Enhancing RFID tag resistance against cloning attack

In its current form, RFID system are susceptible to a range of malevolent attacks. With the rich business intelligence that RFID infrastructure could possibly carry, security is of paramount importance. In this paper, we formalise various threat models due tag cloning on the RFID system. We also present a simple but efficient and cost effect technique that strengthens the resistance of RFID tags to cloning attacks. Our techniques can even strengthen tags against cloning in environments with untrusted reading devices.<br /

PGMAP: a privacy guaranteed mutual authentication protocol conforming to EPC class 1 gen 2 standards

To resolve the security vulnerabilities and comply with EPC Class 1 Gen 2 UHF RFID (EPC C1G2) Standard at the same time, we present a Privacy Guaranteed Mutual Authentication Protocol (PGMAP). By utilizing the existing functions and memory bank of tag, we amend the processing sequence based on current EPC architecture. An auto-updating index number IDS is enrolled to provide privacy protection to EPC code and a set of light weight algorithms utilizing tag's PRNG are added for authentication. Several attacks to the existing security solutions can be effectively resolved in our protocol. © 2008 IEEE.published_or_final_versionThe IEEE International Conference on e-Business Engineering (ICEBE 2008), Xi'an, China, 22-24 October 2008. In Proceedings of ICEBE, 2008, p. 289-29

A Relationship-Based Acess Control Model for On-demand Privacy and Security Entitlement in RFID-enable Supply Chains

RFID adoption in supply chains is both viable in gaining on-target end-to-end visibility and crucial to sustain competitiveness. RFID-based information flow will cut across partners in business chains that extended beyond borders. Privacy and security preferences (PSP) are manifested when supply chain parties are sharing (EPC-RFID-based) data to gain visibility. The role of each party cannot be singly used to determine the preference of either party to derive the necessary entitlement for the requesting party. The preference-based entitlement must ensure data sharing is privacy-protected and security-enforced. In this research, a Relationship-Based Access Control (ReBAC) model is proposed for on-demand privacy and security entitlement in RFID-enabled supply chains. The model includes two key concepts: on-demand preference and privacy and security scheme. Preference is governed by the two parties’ relationship, and the scheme is driven by the data dimensions (i.e., data sensitivity, data location and data ownership). RBAC is capable of addressing one party’s need to gain pre-determined permissions according to role assignment or activation. The relationship-based approach is on-demand, two-party, relationship-based preference to gain entitlement (for visibility services) with scheme-enabled privacy and security activation

Cryptanalysis of AZUMI: an EPC Class-1 Generation-2 Standard Compliant RFID Authentication Protocol

In this paper, we analyze the security of AZUMI protocol which is compliant with the EPC-Class-1 Generation-2 standard and recently has been proposed by Peris \textit{et al.} This protocol is an improvement to a protocol proposed by Chen and Deng which has been cryptanalysed by Peris \textit{et al.} and Kapoor and Piramuthu. However, our security analysis clearly shows that the designers were not successful in their attempt to improve the Chen and Deng protocol. More precisely, we present an efficient attack to disclose the tag and the reader secret parameters. In addition, we present a simple tag impersonation attack against this protocol. The success probability of all attacks are almost ``1\u27\u27 and the cost of given attacks are at most eavesdropping two sessions of protocol. However, the given secrets disclosure attack also requires $O(2^{16})$ off-line evaluation of a $PRNG$ function

Criptografía ligera en dispositivos de identificación por radiofrecuencia- RFID

Esta tesis se centra en el estudio de la tecnología de identificación por radiofrecuencia (RFID), la cual puede ser considerada como una de las tecnologías más prometedoras dentro del área de la computación ubicua. La tecnología RFID podría ser el sustituto de los códigos de barras. Aunque la tecnología RFID ofrece numerosas ventajas frente a otros sistemas de identificación, su uso lleva asociados riesgos de seguridad, los cuales no son fáciles de resolver. Los sistemas RFID pueden ser clasificados, atendiendo al coste de las etiquetas, distinguiendo principalmente entre etiquetas de alto coste y de bajo coste. Nuestra investigación se centra fundamentalmente en estas últimas. El estudio y análisis del estado del arte nos ha permitido identificar la necesidad de desarrollar soluciones criptográficas ligeras adecuadas para estos dispositivos limitados. El uso de soluciones criptográficas estándar supone una aproximación correcta desde un punto de vista puramente teórico. Sin embargo, primitivas criptográficas estándar (funciones resumen, código de autenticación de mensajes, cifradores de bloque/flujo, etc.) exceden las capacidades de las etiquetas de bajo coste. Por tanto, es necesario el uso de criptografía ligera._______________________________________This thesis examines the security issues of Radio Frequency Identification (RFID) technology, one of the most promising technologies in the field of ubiquitous computing. Indeed, RFID technology may well replace barcode technology. Although it offers many advantages over other identification systems, there are also associated security risks that are not easy to address. RFID systems can be classified according to tag price, with distinction between high-cost and low-cost tags. Our research work focuses mainly on low-cost RFID tags. An initial study and analysis of the state of the art identifies the need for lightweight cryptographic solutions suitable for these very constrained devices. From a purely theoretical point of view, standard cryptographic solutions may be a correct approach. However, standard cryptographic primitives (hash functions, message authentication codes, block/stream ciphers, etc.) are quite demanding in terms of circuit size, power consumption and memory size, so they make costly solutions for low-cost RFID tags. Lightweight cryptography is therefore a pressing need. First, we analyze the security of the EPC Class-1 Generation-2 standard, which is considered the universal standard for low-cost RFID tags. Secondly, we cryptanalyze two new proposals, showing their unsuccessful attempt to increase the security level of the specification without much further hardware demands. Thirdly, we propose a new protocol resistant to passive attacks and conforming to low-cost RFID tag requirements. In this protocol, costly computations are only performed by the reader, and security related computations in the tag are restricted to very simple operations. The protocol is inspired in the family of Ultralightweight Mutual Authentication Protocols (UMAP: M2AP, EMAP, LMAP) and the recently proposed SASI protocol. The thesis also includes the first published cryptanalysis of xi SASI under the weakest attacker model, that is, a passive attacker. Fourthly, we propose a new protocol resistant to both passive and active attacks and suitable for moderate-cost RFID tags. We adapt Shieh et.’s protocol for smart cards, taking into account the unique features of RFID systems. Finally, because this protocol is based on the use of cryptographic primitives and standard cryptographic primitives are not supported, we address the design of lightweight cryptographic primitives. Specifically, we propose a lightweight hash function (Tav-128) and a lightweight Pseudo-Random Number Generator (LAMED and LAMED-EPC).We analyze their security level and performance, as well as their hardware requirements and show that both could be realistically implemented, even in low-cost RFID tags

A Survey on the Evolution of Cryptographic Protocols in ePassports

ePassports are biometric identification documents that contain RFID Tags and are primarily used for border security. The embedded RFID Tags are capable of storing data, performing low cost computations and cryptography, and communicating wirelessly. Since 2004, we have witnessed the development and widespread deployment of three generations of electronic passports - The ICAO First Generation ePassport (2004), Extended Access Control (EAC v1.0) ePassports (2006), and Extended Access Control with Password Authentication and Connection Establishment (EAC v2.1) ePassports (2008). Currently, over thirty million ePassports have been issued around the world. In this paper, we provide an introductory study of the technologies implemented in ePassports - Biometrics, RFID, and Public Key Infrastructures; and then go on to analyze the protocols implemented in each of the three generations of ePassports, finally we point out their shortcomings and scope for future related research

Personal Privacy Protection within Pervasive RFID Environments

Recent advancements in location tracking technologies have increased the threat to an individual\u27s personal privacy. Radio frequency identification (RFID) technology allows for the identification and potentially continuous tracking of an object or individual, without obtaining the individual\u27s consent or even awareness that the tracking is taking place. Although many positive applications for RFID technology exist, for example in the commercial sector and law enforcement, the potential for abuse in the collection and use of personal information through this technology also exists. Location data linked to other types of personal information allows not only the detection of past spatial travel and activity patterns, but also inferences regarding past and future behavior and preferences. Legislative and technological solutions to deal with the increased privacy threat raised by this and similar tracking technologies have been proposed. Such approaches in isolation have significant limitations. This thesis hypothesizes that an approach may be developed with high potential for sufficiently protecting individual privacy in the use of RFID technologies while also strongly supporting marketplace uses of such tags. The research develops and investigates the limits of approaches that might be us,ed to protect privacy in pervasive RFID surveillance environments. The conclusion is ultimately reached that an approach facilitating individual control over the linking of unique RFID tag ID numbers to personal identity implemented though a combination of legal controls and technological capabilities would be a highly desirable option in balancing the interests of both the commercial sector and the information privacy interests of individuals. The specific model developed is responsive to the core ethical principle of autonomy of the individual and as such is also intended to be more responsive to the needs of individual consumers. The technological approach proposed integrated with enabling privacy legislation and private contract law to enable interactive alteration of privacy preferences should result in marketplace solutions acceptable to both potential commercial users and those being tracked

Personal Privacy Protection within Pervasive RFID Environments

Recent advancements in location tracking technologies have increased the threat to an individual\u27s personal privacy. Radio frequency identification (RFID) technology allows for the identification and potentially continuous tracking of an object or individual, without obtaining the individual\u27s consent or even awareness that the tracking is taking place. Although many positive applications for RFID technology exist, for example in the commercial sector and law enforcement, the potential for abuse in the collection and use of personal information through this technology also exists. Location data linked to other types of personal information allows not only the detection of past spatial travel and activity patterns, but also inferences regarding past and future behavior and preferences. Legislative and technological solutions to deal with the increased privacy threat raised by this and similar tracking technologies have been proposed. Such approaches in isolation have significant limitations. This thesis hypothesizes that an approach may be developed with high potential for sufficiently protecting individual privacy in the use of RFID technologies while also strongly supporting marketplace uses of such tags. The research develops and investigates the limits of approaches that might be us,ed to protect privacy in pervasive RFID surveillance environments. The conclusion is ultimately reached that an approach facilitating individual control over the linking of unique RFID tag ID numbers to personal identity implemented though a combination of legal controls and technological capabilities would be a highly desirable option in balancing the interests of both the commercial sector and the information privacy interests of individuals. The specific model developed is responsive to the core ethical principle of autonomy of the individual and as such is also intended to be more responsive to the needs of individual consumers. The technological approach proposed integrated with enabling privacy legislation and private contract law to enable interactive alteration of privacy preferences should result in marketplace solutions acceptable to both potential commercial users and those being tracked

Applications of wireless sensor technologies in construction

The construction industry is characterised by a number of problems in crucial fields such as health, safety and logistics. Since these problems affect the progress of construction projects, the construction industry has attempted to introduce the use of innovative information and communication technologies on the construction site. Specific technologies which find applicability on the construction site are wireless sensors, and especially radio-frequency identification (RFID) technology. RFID tagging is a technology capable of tracking items. The technology has been applied on the construction site for various applications, such as asset tracking. There are many problems related to health, safety and logistics on the construction site which could be resolved using RFID technology. In the health and safety field, the problems which exist are the monitoring of dangerous areas on the construction site, such as large excavation areas, the collisions between workers and vehicles, between vehicles and equipment and between vehicles, the detection of hazardous substances on the construction site when the construction work has been completed and the collection of hazard notifications from specific areas of the construction site as feedback for the prevention of future accidents. In the logistics field, the tracking of a material during its delivery on the construction site, its transportation to specific subcontractors and its future utilisation as well as the monitoring of the rate of use of materials on the construction site, the checking of the sequence of steel members and the monitoring of the temperature of porous materials are issues which can be realised using RFID technology. In order to facilitate the use of RFID technology for the specific health, safety and logistics problems, a system has been developed. The operation of this system is based on the combined use of hardware and software elements. The hardware elements of the developed system are a wireless local area network, RFID readers and tags. Its software elements are a software development kit based on which, a number of graphical user interfaces have been created for the interaction of the users with the REID tags, and Notepad files which store data collected from REID tags through the graphical user interfaces. Each of the graphical user interfaces is designed in such a way so that it corresponds to the requirements of the health, safety or logistics situation in which it is used. The proposed system has been tested on a simulated construction site by a group of experts and a number of findings have been produced. Specifically, the testing of the proposed system showed that RFID technology can connect the different stages which characterise the construction supply chain. In addition, it showed the capability of the technology to be integrated with construction processes. The testing of the system also revealed the barriers and the enablers to the use of RFID technology in the construction industry. An example of such a barrier is the unwillingness of the people of the construction industry to quit traditional techniques in favour of a new technology. Enablers which enhance the use of RFID technology in the construction industry are the lack of complexity which characterises the operation of RFID tagging and the relatively low cost of RFID tags. In general, RFID technology is an innovative sensor technology which can help the construction industry through its asset tracking ability. However, further research should be done on the improvement of RFID technology on specific characteristics, such as its inability to provide location coordinates and the resilience of the electromagnetic signal emitted by the RFID reader when there are metallic objects around the reader