Lightweight Mutual Authentication Protocol for Low Cost RFID Tags

Radio Frequency Identification (RFID) technology one of the most promising technologies in the field of ubiquitous computing. Indeed, RFID technology may well replace barcode technology. Although it offers many advantages over other identification systems, there are also associated security risks that are not easy to be addressed. When designing a real lightweight authentication protocol for low cost RFID tags, a number of challenges arise due to the extremely limited computational, storage and communication abilities of Low-cost RFID tags. This paper proposes a real mutual authentication protocol for low cost RFID tags. The proposed protocol prevents passive attacks as active attacks are discounted when designing a protocol to meet the requirements of low cost RFID tags. However the implementation of the protocol meets the limited abilities of low cost RFID tags.Comment: 11 Pages, IJNS

Pitfalls in Ultralightweight RFID Authentication Protocol

Radio frequency identification (RFID) is one of the most promising identification schemes in the field of pervasive systems. Non-line of sight capability makes RFID systems more protuberant than its contended systems. Since the RFID systems incorporate wireless medium, so there are some allied security threats and apprehensions from malicious adversaries. In order to make the system reliable and secure, numerous researchers have proposed ultralightweight mutual authentication protocols; which involve only simple bitwise logical operations (AND, XOR & OR etc.) to provide security. In this paper, we have analyzed the security vulnerabilities of state of the art ultralightweight RFID authentication protocol: RAPP. We have proposed three attacks (two DoS and one Desynchronization) in RAPP protocol and challenged its security claims.  Moreover, we have also highlighted some common pitfalls in ultralightweight authentication protocol designs. This will help as a sanity check, improve and longevity of ultralightweight authentication protocol designs

Ultralightweight Cryptography for passive RFID systems

RFID (Radio Frequency Identification) is one of the most growing technologies among the pervasive systems. Non line of sight capability makes RFID systems much faster than its other contending systems such as barcodes and magnetic taps etc. But there are some allied security apprehensions with RFID systems. RFID security has been acquired a lot of attention in last few years as evinced by the large number of publications (over 3000). In this paper, a brief survey of eminent ultralightweight authentication protocols has been presented & then a four-layer security model, which comprises of various passive and active attacks, has been proposed. Finally, Cryptanalysis of these protocols has also been performed under the implications of the proposed security model

MUMAP: Modified Ultralightweight Mutual Authentication protocol for RFID enabled IoT networks

Flawed authentication protocols led to the need for a secured protocol for radio frequency identification (RFID) techniques. In this paper, an authentication protocol named Modified ultralightweight mutual authentication protocol (MUMAP) has been proposed and cryptanalysed by Juel-Weis challenge. The proposed protocol aimed to reduce memory requirements in the authentication process for low-cost RFID tags with limited resources. Lightweight operations like XOR and Left Rotation, are used to circumvent the flaws made in the other protocols. The proposed protocol has three-phase of authentication. Security analysis of the proposed protocol proves its resistivity against attacks like desynchronization, disclosure, tracking, and replay attack. On the other hand, performance analysis indicates that it is an effective protocol to use in low-cost RFID tags. Juel-Weis challenge verifies the proposed protocol where it shows insusceptibility against modular operations

On the Improper Use of CRC for Cryptographic Purposes in RFID Mutual Authentication Protocols

Mutual authentication is essential to guarantee the confidentiality, integrity, and availability of an RFID system. One area of interest is the design of lightweight mutual authentication protocols that meet the limited computational and energy resources of the tags. These protocols use simple operations such as permutation and cyclic redundancy code for cryptographic purposes. However, these functions are cryptographically weak and are easily broken. In this work, we present a case against the use of these functions for cryptographic purposes, due to their simplicity and linear properties, by analyzing the LPCP protocol. We evaluate the claims of the LPCP resistance to de-synchronization and full disclosure attacks and show that the protocol is weak and can be easily broken by eavesdropping on a few mutual authentication sessions. This  weakness stems from the functions themselves as well as the improper use of inputs to these functions. We further offer suggestions that would help in designing more secure protocols

Prevention And Detection Mechanism For Security In Passive Rfid System

Low-cost radio frequency identification (RFID) tags conforming to the EPCglobal Class-1 Generation-2 standard are inherently insecure due to computational constraints. This thesis proposed the use of both prevention and detection mechanisms to solve the security and privacy issues. A lightweight cryptographic mutual authentication protocol which is resistant to tracking, denial of service (DoS) and replay attacks is proposed as a prevention mechanism. The proposed protocol is designed with lightweight cryptographic algorithm, including XOR, Hamming distance, rotation and a modified linear congruential generator (MLCG). The proposed protocol using 64 bits index is proved having the lowest non-unequivocally identification probability. In addition, the randomness of the session key generated from the MLCG is verified using NIST test suite. Besides that, the security of the proposed protocol is validated using the formal analysis tool, AVISPA. The correctness of the proposed protocol is demonstrated in a simulation model developed in JAVA TCP/IP socket. Next, the proposed protocol is implemented in RFID system including IAIK UHF Demo tag, TagSense Nano-UHF reader and back-end database. A GUI is created in a form of JAVA application to display data detected from tag. The proposed protocol implemented in real RFID system outperforms other related protocols because of 13.46 % shorter read time and write time consumed. The system is proved to be able to prevent tracking, DoS, and replay attacks from adversaries with moderate computation requirement compared to other related protocols

Criptografía ligera en dispositivos de identificación por radiofrecuencia- RFID

Esta tesis se centra en el estudio de la tecnología de identificación por radiofrecuencia (RFID), la cual puede ser considerada como una de las tecnologías más prometedoras dentro del área de la computación ubicua. La tecnología RFID podría ser el sustituto de los códigos de barras. Aunque la tecnología RFID ofrece numerosas ventajas frente a otros sistemas de identificación, su uso lleva asociados riesgos de seguridad, los cuales no son fáciles de resolver. Los sistemas RFID pueden ser clasificados, atendiendo al coste de las etiquetas, distinguiendo principalmente entre etiquetas de alto coste y de bajo coste. Nuestra investigación se centra fundamentalmente en estas últimas. El estudio y análisis del estado del arte nos ha permitido identificar la necesidad de desarrollar soluciones criptográficas ligeras adecuadas para estos dispositivos limitados. El uso de soluciones criptográficas estándar supone una aproximación correcta desde un punto de vista puramente teórico. Sin embargo, primitivas criptográficas estándar (funciones resumen, código de autenticación de mensajes, cifradores de bloque/flujo, etc.) exceden las capacidades de las etiquetas de bajo coste. Por tanto, es necesario el uso de criptografía ligera._______________________________________This thesis examines the security issues of Radio Frequency Identification (RFID) technology, one of the most promising technologies in the field of ubiquitous computing. Indeed, RFID technology may well replace barcode technology. Although it offers many advantages over other identification systems, there are also associated security risks that are not easy to address. RFID systems can be classified according to tag price, with distinction between high-cost and low-cost tags. Our research work focuses mainly on low-cost RFID tags. An initial study and analysis of the state of the art identifies the need for lightweight cryptographic solutions suitable for these very constrained devices. From a purely theoretical point of view, standard cryptographic solutions may be a correct approach. However, standard cryptographic primitives (hash functions, message authentication codes, block/stream ciphers, etc.) are quite demanding in terms of circuit size, power consumption and memory size, so they make costly solutions for low-cost RFID tags. Lightweight cryptography is therefore a pressing need. First, we analyze the security of the EPC Class-1 Generation-2 standard, which is considered the universal standard for low-cost RFID tags. Secondly, we cryptanalyze two new proposals, showing their unsuccessful attempt to increase the security level of the specification without much further hardware demands. Thirdly, we propose a new protocol resistant to passive attacks and conforming to low-cost RFID tag requirements. In this protocol, costly computations are only performed by the reader, and security related computations in the tag are restricted to very simple operations. The protocol is inspired in the family of Ultralightweight Mutual Authentication Protocols (UMAP: M2AP, EMAP, LMAP) and the recently proposed SASI protocol. The thesis also includes the first published cryptanalysis of xi SASI under the weakest attacker model, that is, a passive attacker. Fourthly, we propose a new protocol resistant to both passive and active attacks and suitable for moderate-cost RFID tags. We adapt Shieh et.’s protocol for smart cards, taking into account the unique features of RFID systems. Finally, because this protocol is based on the use of cryptographic primitives and standard cryptographic primitives are not supported, we address the design of lightweight cryptographic primitives. Specifically, we propose a lightweight hash function (Tav-128) and a lightweight Pseudo-Random Number Generator (LAMED and LAMED-EPC).We analyze their security level and performance, as well as their hardware requirements and show that both could be realistically implemented, even in low-cost RFID tags

Mutual Authentication Protocol Model For Low-Cost RFID Systems Based On Shelled Random Value

Designing a reliable secure low-cost protocol for radio-frequency identification (RFID) is difficult, standard cryptographic primitives can become a limitation for low-cost tags due to their costly large requirements in terms of circuit size, power consumption, and memory size. Therefore, ultralightweight cryptography in designing low-cost RFID protocols capable of executing data communication sessions efficiently and effectively are needed to solve database loading, passive attacks, desynchronization and high computational cost problems

Cryptanalysis of two mutual authentication protocols for low-cost RFID

Radio Frequency Identification (RFID) is appearing as a favorite technology for automated identification, which can be widely applied to many applications such as e-passport, supply chain management and ticketing. However, researchers have found many security and privacy problems along RFID technology. In recent years, many researchers are interested in RFID authentication protocols and their security flaws. In this paper, we analyze two of the newest RFID authentication protocols which proposed by Fu et al. and Li et al. from several security viewpoints. We present different attacks such as desynchronization attack and privacy analysis over these protocols.Comment: 17 pages, 2 figures, 1 table, International Journal of Distributed and Parallel system