A Lightweight Authentication Protocol for Low-Cost RFID

As low-cost RFIDs with limited resources will dominate most of the RFID market, it is imperative to design lightweight RFID authentication protocols for these low-cost RFIDs. However, most of existing RFID authentication protocols either suffer from some security weaknesses or require costly operations that are not available on low-cost tags. In this paper, we analyze the security vulnerabilities of a lightweight authentication protocol recently proposed by Li et al. (2006), and then propose a new lightweight protocol to improve the security and to reduce the computational cost for identifying a tag from O(n) to O(1).     

Enhancing Privacy and Security of RFID System with Serverless Authentication and Search Protocols in Pervasive Environments

One of the recent realms that gathered attention of researchers is the security issues of Radio Frequency Identification (RFID) systems that have tradeoff between controlled costs and improved efficiency. Evolvement and benefits of RFID technology signifies that it can be low-cost, efficient and secured solution to many pervasive applications. But RFID technology will not intermingle into human lives until prevailing and flexible privacy mechanisms are conceived. However, ensuring strong privacy has been an enormous challenge due to extremely inadequate computational storage of typical RFID tags. So in order to relieve tags from responsibility, privacy protection and security assurance was guaranteed by central server. In this paper, we suggest serverless, forward secure and untraceable authentication protocol for RFID tags. This authentication protocol safeguards both tag and reader against almost all major attacks without the intervention of server. Though it is very critical to guarantee untraceability and scalability simultaneously, here we are proposing a scheme to make our protocol more scalable via ownership transfer. To the best of our knowledge this feature is incorporated in the serverless system for the first time in pervasive environments. One extension of RFID authentication is RFID tag searching, which has not been given much attention so far. But we firmly believe that in near future tag searching will be a significant issue RFID based pervasive systems. So in this paper we propose a serverless RFID tag searching protocol in pervasive environments. This protocol can search a particular tag efficiently without server’s intervention. Furthermore they are secured against major security threats.     

Security Enhanced RFID Authentication Protocols for Healthcare Environment

RFID technology, which is concerned as one of the core technologies of Internet of Things, has been widely deployed in healthcare environment and brings a lot of convenience for people’s daily life. However, the security and privacy challenges of RFID authentication protocols are receiving more and more attention. One of the problems is that the current RFID protocols usually use a backend server to store the detailed information of tagged objects, which may lead to the issue of information leakage if the server is hacked or attacked by the adversary. To address this challenge, in this paper, we propose a security enhanced RFID authentication protocol for healthcare environment using the technique of indistinguishability obfuscation, which prevents the leakage of sensitive data from the backend server. Meanwhile, we extend the protocol to fit for the scenario of cloud environment where the tags’ information is stored in the cloud server. To our knowledge, our protocols are the first applications of indistinguishability obfuscation in the field of RFID authentication system. Moreover, our protocols are scalable and practical, and they are analyzed to achieve most of the security properties of the RFID system.

     

ITPMAP: An Improved Three-Pass Mutual Authentication Protocol for Secure RFID Systems

Radio frequency identification (RFID) is a wireless technology used in various applications to minimize the complexity of everyday life. However, it opens a large number of security and privacy issues that require to be addressed before its successful deployment. Many RFID authentication protocols are proposed in recent years to address security and privacy issues, and most of them are based on lightweight cryptographic techniques such as pseudo-random number generators (PRNGs), or bitwise logical operations. However, the existing RFID authentication protocols suffer from security weaknesses, and cannot solve most of the security and privacy problems. A new solution is necessary to address security and privacy issues. In this paper, an improved three-pass mutual authentication protocol (ITPMAP) for low-cost RFID tags is proposed to offer an adequate security level for RFID systems. The proposed ITPMAP protocol uses one PRNG on the tag side and heavy-weighted cryptographic techniques (i.e., digital signature and password-based encryption schemes) on the back-end server side instead of lightweight cryptographic techniques to address the security and privacy issues. The ITPMAP protocol is secure against various attacks such as cloning, spoofing, replay, and desynchronization attacks. Furthermore, as a proof of concept, the ITPMAP protocol is adopted to propose the design of three real-life RFID systems; namely: Signing and Verification of Graduation Certificate System, issuing and verification of e-ticketing system, and charging and discharging of prepaid card system. The Unified Modeling Language is used to demonstrate the design of the proposed ITPMAP protocol and systems. Java language is used for the implementation of the proposed systems. In addition, the “Mifare Classic” tags and readers are used as RFID apparatuses for the proposed systems.     

Review of different classes of RFID authentication protocols

Radio-frequency identification (RFID) is an up-and-coming technology. The major limitations of RFID technology are security and privacy concerns. Many methods, including encryption, authentication and hardware techniques, have been presented to overcome security and privacy problems. This paper focuses on authentication protocols. The combination of RFID technology being popular but unsecure has led to an influx of mutual authentication protocols. Authentication protocols are classified as being fully fledged, simple, lightweight or ultra-lightweight. Since 2002, much important research and many protocols have been presented, with some of the protocols requiring further development. The present paper reviews in detail recently proposed RFID mutual authentication protocols, according to the classes of the authentication protocols. The protocols were compared mainly in terms of security, the technique that they are based on, protocols that the presented protocol has been compared with, and finally, the method of verifying the protocol. Important points of the comparisons were collected in two tables.

     

一种基于散列函数的RFID安全认证方法

RFID系统中有限的标签芯片资源,导致数据与信息的安全成为RFID系统的重要问题之一,散列函数的单向性为RFID的识别和认证提供了一种既可靠又有效的途径.在分析了现有几种典型散列认证协议的基础上,提出了一种新的基于散列函数的安全认证协议.本协议旨在解决手持式、无线连接的RFID阅读器与标签、服务器间的识别,利用散列函数实现服务器、阅读器以及电子标签三者之间的相互认证.经过安全性与性能的分析,新协议在采用较小的存储空间和较低的运算开销的情况下,可抵抗已知的大多数攻击,有效地保证了RFID系统中数据和隐私的安全,实现了终端与服务器间的双向认证和匿名认证,非常适合于在大型分布式系统中使用.     

Untraceability Analysis of Two RFID Authentication Protocols

With the development of Radio frequency identification (RFID) technologies,theoretical study on the protocol's design promotes the increasing reality applications of this product.The protocol designers attach significance to untraceability analysis on key-update RFID authentication protocols.This paper analyzes two RFID authentication protocols in terms of forward untraceability and backward untraceability,which are two necessary conditions for key-update RFID protocols and ownership transfer protocols.This paper introduces impersonation attacks as well as desynchronization attacks to two protocols.This paper presents two enhanced protocols,which can achieve forward untraceability and backward untraceability privacy.This paper shows the outstanding efficiency and security properties of two improved schemes through detailed analysis and comparisons.     

Keyless Security in Wireless Networks

Security and privacy issues in RFID technology gain tremendous popularity recently. However, existing work on RFID authentication problems always make assumptions such as (1) hash function can be fully employed in designing RFID protocols; (2) channels between readers and server are always secure. The first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be directly adopted in mobile RFID applications where wireless channels between readers and server are always insecure. To solve these problems, in this paper, we propose a novel ultralightweight and privacy-preserving authentication protocol for mobile RFID systems. We only use bitwise XOR, and several special constructed pseudo-random number generators to achieve our aims in the insecure mobile RFID environment. We use GNY logic to prove the security correctness of our proposed protocol. The security and privacy analysis show that our protocol can provide several privacy properties and avoid suffering from a number of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare several parameters with existing work, the evaluation results indicate us that our protocol significantly improves the system performance.     

Security analysis of two lightweight RFID authentication protocols

One of the key problems in radio frequency identification (RFID) is security and privacy. Many RFID authentication protocols have been proposed to preserve security and privacy of the system. Nevertheless, most of these protocols are analyzed and it is shown that they cannot provide security against some RFID attacks. Strong authentication and strong integrity (SASI) is the first ultra-lightweight authentication protocol introduced rotation shift operation and RFID authentication protocol with permutation (RAPP) is a new ultra-lightweight authentication protocol with permutation. In this paper, we give the security analysis on these two protocols. An active attack is presented on RAPP, and using the property of the left rotation and permutation operations, we can deduce the relationship of bits of random number or secret keys at different positions, thus obtain all the secrets shared by the reader and the tag. A passive full-disclosure attack is proposed on SASI. Using SASI’s construction weakness, our attack can reveal all the secrets shared by the reader and tag by eavesdropping about 48 rounds of the authentication messages.     

一种RFID标签信息安全传输协议

针对在射频识别（RFID）标签资源受限条件下的标签信息安全传输与隐私保护问题,提出了一种能够实现对RFID标签信息安全传输的协议,该协议能够实现后端数据管理系统对读写器和标签的认证,以及实现密钥的分发,实现标签数据的安全传输。然后采用形式化分析的方法,对该协议进行了分析,分析了其具有的安全属性、抗攻击属性以及其他属性。最后对该协议与传统基于Hash机制的多种协议进行了分析比较,分析结果认为,该协议具有比传统基于Hash机制的协议具有更多的安全属性和抗攻击属性,同时具有适度的运算量,能够满足现有很多场合的应用条件。     

Scalability and Security Conflict for RFID Authentication Protocols

RFID technology continues to flourish as an inherent part of virtually every ubiquitous environment. However, it became clear that the public—implying the industry—seriously needs mechanisms emerging the security and privacy issues for increasing RFID applications. As the nodes of RFID systems mostly suffer from low computational power and small memory size, various attempts which propose to implement the existing security primitives and protocols, have ignored the realm of the cost limitations and failed. In this study, two recently proposed protocols—SSM and LRMAP—claiming to meet the standard privacy and security requirements are analyzed. The design of both protocols based on defining states where the server authenticates the tag in constant time in a more frequent normal state and needs a linear search in a rare abnormal states. Although both protocols claim to provide untraceability criteria in their design objectives, we outline a generic attack that both protocols failed to fulfill this claim. Moreover, we showed that the SSM protocol is vulnerable to a desynchronization attack which prevents a server from authenticating a legitimate tag. Resultantly, we conclude that defining computationally unbalanced tag states yields to a security/scalability conflict for RFID authentication protocols.     

Security and Privacy Analysis of Song–Mitchell RFID Authentication Protocol

Many applications, such as e-passport, e-health, credit cards, and personal devices that utilize Radio frequency Identification (RFID) devices for authentication require strict security and privacy. However, RFID tags suffer from some inherent weaknesses due to restricted hardware capabilities and are vulnerable to eavesdropping, interception, or modification. The synchronization and untraceability characteristics are the major determinants of RFID authentication protocols. They are strongly related to privacy of tags and availability, respectively. In this paper, we analyze a new lightweight RFID authentication protocol, Song and Mitchell, in terms of privacy and security. We prove that not only is the scheme vulnerable to desynchronization attack, but it suffers from traceability and backward traceability as well. Finally, our improved scheme is proposed which can prevent aforementioned attacks.     

一种符合EPC C1G2标准的RFID随机化密钥双向认证协议

RFID系统已广泛地应用于自动识别领域等,但RFID系统也给使用者的隐私和安全带来新的威胁.现有已提出的安全协议方案,基本上都存在着某种安全隐患或不符合EPC ClG2(electronicproduct code class1 generation2)标准要求,无法成为实际可用的RFID系统安全机制,本文在介绍了两种符合EPC ClG2标准的安全协议并分析其存在的弱点后,提出一种新的设计方案--随机化密钥双向认证协议,并分析其安全性能.     

一种基于零知识证明的RFID鉴别协议

电子标签将取代条码的地位,但由于低成本的电子标签只具有很弱的计算能力,甚至不能完成基本的对称密钥加密操作,为其提供安全性存在一定困难。讨论了在射频识别(RFID)技术中存在的安全性风险,指出了应用身份鉴别协议的必要性,分析了目前广泛应用的两种鉴别体制的缺陷,提出了一种适合于RFID技术的基于零知识证明的鉴别协议,并对其进行了验证和性能分析。     

Revised anonymous authentication protocol for adaptive client‐server infrastructure

Rapid evolution in information and communication technologies has facilitated us to experience mobile communication in our daily routine. Mobile user can only avail the services from the server, once he/she is able to accomplish authentication process successfully. In the recent past, several researchers have contributed diverse authentication protocols for mobile client‐server environment. Currently, Lu et al designed two‐factor protocol for authenticating mobile client and server to exchange key between them. Lu et al emphasized that their scheme not only offers invincibility against potential security threats but also offers anonymity. Although this article reveals the facts that their protocol is vulnerable against client and server impersonation, man‐in‐the‐middle, server key breach, anonymity violation, client traceability, and session‐specific temporary attacks, therefore, we have enhanced their protocol to mitigate the above mention vulnerabilities. The enhanced protocol's security strength is evaluated through formal and informal security analysis. The security analysis and performance comparison endorses the fact that our protocol is able to offer more security with least possible computation complexity.     

基于动态共享密钥的移动RFID双向认证协议

针对移动无线射频识别认证协议面临的身份认证和隐私保护、动态密钥安全更新和去同步化攻击问题,提出一种可动态更新共享密钥的移动RFID双向认证协议.协议基于Hash密码机制,利用随机数同时进行密钥安全更新和身份认证,并采用对分表存储的当前和历史共享密钥进行动态添加和删除的方法,保留最后一次合法认证后的一致共享密钥.安全性能分析与效率分析表明,该协议能够实现动态密钥安全更新和身份认证、能够在遭受去同步化攻击后保证密钥同步,且具有较强的计算和存储性能.通过和同类RFID认证协议比较,协议弥补了同类RFID协议存在的不足,适用于被动式标签数量庞大的RFID系统.     

Simulation-Based Traceability Analysis of RFID Authentication Protocols

Nowadays low-cost RFID systems have moved from obscurity into mainstream applications which cause growing security and privacy concerns. The lightweight cryptographic primitives and authentication protocols are indispensable requirements for these devices to grow pervasive. In recent years, there has been an increasing interest in intuitive analysis of RFID protocols. This concept has recently been challenged by formal privacy models. This paper investigates how to analyse and solve privacy problems in formal model. First, we highlight some vague drawbacks especially in forward and backward traceability analysis and extend it in the simulation-based privacy model family. Then, the privacy weaknesses of three new-found RFID authentication protocols are analysed in formal privacy models and three improved protocols are proposed to prevent the aforementioned attacks.     

RFID认证协议研究

Secure and private authentication protocol is important in Radio Frequency Identification (RFID) technology. To date, researchers have proposed many RFID authentication protocols. However, these protocols have many flaws due to lack of theoretical support in designing these protocols. In this work, first we present the security and privacy requirements in RFID authentication protocols. Then we examine related works and point out problems in designing RFID authentication protocols. To solve these problems, we propose and briefly prove three theorems. We also give necessary examples for better understanding these theorems with concrete protocols. At last, we give our suggestions on designing secure and private authentication protocols. The security and privacy requirements, theorems, and suggestions will facilitate better understanding and designing of RFID authentication protocols in the future.     

一种轻量级隐私保护的RFID群组证明协议

设计高效安全的群组证明协议有利于RFID(Radio Frequency Identification)系统的广泛应用.本文提出了一种轻量级隐私保护的RFID群组证明协议LPGP(Lightweight Privacy-Preserving Grouping Proof),LPGP协议只使用计算复杂度比较小的伪随机发生器和散列运算来提高协议的运行效率,并且LPGP协议具有认证性、隐私性和可证明安全性,满足了RFID系统群组证明协议的安全性要求.与现有的群组证明协议相比,LPGP协议的标签只需较小的计算复杂度和存储空间,具有较高的效率.