63 research outputs found
Criptografía ligera en dispositivos de identificación por radiofrecuencia- RFID
Esta tesis se centra en el estudio de la tecnología de identificación por radiofrecuencia (RFID), la cual puede ser considerada como una de las tecnologías más prometedoras dentro del área de la computación ubicua. La tecnología RFID podría ser el sustituto de los códigos de barras. Aunque la tecnología RFID ofrece numerosas ventajas frente a otros sistemas de identificación, su uso lleva asociados riesgos de seguridad, los cuales no son fáciles de resolver. Los sistemas RFID pueden ser clasificados, atendiendo al coste de las etiquetas, distinguiendo principalmente entre etiquetas de alto coste y de bajo coste. Nuestra investigación se centra fundamentalmente en estas últimas. El estudio y análisis del estado del arte nos ha permitido identificar la necesidad de desarrollar soluciones criptográficas ligeras adecuadas para estos dispositivos limitados. El uso de soluciones criptográficas estándar supone una aproximación correcta desde un punto de vista puramente teórico. Sin embargo, primitivas criptográficas estándar (funciones resumen, código de autenticación de mensajes, cifradores de bloque/flujo, etc.) exceden las capacidades de las etiquetas de bajo coste. Por tanto, es necesario el uso de criptografía ligera._______________________________________This thesis examines the security issues of Radio Frequency Identification
(RFID) technology, one of the most promising technologies in the field of
ubiquitous computing. Indeed, RFID technology may well replace barcode
technology. Although it offers many advantages over other identification
systems, there are also associated security risks that are not easy to address.
RFID systems can be classified according to tag price, with distinction
between high-cost and low-cost tags. Our research work focuses mainly
on low-cost RFID tags. An initial study and analysis of the state of the
art identifies the need for lightweight cryptographic solutions suitable for
these very constrained devices. From a purely theoretical point of view,
standard cryptographic solutions may be a correct approach. However,
standard cryptographic primitives (hash functions, message authentication
codes, block/stream ciphers, etc.) are quite demanding in terms of circuit
size, power consumption and memory size, so they make costly solutions
for low-cost RFID tags. Lightweight cryptography is therefore a pressing
need.
First, we analyze the security of the EPC Class-1 Generation-2 standard,
which is considered the universal standard for low-cost RFID tags.
Secondly, we cryptanalyze two new proposals, showing their unsuccessful
attempt to increase the security level of the specification without much further
hardware demands. Thirdly, we propose a new protocol resistant to
passive attacks and conforming to low-cost RFID tag requirements. In this
protocol, costly computations are only performed by the reader, and security
related computations in the tag are restricted to very simple operations.
The protocol is inspired in the family of Ultralightweight Mutual Authentication
Protocols (UMAP: M2AP, EMAP, LMAP) and the recently proposed
SASI protocol. The thesis also includes the first published cryptanalysis of
xi
SASI under the weakest attacker model, that is, a passive attacker. Fourthly,
we propose a new protocol resistant to both passive and active attacks and
suitable for moderate-cost RFID tags. We adapt Shieh et.’s protocol for
smart cards, taking into account the unique features of RFID systems. Finally,
because this protocol is based on the use of cryptographic primitives
and standard cryptographic primitives are not supported, we address the
design of lightweight cryptographic primitives. Specifically, we propose
a lightweight hash function (Tav-128) and a lightweight Pseudo-Random
Number Generator (LAMED and LAMED-EPC).We analyze their security
level and performance, as well as their hardware requirements and show that both could be realistically implemented, even in low-cost RFID tags
Asioiden Internetin tietoturva: ratkaisuja, standardeja ja avoimia ongelmia
Internet of Things (IoT) extends the Internet to our everyday objects, which enables new kind of applications and services. These IoT applications face demanding technical challenges: the number of ‘things’ or objects can be very large, they can be very con-strained devices, and may need to operate on challenging and dynamic environments. However, the architecture of today’s Internet is based on many legacy protocols and technology that were not originally designed to support features like mobility or the huge and growing number of objects the Internet consists of today. Similarly, many security features of today’s Internet are additional layers built to fill up flaws in the un-derlying design. Fulfilling new technical requirements set by IoT applications requires efficient solutions designed for the IoT use from the ground up. Moreover, the imple-mentation of this new IoT technology requires interoperability and integration with tra-ditional Internet. Due to considerable technical challenges, the security is an often over-looked aspect in the emerging new IoT technology.
This thesis surveys general security requirements for the entire field of IoT applica-tions. Out of the large amount of potential applications, this thesis focuses on two major IoT application fields: wireless sensor networks and vehicular ad-hoc networks. The thesis introduces example scenarios and presents major security challenges related to these areas. The common standards related to the areas are examined in the security perspective. The thesis also examines research work beyond the area of standardization in an attempt to find solutions to unanswered security challenges. The thesis aims to give an introduction to the security challenges in the IoT world and review the state of the security research through these two major IoT areas
RFID Authentification Protocols using Symmetric Cryptography
Radio Frequency IDentification (RFID) is emerging in a variety
of applications as an important technology for identifying and
tracking goods and assets. The spread of RFID technology,
however, also gives rise to significant user privacy and
security issues. One possible solution to these challenges is
the use of a privacy-enhancing cryptographic protocol to
protect RFID communications.
This thesis considers RFID authentication protocols that make
use of symmetric cryptography. We first identify the privacy,
security and performance requirements for RFID systems. We then
review recent related work, and assess the capabilities of
previously proposed protocols with respect to the identified
privacy, security and performance properties.
The thesis makes four main contributions. First, we introduce
server impersonation attacks as a novel security threat to RFID
protocols. RFID tag memory is generally not tamper-proof, since
tag costs must be kept low, and thus it is vulnerable to
compromise by physical attacks. We show that such attacks can
give rise to desynchronisation between server and tag in a
number of existing RFID authentication protocols. We also
describe possible countermeasures to this novel class of
attacks.
Second, we propose a new authentication protocol for RFID
systems that provides most of the identified privacy and
security features. The new protocol resists tag information
leakage, tag location tracking, replay attacks, denial of
service attacks and backward traceability. It is also more
resistant to forward traceability and server impersonation
attacks than previously proposed schemes. The scheme requires
less tag-side storage than existing protocols and requires only
a moderate level of tag-side computation.
Next, we survey the security requirements for RFID tag
ownership transfer. In some applications, the bearer of an RFID
tag might change, with corresponding changes required for the
RFID system infrastructure. We propose novel authentication
protocols for tag ownership and authorisation transfer. The
proposed protocols satisfy the requirements presented, and have
desirable performance characteristics.
Finally, we address the issue of scalability in anonymous RFID
authentication protocols. Many previously proposed protocols
suffer from scalability issues because they require a linear
search to identify or authenticate a tag. Some RFID protocols,
however, only require constant time for tag identification;
unfortunately, all previously proposed schemes of this type
have serious shortcomings. We propose a novel RFID pseudonym
protocol that takes constant time to authenticate a tag, and
meets the identified privacy, security and performance
requirements. The proposed scheme also supports tag delegation
and ownership transfer in an efficient way
Mutual Authentication Protocols for RFID Systems
Radio-Frequency Identification Devices (RFID) is emerging as a pervasive computing technology with numerous applications. Current low-cost RFID tags are highly resource-constrained and cannot support complex security mechanisms. Hence they have potential risks and may violate the privacy of their bearers. The challenge in providing security for low-cost RFID tags lies in that they are computationally weak devices, unable to perform even basic symmetric-key cryptographic operations as proposed in currently available protocols. In this thesis we have analyzed the security issues and requirements for a RFID system. We have proposed a suite of lightweight mutual authentication protocols for low-cost RFID tags which offer an adequate level of security at much reduced cost. We also compare our proposed protocols with those proposed by others. Furthermore we apply our proposed protocol to secure a supply chain management system.Computer Science Departmen
Security protocols for EPC class-1 Gen-2 RFID multi-tag systems
The objective of the research is to develop security protocols for EPC C1G2 RFID Passive Tags in the areas of ownership transfer and grouping proof
Cryptographic Approaches To Security and Privacy Issues In Pervasive Computing
Technological innovation has enabled tiny devices to participate in pervasive com- puting. Such devices are particularly vulnerable to security and privacy threats, because of their limited computing resources and relatively weak physical security. We investigate possible cryptographic solutions to security and privacy problems arising in two kinds of emerging pervasive computing networks: Personal Area Net- works (PANs) and the EPCglobal Network.
A number of key management schemes have been proposed for use in PANs, but these schemes only support key management within a PAN. However, as people are increasingly equipped with multiple wireless devices, PANs are likely to be intercon- nected to share information or services. We introduce a term, iPANs, to name such interconnected PANs. We define system models and design goals for key manage- ment in iPANs, and propose a novel security initialisation scheme for use in iPANs. The proposed scheme achieves desirable security and efficiency properties by making use of the unique characteristics of PANs.
The EPCglobal Network is designed to give efficiency and cost savings in and beyond the supply chain using Radio Frequency Identification (RFID) technology; however, privacy threats affecting such networks are particularly serious. We construct a formal privacy model for RFID systems accurately reflecting adversarial threats and power. We then give brief privacy analysis for the existing privacy-enhanced RFID schemes which have received wide attention in the literature. We then construct a secure refresh-based RFID system based on re-encryption techniques, and prove its privacy using the defined privacy model. Finally, we show that the proposed scheme can greatly enhance the security and privacy of EPC tags, making the maximum use of given tag functionalities as specified in the standards
Enhancing RFID performance and security in networked environments
In this thesis we propose and present a number of methods by which the performance and security of networked RFID systems can be improved. These include a networked P2P RFID architecture, a comprehensive RFID security framework, a RFID security protocol and an RFID malware detection and Prevention technique
Practical privacy enhancing technologies for mobile systems
Mobile computers and handheld devices can be used today to connect to services available on the Internet. One of the predominant technologies in this respect for wireless Internet connection is the IEEE 802.11 family of WLAN standards. In many countries, WLAN access can be considered ubiquitous; there is a hotspot available almost anywhere. Unfortunately, the convenience provided by wireless Internet access has many privacy tradeoffs that are not obvious to mobile computer users. In this thesis, we investigate the lack of privacy of mobile computer users, and propose practical enhancements to increase the privacy of these users.
We show how explicit information related to the users' identity leaks on all layers of the protocol stack. Even before an IP address is configured, the mobile computer may have already leaked their affiliation and other details to the local network as the WLAN interface openly broadcasts the networks that the user has visited. Free services that require authentication or provide personalization, such as online social networks, instant messengers, or web stores, all leak the user's identity. All this information, and much more, is available to a local passive observer using a mobile computer.
In addition to a systematic analysis of privacy leaks, we have proposed four complementary privacy protection mechanisms. The main design guidelines for the mechanisms have been deployability and the introduction of minimal changes to user experience. More specifically, we mitigate privacy problems introduced by the standard WLAN access point discovery by designing a privacy-preserving access-point discovery protocol, show how a mobility management protocol can be used to protect privacy, and how leaks on all layers of the stack can be reduced by network location awareness and protocol stack virtualization. These practical technologies can be used in designing a privacy-preserving mobile system or can be retrofitted to current systems
- …