5,668 research outputs found
A framework for analyzing RFID distance bounding protocols
Many distance bounding protocols appropriate for the RFID technology have been proposed recently. Unfortunately, they are commonly designed without any formal approach, which leads to inaccurate analyzes and unfair comparisons. Motivated by this need, we introduce a unied framework that aims to improve analysis and design of distance bounding protocols. Our framework includes a thorough terminology about the frauds, adversary, and prover, thus disambiguating many misleading terms. It also explores the adversary's capabilities and strategies, and addresses the impact of the prover's ability to tamper with his device. It thus introduces some new concepts in the distance bounding domain as the black-box and white-box models, and the relation between the frauds with respect to these models. The relevancy and impact of the framework is nally demonstrated on a study case: Munilla-Peinado distance bounding protocol
Formal Verification of Safety Properties for Ownership Authentication Transfer Protocol
In ubiquitous computing devices, users tend to store some valuable
information in their device. Even though the device can be borrowed by the
other user temporarily, it is not safe for any user to borrow or lend the
device as it may cause private data of the user to be public. To safeguard the
user data and also to preserve user privacy we propose and model the technique
of ownership authentication transfer. The user who is willing to sell the
device has to transfer the ownership of the device under sale. Once the device
is sold and the ownership has been transferred, the old owner will not be able
to use that device at any cost. Either of the users will not be able to use the
device if the process of ownership has not been carried out properly. This also
takes care of the scenario when the device has been stolen or lost, avoiding
the impersonation attack. The aim of this paper is to model basic process of
proposed ownership authentication transfer protocol and check its safety
properties by representing it using CSP and model checking approach. For model
checking we have used a symbolic model checker tool called NuSMV. The safety
properties of ownership transfer protocol has been modeled in terms of CTL
specification and it is observed that the system satisfies all the protocol
constraint and is safe to be deployed.Comment: 16 pages, 7 figures,Submitted to ADCOM 201
On the Privacy of Two Tag Ownership Transfer Protocols for RFIDs
In this paper, the privacy of two recent RFID tag ownership transfer
protocols are investigated against the tag owners as adversaries. The first
protocol called ROTIV is a scheme which provides a privacy-preserving ownership
transfer by using an HMAC-based authentication with public key encryption.
However, our passive attack on this protocol shows that any legitimate owner
which has been the owner of a specific tag is able to trace it either in the
past or in the future. Tracing the tag is also possible via an active attack
for any adversary who is able to tamper the tag and extract its information.
The second protocol called, Chen et al.'s protocol, is an ownership transfer
protocol for passive RFID tags which conforms EPC Class1 Generation2 standard.
Our attack on this protocol shows that the previous owners of a particular tag
are able to trace it in future. Furthermore, they are able even to obtain the
tag's secret information at any time in the future which makes them capable of
impersonating the tag
Locating Agents in RFID Architectures
The use of software agents can create an âintelligentâ interface between usersâ preferences and the backâend systems. Agents are now able to interact and communicate with each other, forming a virtual community and feeding back the user with suggestions. Innovative systems related to Asset Tracking, Inventory and Shelving architectures are more often involving advanced communication techniques (e.g., RFID); these systems are responsible for user authentication and objects verification. RFID systems could have jamming situations where many objects are moving at the same time and in the same direction. Moreover, other disadvantages have also been observed, such as hindering further implementations, privacy and security issues problems, in addition to the systemâs disruptive behavior in case of crowd checkouts (e.g., Supermarket and Airports). Addressing these disadvantages, this paper proposes a possible integration between a MultiâAgent framework and an RFIDâbased application (backâend). This integration would allow objects (such as passports or goods) with RFID tags to better checkâout through airports or supermarket gates that contain RFIDâreaders
A Cloud-based RFID Authentication Protocol with Insecure Communication Channels
© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Radio Frequency Identification (RFID) has becomea widespread technology to automatically identify objects and withthe development of cloud computing, cloud-based RFID systemsattract more research these days. Several cloud-based RFIDauthentication protocols have been proposed to address privacyand security properties in the environment where the cloudprovider is untrusted therefore the tagâs data are encrypted andanonymously stored in the cloud database. However, most of thecloud-based RFID authentication protocols assume securecommunication channels between the reader and the cloud server.To protect data transmission between the reader and the cloudserver without any help from a third party, this paper proposes acloud-based RFID authentication protocol with insecurecommunication channels (cloud-RAPIC) between the reader and the cloud server. The cloud-RAPIC protocol preserves tag privacyeven when the tag does not update its identification. The cloudRAPIC protocol has been analyzed using the UPriv model andAVISPA verification tool which have proved that the protocolpreserves tag privacy and protects data secrecy
A secure and private RFID authentication protocol based on quadratic residue
Radio Frequency IDentification based systems are getting pervasively deployed in many real-life applications in various settings for identification and authentication of remote objects. However, the messages that are transmitted over a insecure channel, are vulnerable to security and privacy concerns such as data privacy, location privacy of tag owner and etc. Recently, Yeh et al.'s proposed a RFID authentication protocol based on quadratic residue which is claimed to provide location privacy and prevent possible attacks. In this paper, we formally analyzed the protocol and we proved that the protocol provides destructive privacy according to Vaudenay privacy model. Moreover, we proposed a unilateral authentication protocol and we prove that our protocol satisfies higher privacy level such as narrow strong privacy. Besides, we proposed an enhanced version of our proposed protocol, which has same privacy level as Yeh at al protocol, but has reader authentication against stronger adversaries. Furthermore, the enhanced version of our protocol uses smaller number of cryptographic operations when compared to Yeh at al protocol and it is also cost efficient at the server and tag side and requires O(1) complexity to identify a RFID tag
- âŠ