Formal Verification of Safety Properties for Ownership Authentication Transfer Protocol

In ubiquitous computing devices, users tend to store some valuable information in their device. Even though the device can be borrowed by the other user temporarily, it is not safe for any user to borrow or lend the device as it may cause private data of the user to be public. To safeguard the user data and also to preserve user privacy we propose and model the technique of ownership authentication transfer. The user who is willing to sell the device has to transfer the ownership of the device under sale. Once the device is sold and the ownership has been transferred, the old owner will not be able to use that device at any cost. Either of the users will not be able to use the device if the process of ownership has not been carried out properly. This also takes care of the scenario when the device has been stolen or lost, avoiding the impersonation attack. The aim of this paper is to model basic process of proposed ownership authentication transfer protocol and check its safety properties by representing it using CSP and model checking approach. For model checking we have used a symbolic model checker tool called NuSMV. The safety properties of ownership transfer protocol has been modeled in terms of CTL specification and it is observed that the system satisfies all the protocol constraint and is safe to be deployed.Comment: 16 pages, 7 figures,Submitted to ADCOM 201

A Fault Analytic Method against HB+

The search for lightweight authentication protocols suitable for low-cost RFID tags constitutes an active and challenging research area. In this context, a family of protocols based on the LPN problem has been proposed: the so-called HB-family. Despite the rich literature regarding the cryptanalysis of these protocols, there are no published results about the impact of fault analysis over them. The purpose of this paper is to fill this gap by presenting a fault analytic method against a prominent member of the HB-family: HB+ protocol. We demonstrate that the fault analysis model can lead to a flexible and effective attack against HB-like protocols, posing a serious threat over them

A framework for analyzing RFID distance bounding protocols

Many distance bounding protocols appropriate for the RFID technology have been proposed recently. Unfortunately, they are commonly designed without any formal approach, which leads to inaccurate analyzes and unfair comparisons. Motivated by this need, we introduce a unied framework that aims to improve analysis and design of distance bounding protocols. Our framework includes a thorough terminology about the frauds, adversary, and prover, thus disambiguating many misleading terms. It also explores the adversary's capabilities and strategies, and addresses the impact of the prover's ability to tamper with his device. It thus introduces some new concepts in the distance bounding domain as the black-box and white-box models, and the relation between the frauds with respect to these models. The relevancy and impact of the framework is nally demonstrated on a study case: Munilla-Peinado distance bounding protocol

KEDGEN2: A key establishment and derivation protocol for EPC Gen2 RFID systems

International audienceThe EPC Class-1 Generation-2 (Gen2 for short) is a Radio Frequency IDentification (RFID) technology that is gaining a prominent place in several domains. However, the Gen2 standard lacks verifiable security functionalities. Eavesdropping attacks can, for instance, affect the security of applications based on the Gen2 technology. To address this problem, RFID tags must be equipped with a robust mechanism to authenticate readers before authorising them to access their data. In this paper, we propose a key establishment and derivation protocol, which is applied at both identification phase and those remainder operations requiring security. Our solution is based on a pseudorandom number generator that uses a low computational workload, while ensuring long term secure communication to protect the secrecy of the exchanged data. Mutual authentication of the tag and the sensor and strong notions of secrecy such as forward and backward secrecy are analysed, and we prove formally that after being amended, our protocol is secure with respect to these properties