In this paper, we investigate the possible privacy and security threats to rfid systems, and consider whether previously proposed rfidprotocols address these threats. We then propose a new authenticationprotocol whi...
详细信息
ISBN:
(纸本)9781595938145
In this paper, we investigate the possible privacy and security threats to rfid systems, and consider whether previously proposed rfidprotocols address these threats. We then propose a new authenticationprotocol which provides the identified privacy and security features and is also efficient. The new protocol resists tag information leakage, tag location tracking, replay attacks, denial of service at, tacks, backward traceability, forward traceability (under an assumption), and server impersonation (also under all assumption). We also show that it requires less tag-side storage and computation than other similarly structured rfidprotocols.
Aiming at the security and privacy, and authentication efficiency shortages of existing rfid authentication protocol, an improved scheme is proposed based on Alavi et al.'s protocol. Firstly, in order to resist ag...
详细信息
Aiming at the security and privacy, and authentication efficiency shortages of existing rfid authentication protocol, an improved scheme is proposed based on Alavi et al.'s protocol. Firstly, in order to resist against replay attack, we add the timestamp generator to the reader side and use hash function to encrypt the reader identification, the random number and timestamp generated by the reader;meanwhile, to solve the data integrity problem in the original scheme, the reader matches the decrypted data with the server side message to ensure that it can detect if the data is tampered with by the attacker. Finally, the improved group anonymous authentication model is used to improve the back-end server's authentication efficiency. Theoretical analysis and experimental results show that the improved protocol effectively solves the security problems and reduces the back-end server's authentication time. In addition, this paper simulates the impact of group number on system privacy level and authentication efficiency through experiments. In practical applications, the group number can be adjusted appropriately according to different privacy and efficiency requirements, so the privacy and authentication efficiency of the system will be well-balanced.
Radio Frequency Identification (rfid) technique, as the core of Internet of Things, is facing security threats. It is critical to protect information security in rfid system. Ultralightweigh authenticationprotocols a...
详细信息
ISBN:
(纸本)9789811068935;9789811068928
Radio Frequency Identification (rfid) technique, as the core of Internet of Things, is facing security threats. It is critical to protect information security in rfid system. Ultralightweigh authenticationprotocols are an important class of rfid lightweight authenticationprotocols. RAPP is a recently proposed ultralightweight authenticationprotocol, which is different from any other existing protocols due to the use of permutation. Formal methods are vital for ensuring the security and reliability of software systems, especially safety-critical systems. A protocol abstract modeling method is presented to build abstract interaction model of RAPP which can be formalized by extracting interaction features. Due to the complexity of fundamental cryptograph operations in RAPP, the proposed method overcomes the limitation which is inconvenient to discuss security of RAPP directly with formal method. Using SPIN, authenticity and consistency of RAPP properties is verified. Analysis and verification result shows that RAPP is vulnerable against desynchronization attack. The proposed modeling method above has great significance in formal analysis of similar ultralightweight authenticationprotocols of rfid.
The widespread adoption of IoT devices has made the production of low-cost systems a priority. Since construction costs are generally directly related to the complexity of security methods, researchers are exploring m...
详细信息
The widespread adoption of IoT devices has made the production of low-cost systems a priority. Since construction costs are generally directly related to the complexity of security methods, researchers are exploring methods that provide acceptable security with minimal hardware complexity. One such method is the use of permutation functions in ultra-lightweight authenticationprotocols that employ simple operators such as XOR and Shift. This paper demonstrates the critical importance of the internal structure of a permutation function in ensuring system security. This implies that even if a protocol is designed securely and efficiently, structural weaknesses in the function can render the protocol vulnerable. To illustrate this, we examine a recently published protocol named ULBRAP for supply chain management systems and reveal its security flaws, including secret disclosure and traceability attacks. We also demonstrate the attack step-by-step on Raspberry Pi devices, publishing the details on GitHub and presenting them in a video. The attack method requires 1,710,947 hash calculations, which takes approximately 5 min in our experiments. Finally, we propose a solution to address the issues associated with these functions.
When a retail store places an item for sale at a set price, the expectation is that the customer pays this price for the item. However, the 'customer' may not necessarily pay this amount due to any number of l...
详细信息
When a retail store places an item for sale at a set price, the expectation is that the customer pays this price for the item. However, the 'customer' may not necessarily pay this amount due to any number of legitimate (e.g., price promotion) as well as illegitimate (e.g., theft) reasons. We consider ticket-switching, a scenario whereby the customer pays a lower amount for the purchased item by switching its price identifier. We propose the use of item-level rfid tags to address ticket-switching in apparel retail stores. We then develop authenticationprotocols that are directed at reducing the occurrence of ticket-switching incidents as well as identifying them when they occur. We evaluate the security properties of the proposed protocols. (C) 2013 Elsevier B.V. All rights reserved.
Recently, Radio Frequency IDentification (rfid) systems are intensively studied and widely used in every-day applications, such as, retailing, supply chain management, and medical equipment management. Tags in rfid sy...
详细信息
ISBN:
(纸本)9781424456383
Recently, Radio Frequency IDentification (rfid) systems are intensively studied and widely used in every-day applications, such as, retailing, supply chain management, and medical equipment management. Tags in rfid systems are highly efficient to be managed and tracked, but at the same time suffering from impersonation and privacy problems. Consequently, rfid systems are required to provide both efficient management, as well as authentication and privacy protection. In this paper, on the basis of fast and light-weight Niederreiter public-key cryptosystem, we propose an efficient rfid authentication protocol which satisfies the above requirements, and enjoys the following merits: 1) unlike most of the previous works that employ symmetric key cryptographic techniques, our proposal has a fast computation to find authenticated ID and needs no exhaustive search in database, which reduces the searching time significantly;2) the memory size to store the key in rfid tags can be greatly reduced by our novel methods.
Due to massive advantages of short range communication technologies such as NFC and rfid, they are ubiquitously utilized in many fancy and sensitive applications. During last decade, there have been impressive endeavo...
详细信息
ISBN:
(纸本)9781538605851
Due to massive advantages of short range communication technologies such as NFC and rfid, they are ubiquitously utilized in many fancy and sensitive applications. During last decade, there have been impressive endeavors to design efficient authenticationprotocols which can provide secure and anonymous communication for end-users. In this research, we formally analyze a recently improved authenticationprotocol which is proposed for rfid tags consistent with EPC Class 1 Generation 2 standard. Our analysis show that however the authors have tried to improve the original protocol and make it secure against various active and passive attacks, but still their improved version has some serious drawbacks which make it vulnerable to traceability and forward traceability privacy attacks. Our attacks are mounted in the Ouafi and Phan's rfid formal privacy model which is an extended version of Juels and Weis's well-known privacy model. Finally, we modify the structure of analyzed protocol and propose a revised version which prevents all discovered attacks.
暂无评论