A comprehensive review of RFID and bluetooth security: practical analysis

The Internet of Things (IoT) provides the ability to digitize physical objects into virtual data, thanks to the integration of hardware (e.g., sensors, actuators) and network communications for collecting and exchanging data. In this digitization process, however, security challenges need to be taken into account in order to prevent information availability, integrity, and confidentiality from being compromised. In this paper, security challenges of two broadly used technologies, RFID (Radio Frequency Identification) and Bluetooth, are analyzed. First, a review of the main vulnerabilities, security risk, and threats affecting both technologies are carried out. Then, open hardware and open source tools like: Proxmark3 and Ubertooth as well as BtleJuice and Bleah are used as part of the practical analysis. Lastly, risk mitigation and counter measures are proposed

A Methodology for Evaluating Security in Commercial RFID Systems

Although RFID has become a widespread technology, the developers of numerous commercial systems have not taken care of security properly. This chapter presents a methodology for detecting common security flaws. The methodology is put in practice using an open-source RFID platform (Proxmark 3), and it is tested in different fields, such as public transportation or animal identification. The results obtained show that the consistent application of the methodology allows researchers to perform security audits easily and detect, mitigate, or avoid risks and possible attacks

RFID-MA XTEA: Cost-Effective RFID-Mutual Authentication Design using XTEA Security on FPGA Platform

RFID systems are one of the essential technologies and used many diverse applications. The security and privacy are the primary concern in RFID systems which are overcome by using suitable authentication protocols. In this manuscript, the cost-effective RFID-Mutual Authentication (MA) using a lightweight Extended Tiny encryption algorithm (XTEA) is designed to overcome the security and privacy issues on Hardware Platform. The proposed design provides two levels of security, which includes secured Tag identification and mutual authentication.  The RFID-MA mainly has Reader and Tag along with the backend Server. It establishes the secured authentication between Tag and Reader using XTEA. The XTEA with Cipher block chaining (CBC) is incorporated in RFID for secured MA purposes. The authentication process completed based on the challenge and response between Reader and Tag using XTEA-CBC. The present work is designed using Verilog-HDL on the Xilinx environment and implemented on Artix-7 FPGA.  The simulation and synthesis results discussed with hardware constraints like Area, power, and time. The present work is compared with existing similar approaches with hardware constraints improvements

Privacy & authentication in extreme low power wireless devices: RFID and µ-sensors

Authentication and Privacy are important concerns in current low power wireless devices like RFID and µ-sensors. µ-sensors are low power devices which have been identified as being useful in variety of domains including battlefield and perimeter defense etc. Radio-Frequency Identification (RFID) is a technology for automated identification of objects and people. An RFID device frequently called RFID tag is a small microchip device that holds limited amount of data and transmits the same over the various frequency ranges. An RFID tag is typically attached to an item and contain identification information like serial numbers unique to that item. RFID tags are recently being used in several application areas like inventory management, medicines and security systems etc. Since sensors are deployed in an unattended hostile environment, they are vulnerable to various kinds of attacks. An adversary can pose insider or outsider attacks into the network with the goal of both deceiving the base station and depleting the resources of the relaying nodes. Authentication schemes are implemented that will enable base station to detect any false data transmission. RFIDs, on the other hand pose two main security concerns for users: clandestine tracking and inventorying. RFID tags respond to reader interrogation without alerting their owners or bearers. Thus, where read range permits clandestine scanning of tags is a plausible threat. Security requirements in both of these low power devices are comprised of authentication, integrity, privacy and anti-playback. The recipient of the message needs to be able to unequivocally assure that the message came from its stated source. Similarly, the recipient needs to be assured that the message was not altered in transit and that it is not an earlier message being re-played in order to veil the current environment. Finally, all communications needs to be kept private such that eavesdroppers cannot intercept study and analyze, and devise countermeasures to circumvent the purposes of the sensor network. This thesis implements authentication schemes in µ-sensors that will detect false injection of data into the communication path of the base station and sensors. In addition to that this thesis focuses on an application of RFIDs deployed in library application. Discusses the privacy and authentication issues in RFID tags particularly in the library domain. Describes an authentication scheme implementation to handle these vulnerabilities

Survey and Systematization of Secure Device Pairing

Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99