Protecting Privacy and Ensuring Security of RFID Systems Using Private Authentication Protocols

Radio Frequency IDentification (RFID) systems have been studied as an emerging technology for automatic identification of objects and assets in various applications ranging from inventory tracking to point of sale applications and from healthcare applications to e-passport. The expansion of RFID technology, however, gives rise to severe security and privacy concerns. To ensure the widespread deployment of this technology, the security and privacy threats must be addressed. However, providing solutions to the security and privacy threats has been a challenge due to extremely inadequate resources of typical RFID tags. Authentication protocols can be a possible solution to secure RFID communications. In this thesis, we consider RFID authentication protocols based on symmetric key cryptography. We identify the security and privacy requirements for an RFID system. We present four protocols in this thesis. First, we propose a lightweight authentication protocol for typical tags that can perform symmetric key operations. This protocol makes use of pseudo random number generators (PRNG) and one way hash functions to ensure the security and privacy requirements of RFID systems. Second, we define the desynchronizing attack and describe the vulnerabilities of this attack in RFID systems. We propose a robust authentication protocol that can prevent the desynchronizing attack. This protocol can recover the disabled tags that are desynchronized with the reader because of this attack. Third, we introduce a novel authentication protocol based on elliptic curve cryptography (ECC) to avoid the counterfeiting problem of RFID systems. This protocol is appropriate for the RFID tags that can perform the operations of ECC. Finally, to address the tradeoff between scalability and privacy of RFID systems, we propose an efficient anonymous authentication protocol. We characterize the privacy of RFID systems and prove that our protocol preserves the privacy of RFID tags and achieves better scalability as well

ENSURING SPECIFICATION COMPLIANCE, ROBUSTNESS, AND SECURITY OF WIRELESS NETWORK PROTOCOLS

Several newly emerged wireless technologies (e.g., Internet-of-Things, Bluetooth, NFC)—extensively backed by the tech industry—are being widely adopted and have resulted in a proliferation of diverse smart appliances and gadgets (e.g., smart thermostat, wearables, smartphones), which has ensuingly shaped our modern digital life. These technologies include several communication protocols that usually have stringent requirements stated in their specifications. Failing to comply with such requirements can result in incorrect behaviors, interoperability issues, or even security vulnerabilities. Moreover, lack of robustness of the protocol implementation to malicious attacks—exploiting subtle vulnerabilities in the implementation—mounted by the compromised nodes in an adversarial environment can limit the practical utility of the implementation by impairing the performance of the protocol and can even have detrimental effects on the availability of the network. Even having a compliant and robust implementation alone may not suffice in many cases because these technologies often expose new attack surfaces as well as new propagation vectors, which can be exploited by unprecedented malware and can quickly lead to an epidemic

AnonPri: A Secure Anonymous Private Authentication Protocol for RFID Systems

Privacy preservation in RFID systems is a very important issue in modern day world. Privacy activists have been worried about the invasion of user privacy while using various RFID systems and services. Hence, significant efforts have been made to design RFID systems that preserve users\u27 privacy. Majority of the privacy preserving protocols for RFID systems require the reader to search all tags in the system in order to identify a single RFID tag which not efficient for large scale systems. In order to achieve high-speed authentication in large-scale RFID systems, researchers propose tree-based approaches, in which any pair of tags share a number of key components. Another technique is to perform group-based authentication that improves the tradeoff between scalability and privacy by dividing the tags into a number of groups. This novel authentication scheme ensures privacy of the tags. However, the level of privacy provided by the scheme decreases as more and more tags are compromised. To address this issue, in this paper, we propose a group based anonymous private authentication protocol (AnonPri) that provides higher level of privacy than the above mentioned group based scheme and achieves better efficiency (in terms of providing privacy) than the approaches that prompt the reader to perform an exhaustive search. Our protocol guarantees that the adversary cannot link the tag responses even if she can learn the identifier of the tags. Our evaluation results demonstrates that the level of privacy provided by AnonPri is higher than that of the group based authentication technique

AnonPri: A Secure Anonymous Private Authentication Protocol for RFID Systems

Privacy preservation in RFID systems is a very important issue in modern day world. Privacy activists have been worried about the invasion of user privacy while using various RFID systems and services. Hence, significant efforts have been made to design RFID systems that preserve users\u27 privacy. Majority of the privacy preserving protocols for RFID systems require the reader to search all tags in the system in order to identify a single RFID tag which not efficient for large scale systems. In order to achieve high-speed authentication in large-scale RFID systems, researchers propose tree-based approaches, in which any pair of tags share a number of key components. Another technique is to perform group-based authentication that improves the tradeoff between scalability and privacy by dividing the tags into a number of groups. This novel authentication scheme ensures privacy of the tags. However, the level of privacy provided by the scheme decreases as more and more tags are compromised. To address this issue, in this paper, we propose a group based anonymous private authentication protocol (AnonPri) that provides higher level of privacy than the above mentioned group based scheme and achieves better efficiency (in terms of providing privacy) than the approaches that prompt the reader to perform an exhaustive search. Our protocol guarantees that the adversary cannot link the tag responses even if she can learn the identifier of the tags. Our evaluation results demonstrates that the level of privacy provided by AnonPri is higher than that of the group based authentication technique

ProQuPri: Towards Anonymity Protection with Privacy Quantification for Context-aware Applications

Privacy is the most often-cited criticism of context awareness in pervasive environments and may be the utmost barrier to its enduring success. Users certainly desire to be notified of potential data capture. Context-based pervasive applications have the vulnerabilities of tracking and capturing extensive portions of users\u27 activities. Whether such data capture is an actual threat or not, users\u27 perceptions of such possibilities may discourage them from using and adopting pervasive applications. So far in context-based pervasive applications, location data has been the main focus to make users anonymous. However in reality, anonymity depends on all the privacy sensitive data collected by the applications. Protecting anonymity with the help of an anonymizer has the susceptibility of a single point of failure. In this poster, we propose a formal model ProQuPri (Protect Anonymity and Quantify Privacy) that preserves users\u27 anonymity without anonymizer while quantifies the amount of privacy at the time asking for services from untrustworthy service providers. Before placing a request, each user can protect his own anonymity by collaborating with his peers

REBIVE: A Reliable Private Data Aggregation Scheme for Wireless Sensor Networks

An important topic addressed by the wireless sensor networks community over the last several years is the in-network data aggregation. It is significant as well as a challenging issue to provide reliable data aggregation scheme while preserving data privacy. However, in WSNs, achieving ideal data accuracy is complicated due to collision, heavy network traffic, processing delays and/or several attacks. The problem of gathering accurate integrated data will be further intensified if the environment is adverse. Hence how to attain data privacy and perfect data accuracy are two major challenges for data aggregation in wireless sensor networks. To address this problem, we propose in this paper a new privacy preserving data aggregation scheme. We present REBIVE (REliaBle prIVate data aggrEgation scheme). In REBIVE the data accuracy maintenance and data privacy protection mechanisms work cooperatively. Different from past research, our proposed solution have the following features: providing privacy preservation technique for individual sensor data and aggregated sensor data; maintaining perfect data accuracy for realistic environments; being highly efficient; and being robust to popular attacks launched in WSNs

Secured Tag Identification Using EDSA (Enhanced Distributed Scalable Architecture)

RFID technology has become increasingly popular in todays society and plays an important role in daily life. However, the exploitation of this technology requires practical and secure solutions to overcome certain issues. In the case of RFID systems, privacy protection and scalability are two conflicting goals. Nevertheless, in this paper we propose a hexagonal cell based distributed architecture which ensures improved scalability while maintaining privacy. The hexagonal architecture allows readers to co-operate with one another to identify tags without compromising scalability. Furthermore, this architecture uses serverless protocols for security assurance, cutting down set up and maintenance cost as well as traffic to server. To the best of our knowledge, we propose a combination of servered and serverless techniques within the same distributed architecture for the first time. Our proposed distributed scalable architecture together with the secure serverless protocols can be used in numerous real life situations

AnonPri: An Efficient Anonymous Private Authentication Protocol

Privacy protection is a very important issue during authentications in RFID systems. In order to achieve high-speed authentication in large-scale RFID systems, researchers propose tree-based approaches, in which any pair of tags share a number of key components. Another technique can be to perform group based private authentication that improves the tradeoff between scalability and privacy by dividing the tags into a number of groups. This is a novel authentication scheme that ensures privacy of the provers. However, one limitation of this technique is that the level of privacy provided by the scheme decreases as more and more tags are compromised Therefore, in this paper, we propose a group based anonymous private authentication protocol (AnonPri) that provides higher level of privacy than the above mention group based scheme and achieves better efficiency than the approaches that prompt the reader to perform an exhaustive search. Our protocol provides unlinkability and thereby preserves privacy. The adversary cannot link the responses with the tags, even if she can learn the identifier that the tags are using to produce the response. To evaluate AnonPri, we have compared both the protocols, AnonPri and the group based authentication. The experiment results establish that the level of privacy provided by AnonPri is higher than that of the group based authentication

Supporting Recovery, Privacy and Security in RFID Systems Using a Robust Authentication Protocol

RFID systems have been scrutinized nowadays as one of the emerging technologies in pervasive environment. And authentication becomes indispensible in applications where security and privacy are major concerns. Besides thwarting some major attacks, RFID systems need to be able to recover from unexpected conditions during operation. In this paper, we propose a Robust Authentication Protocol (RoAP) that supports not only security and privacy, but also recovery in RFID systems. The protocol can get back the desynchronized tags and readers to their normal state, and thus provides robustness. We also present a safety ring consisted of six major goals that have to ensure by each RFID system to be secured. This paper illustrates security and robustness analysis of the protocol. Finally, we present the implementation of our authentication protocol

S-Search: Finding RFID Tags using Scalable and Secure Search Protocol

Massively deploying RFID systems that preserve data integrity and security is a major challenge of the coming years. Since RFID tags are extremely constrained in time and space, enforcing high level of security with excessive cryptographic computation is not possible. Secured mechanisms for tag authentication have been in the midst of researcher’s interest for almost a decade. One extension of RFID authentication is RFID tag searching, which has not been given much attention so far. But we firmly believe that in near future tag searching will be a significant issue. And tag searching need to be scalable as RFID tags are deployed comprehensively within a system. In this paper we propose a scalable and lightweight RFID tag searching protocol. This protocol can search a particular tag efficiently as the approach is not based on exhaustive search. This approach does not employ extreme computing or cryptographic functions. Our proposed scalable search protocol is secured against major security threats and it is suitable to be used in numerous real life situations