Vulnerability analysis of RFID protocols for tag ownership transfer

In RFIDSec’08, Song proposed an ownership transfer scheme, which consists of an ownership transfer protocol and a secret update protocol [7]. The ownership transfer protocol is completely based on a mutual authentication protocol proposed in WiSec’08 [8]. In Rizomiliotis et al. (2009) [6], van Deursen and Radomirovic (2008), the first weaknesses to be identified (tag and server impersonation) were addressed and this paper completes the consideration of them all. We find that the mutual authentication protocol, and therefore the ownership transfer protocol, possesses certain weaknesses related to most of the security properties initially required in protocol design: tag information leakage, tag location tracking, and forward traceability. Moreover, the secret update protocol is not immune to de-synchronization attacks.     

供应链环境下的RFID标签所有权转换方案

针对供应链环境中存在的企业数据安全问题,提出了一个供应链环境下的RFID标签所有权转换方案.该方案由标签通信协议和标签所有权转换协议两部分组成.当标签处于节点实体内部时,对标签进行查询认证,保证了通信的安全.当标签在节点实体间进行所有权转换时,执行所有权转换协议,通过标签密钥的更新保护了新所有者的安全隐私.该方案满足供应链的可视性需求,可以抵抗内部攻击,具有较好的通信健壮性,且通信成本较低,具有一定的可行性.     

基于ECC的支持标签所有权转移的RFID认证协议

针对射频识别（RFID）标签认证及其所有权转移过程的隐私泄露等安全问题,以及认证协议通常与标签所有权转移协议单独设计的现状,基于支持椭圆曲线加密（ECC）的标签,提出了一个适用于开放环境的兼具标签认证和所有权转移的协议。该协议结构类似于Diffie-Hellman密钥交换算法结构,协议的标签隐私保护基于椭圆曲线上的计算性Diffie-Hellman问题的难解性。经证明,该协议满足标签隐私保护要求及认证协议的其他安全需求。与近年来其他基于标签支持ECC的RFID认证协议相比,从支持标签所有权转移、标签计算开销、协议通信开销和标签隐私保护等多方面综合评估,所提出的认证协议优于对比协议。另外,针对较安全的应用场合,给出了阅读器单向认证标签的简化版协议。     

基于循转函数的RFID标签所有权转移协议

针对现有无线射频识别低成本无源标签在其生命周期中所有权不断转移的安全性问题,设计了一种新的基于循转函数的RFID标签所有权转移协议。在随机预言机模型下,定义标签所有权转移攻击模型、安全模型,利用攻击游戏证明协议的安全性。协议设计了完整三方认证过程,利用循转函数算法、交叉位运算以及二次剩余算法等加密通信数据并实现轻量级标准,而后新所有者和标签之间秘密信息的二次同步更新机制,保证了协议的前、后向隐私安全。最后给出多协议之间的标签计算量、通信量、存储量成本对比,表明协议满足安全、低成本特性。     

基于混沌加密的轻量级RFID所有权转移协议

针对RFID系统在其生命周期内所有权转移的安全问题,提出一种基于混沌加密的轻量级RFID所有权转移协议（CELOTP）。采用实现代价低和随机性强的Arnold cat混沌映射产生密钥序列,提高加密的安全性。采用动态刷新随机函数来降低标签成本和保持通信过程的新鲜性。采用挑战响应机制,利用Flag标志位来表示所有权的归属,提高了协议通信的安全性。通过BAN逻辑形式化证明了协议的安全性。安全性分析和性能分析表明该协议不仅满足标签所有权转移的安全需要,而且成本较低,适用于低成本的RFID系统。     

基于二次剩余的RFID标签所有权动态转移协议*

针对现有无线射频识别(RFID)标签所有权转移协议在安全和成本方面的漏洞与不足,设计了一种基于二次剩余的RFID标签所有权动态转移协议。协议在双向认证安全框架下,引入二次剩余算法,增加系统稳定性;在原数据库认证识别过程中加入随机数查重验证机制,避免协议遭受重放、去同步化和拒绝服务等攻击行为;所有权转移后,新数据库利用随机数的新鲜性动态生成与标签之间认证所需的新密钥信息,降低系统原始存储成本,扩大系统应用范围;最后,分析协议在多种恶意攻击情况下的安全性以及性能对比,表明新协议具有较低的成本和较高的安全性。     

基于共享密钥的超轻量RFID标签所有权转移协议

针对无线射频识别（RFID）标签所有权转移存在的效率、成本和安全问题,提出一种基于共享密钥的超轻量RFID标签所有权转移协议。采用[Cro(X,Y)]交叉位运算、XOR异或与[Rot(X,Y)]循环移位运算相结合的方法对传输信息加密,达到超轻量级别;通过标签和读写器端共享密钥来加密信息,减少信息的引入与存储,降低标签成本;利用随机数动态更新和Flag哨兵位不可逆机制,来抵抗去同步化、拒绝服务等常见攻击。并基于GNY逻辑对协议进行形式化证明。最后通过安全与性能分析,表明协议具有高效率、低成本、高安全的特点。     

RFID安全认证协议综述

在物联网发展中,RFID技术以其轻量化的优势在物联网体系中占据重要地位。同时,RFID安全认证协议也因物理条件限制受到安全威胁。首先,通过对现行主流RFID安全认证协议进行梳理,按加密算法的量级将其划分为超轻量级、轻量级、中量级和重量级安全认证协议;然后,对其中典型的安全认证协议存在的安全问题进行分析,对近年来提出的改进协议安全性能及性能指标按量级进行讨论比较;最后,探讨了RFID安全认证协议可能的发展方向。     

基于PUF的开环RFID所有权转移协议

本文主要针对在供应链的交接过程中,标签在转移时的安全隐私和转移效率低的问题。为了针对低成本标签的安全与隐私问题,采用物理不可克隆函数（Physical Unclonable Function,PUF）和随机数等作为加密机制;为了抵御内部读写器攻击,使用伪随机数随时更新;采用PUF来保护标签的暴力攻击,将PUF和随机数结合实现标签的匿名和不可被追踪性;采用Rabin算法实现加密;采用Vaudenay模型来证明所有权转移的安全与隐私性。仿真结果表明,所有权转移时间降低,加快所有权转移的速度,提高供应链交接的效率。     

一种新的所有权可转移的RFID认证协议

标签在其生命周期内的所有权可转移是某些RFID应用的重要特点。在所有权转移的之后,应该保证新旧所有者不能利用自己掌握的当前或过往信息对另一方进行跟踪或者获得对方的秘密信息。提出了一种新的所有权可转移的RFID认证协议,仅需三步即可实现标签所有权的全部转移。还对新方案的安全性进行了严格的形式化证明。     

一种改进的满足后向安全的RFID双向认证协议

针对在物联网应用中,现有的RFID双向认证协议存在认证效率低和安全隐患等问题,提出了一种满足后向安全的RFID双向认证协议,采用随机数使标签保持信息的新鲜性,从而实现标签与阅读器之间的双向认证;通过Rabin加密算法的运算单向性,来解决同步以及后向安全的问题;并采用BAN逻辑方法对协议进行了形式化证明。该协议与现有的此类安全认证协议进行安全性和成本比较,结果表明该协议不仅具有防跟踪、抗暴力破解、防重放攻击等特点,而且还可以实现双向认证,同时因为门电路的减少,使得成本下降,适用于低成本的RFID系统。     

低成本RFID搜索协议的设计与安全性证明

RFID(无线射频识别)搜索协议作为RFID领域的一种新兴协议存在着标签成本高以及易遭受攻击等问题.针对于此,着重从降低标签成本和提高安全性角度,通过在协议的整个过程中完全采用伪随机函数、引用秘密信息更新机制和增加搜索标志位机制的方法,设计了一个所需标签成本较低的RFID搜索协议,并在通用可组合(UC)模型下对其安全性进行了形式化证明,指出该协议是UC安全的,实现了机密性、匿名性、不可追踪性、防窃听、防重放、并发安全等安全特性.     

Secure multiple group ownership transfer protocol for mobile RFID

With the combination of mobile devices and readers in recent years, mobile Radio Frequency Identification (RFID) systems have been widely deployed in mobile identification. E-commerce, for instance, has applied many of mobile RFID’s deriving services, one of which is the transfer of a tagged item’s ownership in supply chains. However, current tag ownership transfer protocols can only transfer one tag at a time. For example, Yang et al.’s Secure Ownership Transfer Protocol is designed for low-cost lightweight RFID tags but it can only do one tag a time. For this reason, we propose a secure RFID protocol for group ownership transfer. We can transfer group(s) of tags’ ownership in one attempt. Since the two supplicants involved in ownership transfer are usually under different servers’ authorities, our protocol is designed to allow authority-crossing ownership transfer in a mobile RFID environment. Besides, it is able to assign its transfer targets and to secure against most RFID attacks.     

Multi-tag and multi-owner RFID ownership transfer in supply chains

In any supply chain, there is a high likelihood for individual objects to change ownership at least once in their lifetime. As RFID tags enter the supply chain, these RFID-tagged objects should ideally be able to seamlessly accommodate ownership transfer issues while also accomplishing their primary intended purpose. Physical ownership transfer does not translate to strict ownership transfer in the presence of RFID tags given the wireless nature of communication with these tags. Moreover, whereas existing protocols implicitly assume a single tag that is owned by a single entity, it is not uncommon to encounter scenarios where tag ownership is shared among multiple entities. A dual of this is the case of an object with multiple tags. We consider ownership transfer scenarios for shared ownership transfer and single object with multiple RFID tags. In the multiple-tagged object case, we consider the possibility where objects gain and lose tags over time. We also present a protocol for simultaneous transfer of ownership of multiple tags between owners. Since ownership transfer without a trusted third party (TTP) is difficult to achieve, we propose a shared ownership sharing protocol and evaluate its properties.     

Scalable landmark recognition using EXTENT

We have proposed the EXTENT system for automated photograph annotation using image content and context analysis. A key component of EXTENT is a Landmark recognition system called LandMarker. In this paper, we present the architecture of LandMarker. The content of a query photograph is analyzed and compared against a database of sample landmark images, to recognize any landmarks it contains. An algorithm is presented for comparing a query image with a sample image. Context information may be used to assist landmark recognition. Also, we show how LandMarker deals with scalability to allow recognition of a large number of landmarks. We have implemented a prototype of the system, and present empirical results on a large dataset.

可扩展的MAODV协议

随着近年来人们对移动Ad hoc网络和多播兴趣的日益增加,出现了许多适用于MANET上的多播路由协议.该文综述了这些移动Ad hoc网络上的多播协议,介绍了MAODV协议,提出了一种新的多播路由可扩展性解决方案.模拟结果显示,采用提出的技术增强了多播路由协议的性能和可扩展性.     

Exploring Linked Data with contextual tag clouds

In this paper we present the contextual tag cloud system: a novel application that helps users explore a large scale RDF dataset. Unlike folksonomy tags used in most traditional tag clouds, the tags in our system are ontological terms (classes and properties), and a user can construct a context with a set of tags that defines a subset of instances. Then in the contextual tag cloud, the font size of each tag depends on the number of instances that are associated with that tag and all tags in the context. Each contextual tag cloud serves as a summary of the distribution of relevant data, and by changing the context, the user can quickly gain an understanding of patterns in the data. Furthermore, the user can choose to include RDFS taxonomic and/or domain/range entailment in the calculations of tag sizes, thereby understanding the impact of semantics on the data. In this paper, we describe how the system can be used as a query building assistant, a data explorer for casual users, or a diagnosis tool for data providers. To resolve the key challenge of how to scale to Linked Data, we combine a scalable preprocessing approach with a specially-constructed inverted index, use three approaches to prune unnecessary counts for faster online computations, and design a paging and streaming interface. Together, these techniques enable a responsive system that in particular holds a dataset with more than 1.4 billion triples and over 380,000 tags. Via experimentation, we show how much our design choices benefit the responsiveness of our system.     

RFID security

Radio Frequency Identification (RFID) systems have become popular for automated identification and supply chain applications. This article describes the technical fundamentals of RFID systems and the associated standards. Specifically, we address the security and privacy aspects of this relatively new and heterogeneous radio technology. We discuss the related security requirements, the threats and the implemented mechanisms. Then the current security and privacy proposals and their enhancements are presented. Finally we discuss the role of this technology in Ubiquitous Computing.