Security Attacks and Enhancements to Chaotic Map-Based RFID Authentication Protocols

Radio frequency identification (RFID) technology has been increasingly integrated into numerous applications for authentication of objects or individuals. However, because of its limited computation power, RFID technology may cause several security and privacy issues such as tracking the owner of the tag, cloning of the tags and etc. Recently, two chaotic map-based authentication protocols have been proposed for low-cost RFID tags in order to eliminate these issues. In this paper, we give the security analysis of these protocols and uncover their weaknesses. We prove that these protocols are vulnerable to tag tracing, tag impersonation and desynchronization attacks. The attack complexity of an adversary is polynomial and the success probability of these attacks are substantial. Moreover, we also propose an improved RFID authentication protocol that employs Chebyshev chaotic maps and complies with the EPC global Class 1 Generation 2 standard. Finally, we show that our protocol is resistant against those security issues

Security and privacy in RFID systems

RFID is a leading technology that has been rapidly deployed in several daily life applications such as payment, access control, ticketing, e-passport, supply-chain, etc. An RFID tag is an electronic label that can be attached to an object/individual in order to identify or track the object/individual through radio waves. Security and privacy are two major concerns in several applications as the tags are required to provide a proof of identity. The RFID tags are generally not tamper-resistant against strong adversarial attacks. They also have limited computational resources. Therefore, the design of a privacy preserving and cost-effective RFID authentication protocol is a very challenging task for industrial applications. Moreover, RFID systems are also vulnerable to relay attacks (i.e., mafia, terrorist and distance frauds) when they are used for authentication purposes. Distance bounding protocols are particularly designed as a countermeasure against these attacks. These protocols aim to ensure that the tags are in a bounded area by measuring the round-trip delays during a rapid challenge-response exchange of short authentication messages. Several RFID distance bounding protocols have been proposed recently in the literature. However, none of them provides the ideal security against the terrorist fraud. Besides, the requirements of low resources and inefficient data management trigger to make use of cloud computing technology in RFID authentication systems. However, as more and more information on individuals and companies is placed in the cloud, concerns about data safety and privacy raise. Therefore, while integrating cloud services into RFID authentication systems, the privacy of tag owner against the cloud must also be taken into account. Motivated by this need, this dissertation contributes to the design of algorithms and protocols aimed at dealing with the issues explained above. First of all, we introduce two privacy models for RFID authentication protocols based on Physically Unclonable Functions (PUF). We propose several authentication protocols in order to demonstrate these models. Moreover, we study distance bounding protocols having bit-wise fast phases and no final signature. We give analysis for the optimal security limits of the distance bounding protocols. Furthermore, we propose a novel RFID distance bounding protocol based on PUFs and it satisfies the highest security levels. Finally, we provide a new security and privacy model for integrating cloud computing into RFID systems. For the sake of demonstration of this model, we also propose two RFID authentication protocols that require various computational resources and provide different privacy levels

Cryptanalysis of two mutual authentication protocols for low-cost RFID

Radio Frequency Identification (RFID) is appearing as a favorite technology for automated identification, which can be widely applied to many applications such as e-passport, supply chain management and ticketing. However, researchers have found many security and privacy problems along RFID technology. In recent years, many researchers are interested in RFID authentication protocols and their security flaws. In this paper, we analyze two of the newest RFID authentication protocols which proposed by Fu et al. and Li et al. from several security viewpoints. We present different attacks such as desynchronization attack and privacy analysis over these protocols.Comment: 17 pages, 2 figures, 1 table, International Journal of Distributed and Parallel system

AnonPri: A Secure Anonymous Private Authentication Protocol for RFID Systems

Privacy preservation in RFID systems is a very important issue in modern day world. Privacy activists have been worried about the invasion of user privacy while using various RFID systems and services. Hence, significant efforts have been made to design RFID systems that preserve users\u27 privacy. Majority of the privacy preserving protocols for RFID systems require the reader to search all tags in the system in order to identify a single RFID tag which not efficient for large scale systems. In order to achieve high-speed authentication in large-scale RFID systems, researchers propose tree-based approaches, in which any pair of tags share a number of key components. Another technique is to perform group-based authentication that improves the tradeoff between scalability and privacy by dividing the tags into a number of groups. This novel authentication scheme ensures privacy of the tags. However, the level of privacy provided by the scheme decreases as more and more tags are compromised. To address this issue, in this paper, we propose a group based anonymous private authentication protocol (AnonPri) that provides higher level of privacy than the above mentioned group based scheme and achieves better efficiency (in terms of providing privacy) than the approaches that prompt the reader to perform an exhaustive search. Our protocol guarantees that the adversary cannot link the tag responses even if she can learn the identifier of the tags. Our evaluation results demonstrates that the level of privacy provided by AnonPri is higher than that of the group based authentication technique

Lightweight Mutual Authentication Protocol for Low Cost RFID Tags

Radio Frequency Identification (RFID) technology one of the most promising technologies in the field of ubiquitous computing. Indeed, RFID technology may well replace barcode technology. Although it offers many advantages over other identification systems, there are also associated security risks that are not easy to be addressed. When designing a real lightweight authentication protocol for low cost RFID tags, a number of challenges arise due to the extremely limited computational, storage and communication abilities of Low-cost RFID tags. This paper proposes a real mutual authentication protocol for low cost RFID tags. The proposed protocol prevents passive attacks as active attacks are discounted when designing a protocol to meet the requirements of low cost RFID tags. However the implementation of the protocol meets the limited abilities of low cost RFID tags.Comment: 11 Pages, IJNS

A Privacy Preserving Framework for RFID Based Healthcare Systems

RFID (Radio Frequency IDentification) is anticipated to be a core technology that will be used in many practical applications of our life in near future. It has received considerable attention within the healthcare for almost a decade now. The technology’s promise to efficiently track hospital supplies, medical equipment, medications and patients is an attractive proposition to the healthcare industry. However, the prospect of wide spread use of RFID tags in the healthcare area has also triggered discussions regarding privacy, particularly because RFID data in transit may easily be intercepted and can be send to track its user (owner). In a nutshell, this technology has not really seen its true potential in healthcare industry since privacy concerns raised by the tag bearers are not properly addressed by existing identification techniques. There are two major types of privacy preservation techniques that are required in an RFID based healthcare system—(1) a privacy preserving authentication protocol is required while sensing RFID tags for different identification and monitoring purposes, and (2) a privacy preserving access control mechanism is required to restrict unauthorized access of private information while providing healthcare services using the tag ID. In this paper, we propose a framework (PriSens-HSAC) that makes an effort to address the above mentioned two privacy issues. To the best of our knowledge, it is the first framework to provide increased privacy in RFID based healthcare systems, using RFID authentication along with access control technique

AnonPri: A Secure Anonymous Private Authentication Protocol for RFID Systems

Privacy preservation in RFID systems is a very important issue in modern day world. Privacy activists have been worried about the invasion of user privacy while using various RFID systems and services. Hence, significant efforts have been made to design RFID systems that preserve users\u27 privacy. Majority of the privacy preserving protocols for RFID systems require the reader to search all tags in the system in order to identify a single RFID tag which not efficient for large scale systems. In order to achieve high-speed authentication in large-scale RFID systems, researchers propose tree-based approaches, in which any pair of tags share a number of key components. Another technique is to perform group-based authentication that improves the tradeoff between scalability and privacy by dividing the tags into a number of groups. This novel authentication scheme ensures privacy of the tags. However, the level of privacy provided by the scheme decreases as more and more tags are compromised. To address this issue, in this paper, we propose a group based anonymous private authentication protocol (AnonPri) that provides higher level of privacy than the above mentioned group based scheme and achieves better efficiency (in terms of providing privacy) than the approaches that prompt the reader to perform an exhaustive search. Our protocol guarantees that the adversary cannot link the tag responses even if she can learn the identifier of the tags. Our evaluation results demonstrates that the level of privacy provided by AnonPri is higher than that of the group based authentication technique