Security Analysis of ECC Based Protocols

Elliptic curve cryptography (ECC) is extensively used in various multifactor authentication protocols. In this work, various recent ECC based authentication and key exchange protocols are subjected to threat modeling and static analysis to detect vulnerabilities, and to enhance them to be more secure against threats. This work demonstrates how currently used ECC based protocols are vulnerable to attacks. If protocols are vulnerable, damages could include critical data loss and elevated privacy concerns. The protocols considered in thiswork differ in their usage of security factors (e.g. passwords, pins, and biometrics), encryption and timestamps. The threatmodel considers various kinds of attacks including denial of service, man in the middle, weak authentication and SQL injection. Countermeasures to reduce or prevent such attacks are suggested. Beyond cryptanalysis of current schemes and proposal of new schemes, the proposed adversary model and criteria set forth provide a benchmark for the systematic evaluation of future two-factor authentication proposals

Protecting Privacy and Ensuring Security of RFID Systems Using Private Authentication Protocols

Radio Frequency IDentification (RFID) systems have been studied as an emerging technology for automatic identification of objects and assets in various applications ranging from inventory tracking to point of sale applications and from healthcare applications to e-passport. The expansion of RFID technology, however, gives rise to severe security and privacy concerns. To ensure the widespread deployment of this technology, the security and privacy threats must be addressed. However, providing solutions to the security and privacy threats has been a challenge due to extremely inadequate resources of typical RFID tags. Authentication protocols can be a possible solution to secure RFID communications. In this thesis, we consider RFID authentication protocols based on symmetric key cryptography. We identify the security and privacy requirements for an RFID system. We present four protocols in this thesis. First, we propose a lightweight authentication protocol for typical tags that can perform symmetric key operations. This protocol makes use of pseudo random number generators (PRNG) and one way hash functions to ensure the security and privacy requirements of RFID systems. Second, we define the desynchronizing attack and describe the vulnerabilities of this attack in RFID systems. We propose a robust authentication protocol that can prevent the desynchronizing attack. This protocol can recover the disabled tags that are desynchronized with the reader because of this attack. Third, we introduce a novel authentication protocol based on elliptic curve cryptography (ECC) to avoid the counterfeiting problem of RFID systems. This protocol is appropriate for the RFID tags that can perform the operations of ECC. Finally, to address the tradeoff between scalability and privacy of RFID systems, we propose an efficient anonymous authentication protocol. We characterize the privacy of RFID systems and prove that our protocol preserves the privacy of RFID tags and achieves better scalability as well

An Energy-Efficient ECC Processor of UHF RFID Tag for Banknote Anti-Counterfeiting

In this paper, we present the design and analysis of an energy-efficient 163-b elliptic curve cryptographic (ECC) processor suitable for passive ultrahigh frequency (UHF) radio frequency identification (RFID) tags that are usable for banknote authentication and anti-counterfeiting. Even partial public key cryptographic functionality has long been thought to consume too much power and to be too slow to be usable in passive UHF RFID systems. Utilizing a low-power design strategy with optimized register file management and an architecture based on the López-Dahab Algorithm, we designed a low-power ECC processor that is used with a modified ECC-DH authentication protocol. The ECC-DH authentication protocol is compatible with the ISO/IEC 18000-63 (“Gen2”) passive UHF RFID protocol. The ECC processor requires 12 145 gate equivalents. The ECC processor consumes 5.04 nJ/b at a frequency of 960 kHz when implemented in a 0.13-μm standard CMOS process. The tag identity authentication function requires 30 600 cycles to complete all scalar multiplication operations. This size, speed, and power of the ECC processor makes it practical to use within a passive UHF RFID tag and achieve up to 1500 banknote authentications per minute, which is sufficient for use in the fastest banknote counting machines

A survey on subjecting electronic product code and non-ID objects to IP identification

Over the last decade, both research on the Internet of Things (IoT) and real-world IoT applications have grown exponentially. The IoT provides us with smarter cities, intelligent homes, and generally more comfortable lives. However, the introduction of these devices has led to several new challenges that must be addressed. One of the critical challenges facing interacting with IoT devices is to address billions of devices (things) around the world, including computers, tablets, smartphones, wearable devices, sensors, and embedded computers, and so on. This article provides a survey on subjecting Electronic Product Code and non-ID objects to IP identification for IoT devices, including their advantages and disadvantages thereof. Different metrics are here proposed and used for evaluating these methods. In particular, the main methods are evaluated in terms of their: (i) computational overhead, (ii) scalability, (iii) adaptability, (iv) implementation cost, and (v) whether applicable to already ID-based objects and presented in tabular format. Finally, the article proves that this field of research will still be ongoing, but any new technique must favorably offer the mentioned five evaluative parameters.Comment: 112 references, 8 figures, 6 tables, Journal of Engineering Reports, Wiley, 2020 (Open Access

A Brief Survey of RFID Devices and Its Security Protocols

Security plays a very important role during the transmission of information in RFID devices. RFID are the wireless devices that contain a tag and a reader. While there are many authentication protocols put into operation for the security of data starting the tag to the reader. The main purpose of this brief survey is to provide the information of the most related privacy and security protection protocols which applied to Radio Frequency Identification operation. The aim of this paper is to choose to most relevant protocols for RFID devices security. Keywords: RFID, HECC, RSA, AES, ECC

Secured authentication of radio-frequency identification system using PRESENT block cipher

The internet of things (IoT) is an emerging and robust technology to interconnect billions of objects or devices via the internet to communicate smartly. The radio frequency identification (RFID) system plays a significant role in IoT systems, providing most features like mutual establishment, key establishment, and data confidentiality. This manuscript designed secure authentication of IoT-based RFID systems using the light-weight PRESENT algorithm on the hardware platform. The PRESENT-256 block cipher is considered in this work, and it supports 64-bit data with a 256-key length. The PRESENT-80/128 cipher is also designed along with PRESENT-256 at electronic codebook (ECB) mode for Secured mutual authentication between RFID tag and reader for IoT applications. The secured authentication is established in two stages: Tag recognition from reader, mutual authentication between tag and reader using PRESENT-80/128/256 cipher modules. The complete secured authentication of IoT-based RFID system simulation results is verified using the chip-scope tool with field-programmable gate array (FPGA) results. The comparative results for PRESENT block cipher with existing PRESENT ciphers and other light-weight algorithms are analyzed with resource improvements. The proposed secured authentication work is compared with similar RFID-mutual authentication (MA) approaches with better chip area and frequency improvements