A New Ultralightweight RFID Protocol for Low-Cost Tags: R^{2}AP

Several ultralightweight radio frequency identification (RFID) authentication protocols have been proposed in recent years. However, all of these protocols are reported later that they are vulnerable to various kinds of attacks (such as replay attack, de-synchronization attack, full disclosure attack, etc.) and/or have user privacy concerns. In this paper, we propose a new ultralightweight RFID protocol named reconstruction based RFID authentication protocol (R \(^{2}\) AP), which is based on the use of a new bitwise operation reconstruction. Operation reconstruction has three important properties: Hamming weight unpredictability, irreversibility and effectiveness. Some or all of these properties are absent in previous protocols and therefore has caused a lot of insecurity issues. The proposed R \(^{2}\) AP takes advantage of reconstruction to guarantee security of RFID system. Furthermore, we improve the Juels–Weis untraceability model so that the extended mathematic model can be used to analyze security functionality for ultralightweight RFID protocols. Our security analysis and performance evaluations demonstrate that (1) R \(^{2}\) AP can withstand all attacks mentioned in the paper and protect users’ privacy; (2) R \(^{2}\) AP is indeed an effective RFID protocol that can be implemented on low-cost tags.     

Improvement of the Hash-Based RFID Mutual Authentication Protocol

Radio frequency identification (RFID) is a popular kind of automatic identification technologies that uses radio frequencies. Many security and privacy problems my be raised in the using of RFID due to its radio transmission nature. In 2012, Cho et al. (Comput Math Appl, 2012. doi:10.1016/j.camwa.2012.02.025) proposed a new hash-based RFID mutual authentication protocol to solve these problems. However, this protocol was demonstrated to be vulnerable to DOS attack. This paper further shows that Cho et al.’s protocol is vulnerable to traffic analysis and tag/reader impersonation attacks. An improved protocol is also proposed which can prevent the said attacks.     

A practical RFID authentication mechanism for digital television

As information technology continuously progresses, more applied technologies are developed, such as radio frequency identification (RFID). In this paper, we propose a novel digital television (DTV) structure that uses RFID for encryption. RFID is widely used for various applications because of its advantages such as an extended lifetime and security, and it is less affected by environmental constraints. The proposed protocol uses RFID for encryption to withstand many attacks that the traditional system is vulnerable to, such as impersonation attack, replay attack and smart card cloning. Compared with other protocols, the proposed protocol is more secure and efficient. Thus, our proposed protocol makes the DTV framework more complete and secure.     

Low-cost authentication protocol for passive,computation capable RFID tags

Authentication of products and humans is one of the major future applications of Radio Frequency IDentification (RFID) technology. None of the recent RFID technology related authentication approaches has been fully convincing. Either these schemes offer a low-level of security or they are vulnerable to Denial-of-Service attacks that keep the authentication system from proper functioning. Some schemes raise privacy and security concerns as they reveal confidential information about the RFID tag bearer and allow their world-wide tracking. In this paper, we present a novel cryptographic authentication protocol that fills the security holes imposed by RFID technology. Moreover, it provides significantly lower cost in terms of computational effort and communication than currently proposed protocols such as Mutual Authentication Protocol (MAP) and Yet Another Trivial Authentication Protocol\(^{*}\, (\hbox {YA-TRAP}^{*})\). We also present the implementation of our cryptographic authentication protocol on a real passive computation capable RFID tag known as Wireless Identification and Sensing Platform. The experimental results show that our protocol has double the rate of successful authentication as comapred to \(\hbox {YA-TRAP}^{*}\) and MAP. It also takes 33 % less time to authenticate.     

A Lightweight Authentication Protocol for Low-Cost RFID

As low-cost RFIDs with limited resources will dominate most of the RFID market, it is imperative to design lightweight RFID authentication protocols for these low-cost RFIDs. However, most of existing RFID authentication protocols either suffer from some security weaknesses or require costly operations that are not available on low-cost tags. In this paper, we analyze the security vulnerabilities of a lightweight authentication protocol recently proposed by Li et al. (2006), and then propose a new lightweight protocol to improve the security and to reduce the computational cost for identifying a tag from O(n) to O(1).     

A Low-Cost RFID Authentication Protocol Against Desynchronization with a Random Tuple

Radio frequency identification (RFID) technology will become one of the most popular technologies to identify objects in the near future. However, the major barrier that the RFID system is facing presently is the security and privacy issue. Recently, a lightweight anti-desynchronization RFID authentication protocol has been proposed to provide security and prevent all possible malicious attacks. However, it is discovered that a type of desynchronization attacks can successfully break the proposed scheme. To overcome the vulnerability under the desynchronization attacks, we propose a low-cost RFID authentication protocol which integrates the operation of the XOR, build-in CRC-16 function, permutation, a random tuple and secret key backup technology to improve the security functionality without increasing any cost than the utralightweight protocols. The analysis shows that our proposal has a strong ability to prevent existing malicious attacks, especially the desynchronization attacks.     

Attacks on and Countermeasures for Two RFID Protocols

Radio Frequency Identification (RFID) technology is expected to play a key role in the Internet of Things (IoT) and has applications in a wide variety of domains ranging from automation to healthcare systems. Therefore, the security and privacy of RFID communication is critical. In this paper, we analyze two recent RFID protocols proposed by researchers. Specifically we show that the ownership transfer protocol proposed by Wang et al., is vulnerable to tracing attacks while the mutual authentication protocol proposed by Cho et al. is vulnerable to key disclosure and backward traceable attacks. We propose secure improvements to these protocols to address the vulnerabilities, and improve the scalability of these schemes making them suitable for large-scale deployments.

     

More Efficient Oblivious Transfer Extensions

Oblivious transfer (OT) is one of the most fundamental primitives in cryptography and is widely used in protocols for secure two-party and multi-party computation. As secure computation becomes more practical, the need for practical large-scale OT protocols is becoming more evident. OT extensions are protocols that enable a relatively small number of “base-OTs” to be utilized to compute a very large number of OTs at low cost. In the semi-honest setting, Ishai et al. (Advances in cryptology—CRYPTO’03, vol 2729 of LNCS, Springer, 2003) presented an OT extension protocol for which the cost of each OT (beyond the base-OTs) is just a few hash function operations. In the malicious setting, Nielsen et al. (Advances in cryptology—CRYPTO’12, vol 7417 of LNCS, Springer, 2012) presented an efficient OT extension protocol for the setting of malicious adversaries that is secure in a random oracle model. In this work, we improve OT extensions with respect to communication complexity, computation complexity, and scalability in the semi-honest, covert, and malicious model. Furthermore, we show how to modify our maliciously secure OT extension protocol to achieve security with respect to a version of correlation robustness instead of the random oracle. We also provide specific optimizations of OT extensions that are tailored to the use of OT in various secure computation protocols such as Yao’s garbled circuits and the protocol of Goldreich–Micali–Wigderson, which reduce the communication complexity even further. We experimentally verify the efficiency gains of our protocols and optimizations.     

Check out the Rules: Towards Time-Efficient Rule Checking over RFID Tags

With the rapid proliferation of RFID technologies, RFID has been introduced to the applications like safety inspection and warehouse management. Conventionally a number of deployment rules are specified for these applications. This paper studies a practically important problem of rule checking over RFID tags, i.e., checking whether the specified rules are satisfied according to the RFID tags within the monitoring area. This rule checking function may need to be executed frequently over a large number of tags and therefore should be made efficient in terms of execution time. Aiming to achieve time efficiency, we respectively propose two protocols, CRCP and ECRCP. CRCP works based on collision detection, while ECRCP combines the collision detection and the logical features of the rules. Simulation results indicate that our protocols achieve much better performance than other solutions in terms of time efficiency.     

Oblivious Polynomial Evaluation and Secure Set-Intersection from Algebraic PRFs

In this paper, we study the two fundamental functionalities oblivious polynomial evaluation in the exponent and set-intersection and introduce a new technique for designing efficient secure protocols for these problems (and others). Our starting point is the technique (Benabbas et al. in CRYPTO, 2011) for verifiable delegation of polynomial evaluations, using algebraic PRFs. We use this tool, that is useful to achieve verifiability in the outsourced setting, in order to achieve privacy in the standard two-party setting. Our results imply new simple and efficient oblivious polynomial evaluation (OPE) protocols. We further show that our OPE protocols are readily used for secure set-intersection, implying much simpler protocols in the plain model. As a side result, we demonstrate the usefulness of algebraic PRFs for various search functionalities, such as keyword search and oblivious transfer with adaptive queries. Our protocols are secure under full simulation-based definitions in the presence of malicious adversaries.     

Attacks and improvements on the RFID authentication protocols based on matrix

Most of the Radio Frequency IDentification (RFID) authentication protocols, proposed to preserve security and privacy, are analysed to show that they can not provide security against some passive or active attacks. In this paper, the security of two matrix-based protocols, proposed by Karthikeyan and Nesterenko (KN protocol) and Ramachandra et al. (RRS protocol) that conform to Electronic Product Code Class-1 Generation-2 (EPC Class-1 Gen-2) standard, are investigated. Using the linear relationship of multiplication of matrix and vector, we point out that both protocols can not provide scalability, and they are vulnerable to passive impersonation attack. In addition, both protocols are totally insecure if the adversary can compromise one tag to extract the secrets. A modified lightweight matrix-based authentication protocol is presented, which can resist mainly common attacks on an RFID authentication system including eavesdropping, relay attack, desynchronization attack, impersonation attack and tag tracking attack. The new protocol also has the desirable scalability property and can keep secure under compromising attack.     

On security of wireless sensor networks: a data authentication protocol using digital signature

Guaranteeing end-to-end data security in wireless sensor networks (WSNs) is important and has drawn much attention of researchers over past years. Because an attacker may take control of compromised sensor nodes to inject bogus reports into WSNs, enhancing data authenticity becomes a necessary issue in WSNs. Unlike PCREF (Yang et al. in IEEE Trans Comput 64(1):4–18, 2015) (LEDS, Ren et al. in IEEE Trans Mobile Comput 7(5):585–598, 2008), digital signature rather than message authentication polynomials (message authentication codes) is adopted by our protocol in en-route filtering. Keeping the advantages of clusters in PCREF and overcoming the drawbacks in LEDS, an enhanced and efficient cluster-based security protocol is proposed in this paper. The proposed protocol can guarantee end-to-end data authentication with the aid of digital signature and exhibits its effectiveness and efficiency through security analysis and performance analysis. Our analytical results show that the proposed protocol significantly outperforms the closely related protocols in the literature in term of security strength and protocol overhead.     

An optimized and power savings protocol for mobility energy-aware in wireless sensor networks

Mobility management in Wireless Sensor Networks (WSNs) is a complex problem that must be taken into account in all layers of the protocol stack. But this mobility becomes very challenging at the MAC level in order to do not degrade the energy efficiency between sensor nodes that are in communication. However, among medium access protocols, sampling protocols reflect better the dynamics of such scenarios. Nevertheless, the main problem, of such protocols, remains the management of collisions and idle listening between nodes. Previous approaches like B-MAC and X-MAC, based on sampling protocols present some shortcomings. Therefore, we address the mobility issue of WSNs that use as medium access sampling protocols. Firstly, we propose a mobile access solution based on the X-MAC protocol which remains a reference protocol. This protocol, called MoX-MAC, incorporates different mechanisms that enables to mitigate the energy consumption of mobile sensor nodes. Furthermore, we extend our former work (Ba et al. in Proc. of IEEE WMNC, 2011) by evaluating the lifetime of static nodes with respect to MoX-MAC protocol, as well determine the degree of depletion of static nodes due to the presence of mobile nodes.     

From Private Simultaneous Messages to Zero-Information Arthur–Merlin Protocols and Back

Göös et al. (ITCS, 2015) have recently introduced the notion of Zero-Information Arthur–Merlin Protocols (\(\mathsf {ZAM}\)). In this model, which can be viewed as a private version of the standard Arthur–Merlin communication complexity game, Alice and Bob are holding a pair of inputs x and y, respectively, and Merlin, the prover, attempts to convince them that some public function f evaluates to 1 on (x, y). In addition to standard completeness and soundness, Göös et al., require a “zero-knowledge” property which asserts that on each yes-input, the distribution of Merlin’s proof leaks no information about the inputs (x, y) to an external observer. In this paper, we relate this new notion to the well-studied model of Private Simultaneous Messages (\(\mathsf {PSM}\)) that was originally suggested by Feige et al. (STOC, 1994). Roughly speaking, we show that the randomness complexity of \(\mathsf {ZAM}\) corresponds to the communication complexity of \(\mathsf {PSM}\) and that the communication complexity of \(\mathsf {ZAM}\) corresponds to the randomness complexity of \(\mathsf {PSM}\). This relation works in both directions where different variants of \(\mathsf {PSM}\) are being used. As a secondary contribution, we reveal new connections between different variants of \(\mathsf {PSM} \) protocols which we believe to be of independent interest. Our results give rise to better \(\mathsf {ZAM}\) protocols based on existing \(\mathsf {PSM}\) protocols, and to better protocols for conditional disclosure of secrets (a variant of \(\mathsf {PSM}\)) from existing \(\mathsf {ZAM} \)s.     

Performance Evaluation of the Enhanced MI-MAC Protocol for Multimedia Integration over Wireless Cellular Networks

In recent work (Koutsakis et al., IEEE Trans Veh Technol 54(5):1863–1874, 2005), we have introduced multimedia integration multiple access control protocol (MI-MAC). The protocol was shown to achieve superior performance in comparison to other protocols of the literature when integrating various types of multimedia traffic over wireless cellular networks. In this work we enhance the scheduling scheme of MI-MAC by adding three important parameters into its study. These are: (a) the handling of handoff traffic, (b) per user varying channel conditions in the uplink and downlink channels and (c) video sources’ contention for channel resources. These parameters are added in order to evaluate the protocol under a significantly more realistic wireless cellular network scenario. New scheduling ideas are proposed in order to efficiently incorporate the new parameters into the scheme. The evaluation, conducted by comparing the enhanced MI-MAC with another efficient protocol of the literature and with an “ideal” MAC protocol, focuses on the efficient transmission of MPEG-4 video traffic and shows that our scheme achieves excellent performance results.

Applying a formal analysis technique to the CCITT X.509 strong two-way authentication protocol

In the quest for open systems, standardization of security mechanisms, framework, and protocols are becoming increasingly important. This puts high demands on the correctness of the standards. In this paper we use a formal logic-based approach to protocol analysis introduced by Burrows et al. [1]. We extend this logic to deal with protocols using public key cryptography, and with the notion of duration to capture some time-related aspects. The extended logic is used to analyse an important CCITT standard, the X.509 Authentication Framework. We conclude that protocol analysis can benefit from the use of the notation and that it highlights important aspects of the protocol analysed. Some aspects of the formalism need further study.This research was sponsored by the Royal Norwegian Council for Scientific and Industrial Research under Grant IT 0333.22222, and was performed while K. Gaarder was at Alcatel STK Research Centre.     

Strengthening the Security of EPC C-1 G-2 RFID Standard

In this paper, we analyze the security of AZUMI protocol which is compliant with EPC-Class-1 Generation-2 standard and recently has been proposed by Peris et al. This protocol is an improvement to a protocol proposed by Chen and Deng which has been cryptanalysed by Peris et al. and Kapoor and Piramuthu. However, our security analysis clearly shows that the designers were not successful in their attempt to improve Chen and Deng protocol. More precisely, we present an efficient passive attack to disclose the tag and the reader secret parameters, due to PRNG and the length of the values. In addition, we present a simple tag impersonation attack against this protocol. The success probability of all attacks are almost “1” and the cost of given attacks are at most eavesdropping two sessions of protocol. However, the given secrets disclosure attack also requires $O(2^{16})$ off-line evaluations of a $PRNG$ function. To counteract such flaws, we improve the AZUMI protocol by applying some minor modifications so that it provides the claimed security properties.     

Authenticated Adversarial Routing

The aim of this paper is to demonstrate the feasibility of authenticated throughput-efficient routing in an unreliable and dynamically changing synchronous network in which the majority of malicious insiders try to destroy and alter messages or disrupt communication in any way. More specifically, in this paper we seek to answer the following question: Given a network in which the majority of nodes are controlled by a node-controlling adversary and whose topology is changing every round, is it possible to develop a protocol with polynomially bounded memory per processor (with respect to network size) that guarantees throughput-efficient and correct end-to-end communication? We answer the question affirmatively for extremely general corruption patterns: we only request that the topology of the network and the corruption pattern of the adversary leaves at least one path each round connecting the sender and receiver through honest nodes (though this path may change at every round). Out construction works in the public-key setting and enjoys optimal transfer rate and bounded memory per processor (that is polynomial in the network size and does not depend on the amount of traffic). We stress that our protocol assumes no knowledge of which nodes are corrupted nor which path is reliable at any round, and is also fully distributed with nodes making decisions locally, so that they need not know the topology of the network at any time. The optimality that we prove for our protocol is very strong. Given any routing protocol, we evaluate its efficiency (rate of message delivery) in the “worst case,” that is with respect to the worst possible graph and against the worst possible (polynomially bounded) adversarial strategy (subject to the above mentioned connectivity constraints). Using this metric, we show that there does not exist any protocol that can be asymptotically superior (in terms of throughput) to ours in this setting. We remark that the aim of our paper is to demonstrate via explicit example the feasibility of throughput-efficient authenticated adversarial routing. However, we stress that out protocol is not intended to provide a practical solution, as due to its complexity, no attempt thus far has been made to reduce constants and memory requirements. Our result is related to recent work of Barak et al. (Proc. of Advances in Cryptology—27th EUROCRYPT 2008, LNCS, vol. 4965, pp. 341–360, 2008) who studied fault localization in networks assuming a private-key trusted-setup setting. Our work, in contrast, assumes a public-key PKI setup and aims at not only fault localization, but also transmission optimality. Among other things, our work answers one of the open questions posed in the Barak et al. paper regarding fault localization on multiple paths. The use of a public-key setting to achieve strong error-correction results in networks was inspired by the work of Micali et al. (Proc. of 2nd Theory of Cryptography Conf., LNCS, vol. 3378, pp. 1–16, 2005) who showed that classical error correction against a polynomially bounded adversary can be achieved with surprisingly high precision. Our work is also related to an interactive coding theorem of Rajagopalan and Schulman (Proc. 26th ACM Symp. on Theory of Computing, pp. 790–799, 1994) who showed that in noisy-edge static-topology networks a constant overhead in communication can also be achieved (provided none of the processors are malicious), thus establishing an optimal-rate routing theorem for static-topology networks. Finally, our work is closely related and builds upon to the problem of End-To-End Communication in distributed networks, studied by Afek and Gafni (Proc. of the 7th ACM Symp. on Principles of Distributed Computing, pp. 131–148, 1988); Awebuch et al. (Proc. of the 30th IEEE Symp. on Foundations of Computer Science, FOCS, 1989); Afek et al. (Proc. of the 11th ACM Symp. on Principles of Distributed Computing, pp. 35–46, 1992); and Afek et al. (J. Algorithms 22:158–186, 1997), though none of these papers consider or ensure correctness in the setting of a node-controlling adversary that may corrupt the majority of the network.     

Mutual Distance Bounding Protocol with Its Implementability Over a Noisy Channel and Its Utilization for Key Agreement in Peer-to-Peer Wireless Networks

In order to protect a wireless sensor network and an RFID system against wormhole and relay attacks respectively, distance bounding protocols are suggested for the past decade. In these protocols, a verifier authenticates a user as well as estimating an upper bound for the physical distance between the user and itself. Recently, distance bounding protocols, each with a mutual authentication, are proposed to increase the security level for such systems. They are also suggested to be deployed for key agreement protocols in a short-range wireless communication system to prevent Man-in-the-Middle attack. In this paper, a new mutual distance bounding protocol called NMDB is proposed with two security parameters ( \(n\) and \(t\) ). The parameter \(n\) denotes the number of iterations in an execution of the protocol and the parameter \(t\) presents the number of errors acceptable by the verifier during \(n\) iterations. This novel protocol is implementable in a noisy wireless environment without requiring final confirmation message. Moreover, it is shown that, how this protocol can be employed for the key agreement procedures to resist against Man-in-the-Middle attack. NMDB is also analyzed in a noisy environment to compute the success probability of attackers and the rejection probability of a valid user due to channel errors. The analytically obtained results show that, with the proper selection of the security parameters ( \(n\) and \(t\) ) in a known noisy environment, NMDB provides an appropriate security level with a reliable performance.     

Designing a green optical network unit using ARMA-based traffic prediction for quality of service-aware traffic

The optical access networks (OANs) provide an attractive solution to the bandwidth bottleneck problem of the last mile. However, it has been proved (Baliga et al. in J Lightwave Technol 27(13):2391–2403, 2009; Baliga et al. in IEEE Commun Mag 49(6):70–77, 2011) that the OAN consumes a significant ratio of the total energy consumed in an optical networking scenario. This has provided incentive for inspection of energy-efficient schemes for OANs. It has been demonstrated in the literature that energy consumption figures of an OAN can be improved by either designing efficient hardware or employing better media access control (MAC) protocols. In this paper, we design a MAC protocol for OANs to ensure energy-efficiency in the presence of quality of service (QoS)-aware traffic. The proposed scheme incorporates traffic prediction-based selection of different sleep (energy-efficient) modes of operation, of the optical network units—ONUs (OAN end units). It also implements switching between different sleep modes to maintain high QoS with significant energy-efficiency figures. The discussed scheme requires processing at the ONU only and can work independent of the entire OAN (ONU assisted). Thus, our proposal is an attractive solution for the already deployed networks or even in green field deployment.