Clone tag detection in distributed RFID systems

Although Radio Frequency Identification (RFID) is poised to displace barcodes, security vulnerabilities pose serious challenges for global adoption of the RFID technology. Specifically, RFID tags are prone to basic cloning and counterfeiting security attacks. A successful cloning of the RFID tags in many commercial applications can lead to many serious problems such as financial losses, brand damage, safety and health of the public. With many industries such as pharmaceutical and businesses deploying RFID technology with a variety of products, it is important to tackle RFID tag cloning problem and improve the resistance of the RFID systems. To this end, we propose an approach for detecting cloned RFID tags in RFID systems with high detection accuracy and minimal overhead thus overcoming practical challenges in existing approaches. The proposed approach is based on consistency of dual hash collisions and modified count-min sketch vector. We evaluated the proposed approach through extensive experiments and compared it with existing baseline approaches in terms of execution time and detection accuracy under varying RFID tag cloning ratio. The results of the experiments show that the proposed approach outperforms the baseline approaches in cloned RFID tag detection accuracy

Enchancing RFID data quality and reliability using approximate filtering techniques

Radio Frequency Identification (RFID) is an emerging auto-identification technology that uses radio waves to identify and track physical objects without the line of sight. While delivering significant improvements in various aspects, such as, stock management and inventory accuracy, there are serious data management issues that affect RFID data quality in preparing reliable solutions. The raw read rate in real world RFID deployments is often in the 60-70% range and naturally unreliable because of redundant and false readings. The redundant readings result in unnecessary storage and affect the efficiency of data processing. Furthermore, false readings that focused on false positive readings generated by cloned tag could be mistakenly considered as valid and affects the final results and decisions. Therefore, two approaches to enhance the RFID data quality and reliability were proposed. A redundant reading filtering approach based on modified Bloom Filter is presented as the existing Bloom Filter based approaches are quite intricate. Meanwhile, even though tag cloning has been identified as one of the serious RFID security issue, it only received little attention in the literature. Therefore we developed a lightweight anti-cloning approach based on modified Count- Min sketch vector and tag reading frequency from e-pedigree in observing identical Electronic Product Code (EPC) of the low cost tag in local site and distributed region in supply chain. Experimental results showed, that the first proposed approach, Duplicate Filtering Hash (DFH) achieved the lowest false positive rate of 0.06% and the highest true positive rate of 89.94% as compared to other baseline approaches. DFH is 71.1% faster than d-Left Time Bloom Filter (DLTBF) while reducing amount of hashing and achieved 100% true negative rate. The second proposed approach, Managing Counterfeit Hash (MCH) performs fastest and 25.7% faster than baseline protocol (BASE) and achieved 99% detection accuracy while DeClone 64% and BASE 77%. Thus, this study successfully proposed approaches that can enhance the RFID data quality and reliability

LightSource: Ultra Lightweight Clone Detection of RFID Tags from Software Unclonable Responses

Radio-Frequency Identification (RFID) tags have been widely used as a low-cost wireless method for detection of counterfeit product injection in supply chains. In order to adequately perform authentication, current RFID monitoring schemes need to either have a persistent online connection between supply chain partners and the back-end database or have a local database on each partner site. A persistent online connection is not guaranteed and local databases on each partner site impose extra cost and security issues. We introduce a new method in which we use 2-3kb Non-Volatile Memory (NVM) in RFID tags themselves to function as a very small “encoded local database”. Our method allows us to get rid of local databases and there is no need to have any connection between supply chain partners and the back-end database except when they want to verify products. We formally define black-box software unclonability and prove our scheme to satisfy this property. To this purpose, we introduce a simple “XOR-ADD” function and prove it is hard to predict its challenge-response behavior if given only one challenge response pair. The XOR-ADD function with control logic can be implemented using at most 170 gates. This implies that our scheme is compatible with the strict power consumption constraints of cheap EPC Class 1 Gen 2 RFIDs

Automatically Detecting the Misuse of Secrets: Foundations, Design Principles, and Applications

We develop foundations and several constructions for security protocols that can automatically detect, without false positives, if a secret (such as a key or password) has been misused. Such constructions can be used, e.g., to automatically shut down compromised services, or to automatically revoke misused secrets to minimize the effects of compromise. Our threat model includes malicious agents, (temporarily or permanently) compromised agents, and clones. Previous works have studied domain-specific partial solutions to this problem. For example, Google’s Certificate Transparency aims to provide infrastructure to detect the misuse of a certificate authority’s signing key, logs have been used for detecting endpoint compromise, and protocols have been proposed to detect cloned RFID/smart cards. Contrary to these existing approaches, for which the designs are interwoven with domain-specific considerations and which usually do not enable fully automatic response (i.e., they need human assessment), our approach shows where automatic action is possible. Our results unify, provide design rationales, and suggest improvements for the existing domain-specific solutions. Based on our analysis, we construct several mechanisms for the detection of misuse. Our mechanisms enable automatic response, such as revoking keys or shutting down services, thereby substantially limiting the impact of a compromise. In several case studies, we show how our mechanisms can be used to substantially increase the security guarantees of a wide range of systems, such as web logins, payment systems, or electronic door locks. For example, we propose and formally verify an improved version of Cloudflare’s Keyless SSL protocol that enables key misuse detection

Automatically Detecting the Misuse of Secrets: Foundations, Design Principles, and Applications

We develop foundations and several constructions for security protocols that can automatically detect, without false positives, if a secret (such as a key or password) has been misused. Such constructions can be used, e.g., to automatically shut down compromised services, or to automatically revoke misused secrets to minimize the effects of compromise. Our threat model includes malicious agents, (temporarily or permanently) compromised agents, and clones. Previous works have studied domain-specific partial solutions to this problem. For example, Google's Certificate Transparency aims to provide infrastructure to detect the misuse of a certificate authority's signing key, logs have been used for detecting endpoint compromise, and protocols have been proposed to detect cloned RFID/smart cards. Contrary to these existing approaches, for which the designs are interwoven with domain-specific considerations and which usually do not enable fully automatic response (i.e., they need human assessment), our approach shows where automatic action is possible. Our results unify, provide design rationales, and suggest improvements for the existing domain-specific solutions. Based on our analysis, we construct several mechanisms for the detection of misuse. Our mechanisms enable automatic response, such as revoking keys or shutting down services, thereby substantially limiting the impact of a compromise. In several case studies, we show how our mechanisms can be used to substantially increase the security guarantees of a wide range of systems, such as web logins, payment systems, or electronic door locks. For example, we propose and formally verify an improved version of Cloudflare's Keyless SSL protocol that enables key misuse detection

Weak-Unforgeable Tags for Secure Supply Chain Management

Given the value of imported counterfeit and pirated goods, the need for secure supply chain management is pertinent. Maleki et al. (HOST 2017) propose a new management scheme based on RFID tags (with 2-3K bits NVM) which, if compared to other schemes, is competitive on several performance and security metrics. Its main idea is to have each RFID tag stores its reader events in its own NVM while moving through the supply chain. In order to bind a tag\u27s identity to each event such that an adversary is not able to impersonate the tag\u27s identity on another duplicate tag, a function with a weak form of unforgeability is needed. In this paper, we formally dene this security property, present three constructions (MULTIPLY-ADD, ADD-XOR, and S-Box-CBC) having this security property, and show how to bound the probability of successful impersonation in concrete parameter settings. Finally, we compare our constructions with the light-weight hash function PHOTON used by Maleki et al. in terms of security and circuit area needed. We conclude that our ADD-XOR and S-Box-CBC constructions have approximately 1/4 - 1/3 of PHOTON\u27s total circuit area (this also includes the control circuitry besides PHOTON) while maintaining an appropriate security level which takes care of economically motivated adversaries

Automatically Detecting the Misuse of Secrets: Foundations, Design Principles, and Applications

We develop foundations and several constructions for security protocols that can automatically detect, without false positives, if a secret (such as a key or password) has been misused. Such constructions can be used, e.g., to automatically shut down compromised services, or to automatically revoke misused secrets to minimize the effects of compromise. Our threat model includes malicious agents, (temporarily or permanently) compromised agents, and clones. Previous works have studied domain-specific partial solutions to this problem. For example, Google\u27s Certificate Transparency aims to provide infrastructure to detect the misuse of a certificate authority\u27s signing key, logs have been used for detecting endpoint compromise, and protocols have been proposed to detect cloned RFID/smart cards. Contrary to these existing approaches, for which the designs are interwoven with domain-specific considerations and which usually do not enable fully automatic response (i.e., they need human assessment), our approach shows where automatic action is possible. Our results unify, provide design rationales, and suggest improvements for the existing domain-specific solutions. Based on our analysis, we construct several mechanisms for the detection of misuse. Our mechanisms enable automatic response, such as revoking keys or shutting down services, thereby substantially limiting the impact of a compromise. In several case studies, we show how our mechanisms can be used to substantially increase the security guarantees of a wide range of systems, such as web logins, payment systems, or electronic door locks. For example, we propose and formally verify an improved version of Cloudflare\u27s Keyless SSL protocol that enables key misuse detection

Research and Development of an Advanced RFID Security System Based on Locating Multiple Tags

Radio Frequency Identification (RFID) has gained a lot of attention lately with the introduction of RFID tags or inlays for a variety of applications. Most common is location tracking which can further be used for detecting the movements of tags from their original positions. In order to develop a system for finding the change in tag positions, a correct combination of RFID tags and reader is vital. Also, better understanding of challenges facing the RF signal can be productive. Environmental factors, antenna radiation pattern and orientation are some key issues, which can undermine this approach. In this thesis, to address some of the challenges a security algorithm for indoor RFID systems is proposed for detecting the change in the tag positions by finding the change in inter-tag distance. Also, several measures have been used to overcome the random nature of the RF signal. Experiments and evaluation of the above-mentioned methods in real time prove the robustness of the techniques considered for providing security

Novel Cryptographic Authentication Mechanisms for Supply Chains and OpenStack

In this dissertation, first, we studied the Radio-Frequency Identification (RFID) tag authentication problem in supply chains. RFID tags have been widely used as a low-cost wireless method for detecting counterfeit product injection in supply chains. We open a new direction toward solving this problem by using the Non-Volatile Memory (NVM) of recent RFID tags. We propose a method based on this direction that significantly improves the availability of the system and costs less. In our method, we introduce the notion of Software Unclonability, which is a kind of one-time MAC for authenticating random inputs. Also, we introduce three lightweight constructions that are software unclonable. Second, we focus on OpenStack that is a prestigious open-source cloud platform. OpenStack takes advantage of some tokening mechanisms to establish trust between its modules and users. It turns out that when an adversary captures user tokens by exploiting a bug in a module, he gets extreme power on behalf of users. Here, we propose a novel tokening mechanism that ties commands to tokens and enables OpenStack to support short life tokens while it keeps the performance up