the owner of RFID tag might be required to change several times during its lifetime. Besides, after ownership transfer, the authentication protocol should also prevent the old owner to trace the tags and disallow the new owner to trace old transactions of the tags. On the other hand, while achieving privacy and security concerns, the computation complexity should be considered. In order to resolve these issues, numerous authentication protocols have been proposed in the literature. Many of them failed and their computation load on the server side is very high. Motivated by this need, we propose an RFID mutual authentication protocol to provide ownership transfer. In our protocol, the server needs only a constant-time complexity for identification when the tag and server are synchronized. In case of ownership transfer, our protocol preserves both old and new owners’ privacy. Our protocol is backward untraceable against a strong adversary who compromise tag, and also forward untraceable under an assumption
Cryptanalysis of two mutual authentication protocols for low-cost RFID
Radio Frequency Identification (RFID) is appearing as a favorite technology
for automated identification, which can be widely applied to many applications
such as e-passport, supply chain management and ticketing. However, researchers
have found many security and privacy problems along RFID technology. In recent
years, many researchers are interested in RFID authentication protocols and
their security flaws. In this paper, we analyze two of the newest RFID
authentication protocols which proposed by Fu et al. and Li et al. from several
security viewpoints. We present different attacks such as desynchronization
attack and privacy analysis over these protocols.Comment: 17 pages, 2 figures, 1 table, International Journal of Distributed
and Parallel system
Lightweight Mutual Authentication Protocol for Low Cost RFID Tags
Radio Frequency Identification (RFID) technology one of the most promising
technologies in the field of ubiquitous computing. Indeed, RFID technology may
well replace barcode technology. Although it offers many advantages over other
identification systems, there are also associated security risks that are not
easy to be addressed. When designing a real lightweight authentication protocol
for low cost RFID tags, a number of challenges arise due to the extremely
limited computational, storage and communication abilities of Low-cost RFID
tags. This paper proposes a real mutual authentication protocol for low cost
RFID tags. The proposed protocol prevents passive attacks as active attacks are
discounted when designing a protocol to meet the requirements of low cost RFID
tags. However the implementation of the protocol meets the limited abilities of
low cost RFID tags.Comment: 11 Pages, IJNS
A Cloud-based RFID Authentication Protocol with Insecure Communication Channels
© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Radio Frequency Identification (RFID) has becomea widespread technology to automatically identify objects and withthe development of cloud computing, cloud-based RFID systemsattract more research these days. Several cloud-based RFIDauthentication protocols have been proposed to address privacyand security properties in the environment where the cloudprovider is untrusted therefore the tag’s data are encrypted andanonymously stored in the cloud database. However, most of thecloud-based RFID authentication protocols assume securecommunication channels between the reader and the cloud server.To protect data transmission between the reader and the cloudserver without any help from a third party, this paper proposes acloud-based RFID authentication protocol with insecurecommunication channels (cloud-RAPIC) between the reader and the cloud server. The cloud-RAPIC protocol preserves tag privacyeven when the tag does not update its identification. The cloudRAPIC protocol has been analyzed using the UPriv model andAVISPA verification tool which have proved that the protocolpreserves tag privacy and protects data secrecy
A Survey of RFID Authentication Protocols Based on Hash-Chain Method
Security and privacy are the inherent problems in RFID communications. There
are several protocols have been proposed to overcome those problems. Hash chain
is commonly employed by the protocols to improve security and privacy for RFID
authentication. Although the protocols able to provide specific solution for
RFID security and privacy problems, they fail to provide integrated solution.
This article is a survey to closely observe those protocols in terms of its
focus and limitations.Comment: Third ICCIT 2008 International Conference on Convergence and Hybrid
Information Technolog
- …