A Lightweight Authentication Protocol for Low-Cost RFID

As low-cost RFIDs with limited resources will dominate most of the RFID market, it is imperative to design lightweight RFID authentication protocols for these low-cost RFIDs. However, most of existing RFID authentication protocols either suffer from some security weaknesses or require costly operations that are not available on low-cost tags. In this paper, we analyze the security vulnerabilities of a lightweight authentication protocol recently proposed by Li et al. (2006), and then propose a new lightweight protocol to improve the security and to reduce the computational cost for identifying a tag from O(n) to O(1).     

A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems

In this paper we propose a novel approach to authentication and privacy in mobile RFID systems based on quadratic residues and in conformance to EPC Class-1 Gen-2 specifications. Recently, Chen et al. (2008) [10] and Yeh et al. (2011) [11] have both proposed authentication schemes for RFID systems based on quadratic residues. However, these schemes are not suitable for implementation on low-cost passive RFID tags as they require the implementation of hash functions on the tags. Consequently, both of these current methods do not conform to the EPC Class-1 Gen-2 standard for passive RFID tags which from a security perspective requires tags to only implement cyclic redundancy checks (CRC) and pseudo-random number generators (PRNG) leaving about 2.5k–5k gates available for any other security operations. Further, due to secure channel assumptions both schemes are not suited for mobile/wireless reader applications. We present the collaborative authentication scheme suitable for mobile/wireless reader RFID systems where the security of the server–reader channel cannot be guaranteed. Our schemes achieves authentication of the tag, reader and back-end server in the RFID system and protects the privacy of the communication without the need for tags to implement expensive hash functions. Our scheme is the first quadratic residues based scheme to achieve compliance to EPC Class-1 Gen-2 specifications. Through detailed security analysis we show that the collaborative authentication scheme achieves the required security properties of tag anonymity, reader anonymity, reader privacy, tag untraceability and forward secrecy. In addition, it is resistant to replay, impersonation and desynchronisation attacks. We also show through strand space analysis that the proposed approach achieves the required properties of agreement, originality and secrecy between the tag and the server.     

可证明安全的RFID标签所有权转移协议

随着物品所有权的转移,其上附着的RFID标签的所有权也需要转移。安全和隐私问题是标签所有权转移过程中需要研究的重点问题。在通用可组合框架下,形式化定义了RFID标签所有权转移的理想函数。提出了一个新的轻量级RFID标签所有权转移协议,并证明了该协议安全地实现了所定义的理想函数,即具有双向认证、标签匿名性、抗异步攻击、后向隐私保护和前向隐私保护等安全属性。与已有的RFID标签所有权转移协议相比,新协议中RFID标签的计算复杂度和存储空间需求都较低,并且与新旧所有者的交互较少,能够更加高效地实现低成本标签的所有权转移。     

Enhancing Privacy and Security of RFID System with Serverless Authentication and Search Protocols in Pervasive Environments

One of the recent realms that gathered attention of researchers is the security issues of Radio Frequency Identification (RFID) systems that have tradeoff between controlled costs and improved efficiency. Evolvement and benefits of RFID technology signifies that it can be low-cost, efficient and secured solution to many pervasive applications. But RFID technology will not intermingle into human lives until prevailing and flexible privacy mechanisms are conceived. However, ensuring strong privacy has been an enormous challenge due to extremely inadequate computational storage of typical RFID tags. So in order to relieve tags from responsibility, privacy protection and security assurance was guaranteed by central server. In this paper, we suggest serverless, forward secure and untraceable authentication protocol for RFID tags. This authentication protocol safeguards both tag and reader against almost all major attacks without the intervention of server. Though it is very critical to guarantee untraceability and scalability simultaneously, here we are proposing a scheme to make our protocol more scalable via ownership transfer. To the best of our knowledge this feature is incorporated in the serverless system for the first time in pervasive environments. One extension of RFID authentication is RFID tag searching, which has not been given much attention so far. But we firmly believe that in near future tag searching will be a significant issue RFID based pervasive systems. So in this paper we propose a serverless RFID tag searching protocol in pervasive environments. This protocol can search a particular tag efficiently without server’s intervention. Furthermore they are secured against major security threats.     

一种基于散列函数的RFID安全认证方法

RFID系统中有限的标签芯片资源,导致数据与信息的安全成为RFID系统的重要问题之一,散列函数的单向性为RFID的识别和认证提供了一种既可靠又有效的途径.在分析了现有几种典型散列认证协议的基础上,提出了一种新的基于散列函数的安全认证协议.本协议旨在解决手持式、无线连接的RFID阅读器与标签、服务器间的识别,利用散列函数实现服务器、阅读器以及电子标签三者之间的相互认证.经过安全性与性能的分析,新协议在采用较小的存储空间和较低的运算开销的情况下,可抵抗已知的大多数攻击,有效地保证了RFID系统中数据和隐私的安全,实现了终端与服务器间的双向认证和匿名认证,非常适合于在大型分布式系统中使用.     

A New Scalable Lightweight Grouping Proof Protocol for RFID systems

Radio-frequency Identification (RFID) grouping proof protocol is widely used in medical healthcare industry, transportation industry, crime forensics and so on,it is a research focus in the field of information security. The RFID grouping proof protocol is to prove that some tags belong to the same group and exist simultaneously. To improve the applicability of the RFID grouping proof protocol in low cost tag applications, this paper proposes a new scalable lightweight RFID grouping proof protocol. Tags in the proposed protocol only generate pseudorandom numbers and execute exclusive-or(XOR) operations. An anti-collision algorithm based on adaptive 4-ary pruning query tree (A4PQT) is used to identify the response message of tags. Updates to secret information in tags are kept synchronized with the verifier during the entire grouping proof process. Based on these innovations, the proposed protocol resolves the scalability issue for low-cost tag systems and improves the efficiency and security of the authentication that is generated by the grouping proof. Compared with other state-of-the art protocols, it is shows that the proposed protocol requires lower tag-side computational complexity, thereby achieving an effective balance between protocol security and efficiency.     

ECC-Based RFID Authentication Protocol

The radio frequency identification (RFID) technology has been widely used so far in industrial and commercial applications. To develop the RFID tags that support elliptic curve cryptography (ECC), we propose a scalable and mutual authentication protocol based on ECC. We also suggest a tag privacy model that provides adversaries exhibiting strong abilities to attack a tag’s privacy. We prove that the proposed protocol preserves privacy under the privacy model and that it meets general security requirements. Compared with other recent ECC-based RFID authentication protocols, our protocol provides tag privacy and performs the best under comprehensive evaluation of tag privacy, tag computation cost, and communications cost.     

基于ISO18000-6C标准的RFID认证协议

RFID技术应用越来越广,给人们带来便利的同时安全和隐私问题也相随而生,如何提高RFID系统的安全防范能力已成为该领域的重点研究方向。许多研究者提出了基于RFID空中接口通信的认证协议,但复杂的算法难以适用于符合ISO18000-6C标准的电子标签。论文根据ISO18000-6C标准提出了一种新的适合低成本标签的认证协议,为RFID安全提供了一套解决方案。     

Keyless Security in Wireless Networks

Security and privacy issues in RFID technology gain tremendous popularity recently. However, existing work on RFID authentication problems always make assumptions such as (1) hash function can be fully employed in designing RFID protocols; (2) channels between readers and server are always secure. The first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be directly adopted in mobile RFID applications where wireless channels between readers and server are always insecure. To solve these problems, in this paper, we propose a novel ultralightweight and privacy-preserving authentication protocol for mobile RFID systems. We only use bitwise XOR, and several special constructed pseudo-random number generators to achieve our aims in the insecure mobile RFID environment. We use GNY logic to prove the security correctness of our proposed protocol. The security and privacy analysis show that our protocol can provide several privacy properties and avoid suffering from a number of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare several parameters with existing work, the evaluation results indicate us that our protocol significantly improves the system performance.     

ITPMAP: An Improved Three-Pass Mutual Authentication Protocol for Secure RFID Systems

Radio frequency identification (RFID) is a wireless technology used in various applications to minimize the complexity of everyday life. However, it opens a large number of security and privacy issues that require to be addressed before its successful deployment. Many RFID authentication protocols are proposed in recent years to address security and privacy issues, and most of them are based on lightweight cryptographic techniques such as pseudo-random number generators (PRNGs), or bitwise logical operations. However, the existing RFID authentication protocols suffer from security weaknesses, and cannot solve most of the security and privacy problems. A new solution is necessary to address security and privacy issues. In this paper, an improved three-pass mutual authentication protocol (ITPMAP) for low-cost RFID tags is proposed to offer an adequate security level for RFID systems. The proposed ITPMAP protocol uses one PRNG on the tag side and heavy-weighted cryptographic techniques (i.e., digital signature and password-based encryption schemes) on the back-end server side instead of lightweight cryptographic techniques to address the security and privacy issues. The ITPMAP protocol is secure against various attacks such as cloning, spoofing, replay, and desynchronization attacks. Furthermore, as a proof of concept, the ITPMAP protocol is adopted to propose the design of three real-life RFID systems; namely: Signing and Verification of Graduation Certificate System, issuing and verification of e-ticketing system, and charging and discharging of prepaid card system. The Unified Modeling Language is used to demonstrate the design of the proposed ITPMAP protocol and systems. Java language is used for the implementation of the proposed systems. In addition, the “Mifare Classic” tags and readers are used as RFID apparatuses for the proposed systems.     

Low Cost RFID Security Protocol Based on Rabin Symmetric Encryption Algorithm

Research shows that heavy-weighted RFID authentication protocol is weak to adapt to low-cost RFID tags because of the usage of public key Encryption Algorithm. The lightweight authentication protocol is suitable for low-cost RFID security authentication protocol because it adopts only the operation of AND, OR, XOR and shift, etc., but is hard to resist complex attacks. In this article, we use the features of the Rabin public key cryptography algorithm, which verifies that the signature process requires only low-cost square multiplication and modulo operations. Based on this, an RFID security authentication protocol with Rabin encryption algorithm is designed. The protocol improves the security of low-cost RFID tags to the height of the public key cryptosystem, and greatly increasing the security of low-cost RFID.

     

基于动态共享密钥的移动RFID双向认证协议

针对移动无线射频识别认证协议面临的身份认证和隐私保护、动态密钥安全更新和去同步化攻击问题,提出一种可动态更新共享密钥的移动RFID双向认证协议.协议基于Hash密码机制,利用随机数同时进行密钥安全更新和身份认证,并采用对分表存储的当前和历史共享密钥进行动态添加和删除的方法,保留最后一次合法认证后的一致共享密钥.安全性能分析与效率分析表明,该协议能够实现动态密钥安全更新和身份认证、能够在遭受去同步化攻击后保证密钥同步,且具有较强的计算和存储性能.通过和同类RFID认证协议比较,协议弥补了同类RFID协议存在的不足,适用于被动式标签数量庞大的RFID系统.     

基于口令认证的RFID系统安全协议及其BAN逻辑分析

本文提出一种新的基于口令认证的RFID系统安全协议.该方法充分利用RFID低等级标签提供的有限资源:访问口令(PW)、标签的标识码(ID)和伪随机函数等建立RFID系统读写器和标签双向认证的安全协议,对该协议抵抗各种攻击的安全性进行理论分析并对该协议的认证功能进行BAN逻辑的形式化分析.结果表明该协议能够有效抵御在线和离线字典攻击、伪装攻击、重放攻击以及流量分析和跟踪攻击,因而解决了RFID系统的安全问题.     

Low-cost authentication protocol for passive,computation capable RFID tags

Authentication of products and humans is one of the major future applications of Radio Frequency IDentification (RFID) technology. None of the recent RFID technology related authentication approaches has been fully convincing. Either these schemes offer a low-level of security or they are vulnerable to Denial-of-Service attacks that keep the authentication system from proper functioning. Some schemes raise privacy and security concerns as they reveal confidential information about the RFID tag bearer and allow their world-wide tracking. In this paper, we present a novel cryptographic authentication protocol that fills the security holes imposed by RFID technology. Moreover, it provides significantly lower cost in terms of computational effort and communication than currently proposed protocols such as Mutual Authentication Protocol (MAP) and Yet Another Trivial Authentication Protocol\(^{*}\, (\hbox {YA-TRAP}^{*})\). We also present the implementation of our cryptographic authentication protocol on a real passive computation capable RFID tag known as Wireless Identification and Sensing Platform. The experimental results show that our protocol has double the rate of successful authentication as comapred to \(\hbox {YA-TRAP}^{*}\) and MAP. It also takes 33 % less time to authenticate.     

基于混沌序列的超高频RFID防碰撞及安全协议设计(英文)

Collision and security issues are considered as barriers to RFID applications.In this paper,a parallelizable anti-collision based on chaotic sequence combined dynamic frame slotted aloha to build a high-efficiency RFID system is proposed.In the tags parallelizable identification,we design a Discrete Markov process to analyze the success identification rate.Then a mutual authentication security protocol merging chaotic anti-collision is presented.The theoretical analysis and simulation results show that the proposed identification scheme has less than 45.1%of the identification time slots compared with the OVSF-system when the length of the chaos sequence is 31.The success identification rate of the proposed chaotic anti-collision can achieve 63%when the number of the tag is100.We test the energy consumption of the presented authentication protocol,which can simultaneously solve the anti-collision and security of the UHF RFID system.     

一种基于公钥的低成本RFID双向认证协议

基于目前资源消耗最少的RFID 公钥认证方案cryptoGPS 协议,提出了一种低成本双向认证协议,采用有效的密钥管理方法、改进的快速Rabin 加密算法、低汉明重量（LHW）模值以及轻量级流密码算法Grain V1,并设计使用新型低资源乘法器完成标签的大数模乘,在节省资源的同时克服了cryptoGPS 密钥管理不灵活和认证单向性的缺点。安全性分析和基于Design Complier平台Smic 0.25 μm工艺的仿真结果表明,该方案有足够的安全性且标签只需4 530个门即可完成双向认证,适用于资源受限的RFID系统。     

Security Problems in an RFID System

This paper focuses on the security and privacy threats being faced by the low-cost RFID communication system, the most challenging of which relate to eavesdropping, impersonation, and tag cloning problems. The security issues can be improved and solved by utilizing both prevention and detection strategies. Prevention technique is needed since it offers resistance capabilities toward eavesdroppers and impersonators. Detection technique is vital to minimize the negative effects of tag cloning threats. This paper proposes the use of both prevention and detection techniques to make RFID communication more secure. Lightweight cryptographic algorithm, which conforms to the EPC Class-1 Generation-2 standard, is used in the proposed mutual authentication protocol for RFID system to raise security levels. In addition, electronic fingerprinting system is deployed in the proposed solution as a detection method to distinguish counterfeit and legitimate tags.     

基于EPC C1G2的匿名双向认证协议研究

针对现有的EPC协议中的弱点,提出了一个基于EPC C1G2超高频RFID标签的隐私保护匿名双向认证协议。通过利用现有的EPC C1G2标签中已有的计算能力和存储空间,对协议执行流程进行了改进,使用可自动更新的索引号IDS来代替标签中原有的EPC码,解决了标签追踪和隐私保护问题。同时引入了轻量级的加密算法来加强标签和阅读器之间的双向交互认证过程。该协议可以有效抵御多种现有的RFID攻击。     

一种具有阅读器匿名功能的射频识别认证协议

在射频识别(RFID)的应用中,安全问题特别是用户隐私问题正日益凸显。因此,(用户)标签信息的隐私保护的需求越来越迫切。在RFID系统中,标签的隐私保护不仅是对外部攻击者,也应该包括阅读器。而现有许多文献提出的认证协议的安全仅针对外部攻击者,甚至在外部攻击者的不同攻击方法下也并不能完全保证安全。该文提出两个标签对阅读器匿名的认证协议:列表式RFID认证协议和密钥更新式RFID认证协议。这两个协议保证了阅读器对标签认证时,标签的信息不仅对外部攻击者是安全的而且对阅读器也保持匿名和不可追踪。相较于Armknecht等人提出的对阅读器匿名和不可追踪的认证协议,该文所提的协议不再需要增加第三方帮助来完成认证。并且密钥更新式RFID匿名认证协议还保证了撤销后的标签对阅读器也是匿名性和不可追踪的。     

一个针对低成本RFID标签的双向认证协议

文中提出了一种为低成本RFID标签设计的双向认证协议。分析RFID系统可能存在的安全和隐私威胁,包括重放、冒充、后向和前向跟踪、异步攻击和标签位置跟踪。该协议能够有效地防护以上攻击并且与相关方案具备更优的计算性能。