Tianjie Cao,Elisa Bertino,Hong Lei

DOI: https://doi.org/10.1109/tdsc.2008.32

2008-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The ultralightweight RFID protocols only involve simple bit-wise operations (like XOR, AND, OR, etc.) on tags. In this paper, we show that the ultralightweight strong authentication and strong integrity (SASI) protocol has two security vulnerabilities, namely denial-of-service (DoS) and anonymity tracing based on a compromised tag. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. The latter links a compromised tag with past actions performed on this tag.

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Hung-Min Sun,Wei-Chih Ting,King-Hang Wang

DOI: https://doi.org/10.1109/tdsc.2009.26

2009-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Security issues become more and more significant in RFID development. Recently, Chien proposed an ultralightweight RFID authentication protocol in order to achieve privacy and authenticity with limited computation and transmission resources. However, we find two desynchronization attacks to break the protocol. In order to repair the protocol, two patches that slightly modify the protocol are presented in the paper.

PENG Peng,ZHAO Yi-ming,HAN Wei-li,JIN Bo

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.16.047

2011-01-01

Abstract:This paper gives a Denial of Service(DoS) attack against the Gossamer protocol,and proposes a novel ultra-lightweight Radio Frequency Identification(RFID) reader-tag mutual authentication protocol.It analyzes the security and efficiency of the protocol,the results show that compared with the SASI protocol and the Gossamer Protocol,the proposed protocol is resistant to the DoS attack and algebra attack,and requires less storage capacity on tags,it is cheaper and securer.

Ahmed Qasim Abd Alhasan,Mohd Foad Rohani,Mohammed Sabri Abu-Ali

DOI: https://doi.org/10.1109/access.2024.3386100

IF: 3.9

2024-04-16

IEEE Access

Abstract:The most recent ultra-lightweight mutual authentication protocol (UMAP) adopts a mechanism for key updating to keep the security forward and backward. The back-end server updates the secret keys immediately after sending the final message. Certainly, an adversary can intercept the final messages so that the back-end server updates the secret keys while the RFID tag does not. The replay attack can send the last messages by continuing to render the back-end server and RFID tags unauthorized. The major problem faced by existing protocols, when using high cryptographic operations on low-cost RFID tags, requires more memory, and computational power makes them unusable for these types of tags. In addition, there are weaknesses in the design of the existing protocols that lead to the emergence of desynchronization, secret disclosure, and replay attacks. Therefore, this paper proposes the design and development of an ultra-lightweight mutual authentication protocol that overcomes the weaknesses in earlier protocols and builds by implementing the rotation operator, mechanism of the secret keys, T-function, and timestamp technique. The informal and formal analysis results using security protocol verification official tools (Scythe and AVISPA) show that the proposed protocol has the ability to prevent attacks, especially replay attacks. Experimental analyses of our protocol to measure the performance shows that the proposed protocol involves a lower overhead than previous protocols. The total execution time in milliseconds of the processes of the proposed protocol with the existing protocols is 0.031ms, and it achieves an average of 78.51% over other protocols. In addition, this paper provides a comparison with the most recent protocols on performance, privacy and security requirements. Our proposed protocol storage space requirement is lowest than the existing protocols, the cryptographic requirement is ultra-lightweight and efficient and shows that the communication messages for authentication in our protocol are lowest than existing protocols and our protocol fulfills the privacy and security requirements.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yun Tian,Gongliang Chen,Jianhua Li

DOI: https://doi.org/10.1109/lcomm.2012.031212.120237

IF: 3.5529

2012-01-01

IEEE Communications Letters

Abstract:One of the key problems in RFID is security and privacy. The implementation of authentication protocols is a flexible and effective way to solve this problem. This letter proposes a new ultralightweight RFID authentication protocol with permutation (RAPP). RAPP avoids using unbalanced OR and AND operations and introduces a new operation named permutation. The tags only involve three operations: bitwise XOR, left rotation and permutation. In addition, unlike other existing ultralightweight protocols, the last messages exchanged in RAPP are sent by the reader so as to resist de-synchronization attacks. Security analysis shows that RAPP achieves the functionalities of the authentication protocol and is resistant to various attacks. Performance evaluation illustrates that RAPP uses fewer resources on tags in terms of computation operation, storage requirement and communication cost.

LUO Zong-wei,ZHOU Shi-jie,Jenny Li

2007-01-01

Abstract:This article has a deep analysis on the potential danger of the Exclusive OR (XOR) and Hash chain based light weight Radio Frequency Edentification (RFID) security protocol brought by some articles. On the base of analysis, combining the traditional security schemes widely used in Internet or existing application systems and some light weight and resource-saving security mechanism, we enhance the lightweight RFID security protocol mentioning above and give a new light weight RFID security protocol. Special attention is focused on the deployment considerations for applying the protocol in real application to avoid the identified potential risk. Full consideration is given to the low cost demands for RFID tags, the power restrictions, and the non-resistant against physical tampering feature, which are common limitations in the RFID system.

Nasser Zarbi,Ali Zaeembashi,Nasour Bagheri,Morteza Adeli

DOI: https://doi.org/10.1049/cmu2.12794

IF: 1.345

2024-06-23

IET Communications

Abstract:Our article investigates the vulnerabilities of lightweight RFID authentication schemes, namely LRSAS+ and LRARP+, and proposes an enhanced version leveraging the χper function to address their weaknesses. Through formal analysis and comparison with contemporary systems, we demonstrate that the improved scheme achieves robust security while minimizing computational overhead, making it suitable for resource‐constrained environments. In present times, Radio‐Frequency Identification (RFID) systems have seen a significant rise in their usage. There has been an increasing interest in developing even lighter RFID protocols suitable for resource‐constrained environments. Ensuring security and privacy remain critical challenges in RFID‐based systems. Recently proposed lightweight authentication schemes, namely LRSAS+ and LRARP+, are ideally suited for constrained devices. However, this article investigates these schemes and reveals certain vulnerabilities: LRSAS+ is susceptible to tag impersonation, desynchronization, and traceability attacks, while LRARP+ can fall prey to traceability and secret disclosure attacks. An enhanced version of these authentication systems is proposed that tackles their inherent weaknesses by leveraging the χper function. To verify the security of the proposed scheme, a formal analysis is conducted using Gong–Needham–Yahalom logic (GNY logic) and an automated security protocol verification tool, ProVerif. The improved scheme's effectiveness is also compared with multiple contemporary lightweight systems. The results indicate that the enhanced scheme not only meets the security requirements for lightweight authentication schemes but also achieves this with minimal computational overhead.

engineering, electrical & electronic

Ning, Jianting

DOI: https://doi.org/10.1007/s12083-023-01471-3

IF: 3.488

2023-04-25

Peer-to-Peer Networking and Applications

Abstract:As one of the key identity authentication technologies in the Internet of Things (IoT), Radio Frequency Identification (RFID) technology has been widely adopted in various wireless communication fields. However, increasing security and privacy issues have been limiting the development of RFID system. Most of the existing RFID authentication protocols are vulnerable to many malicious attacks. Key updating is a common security mechanism in RFID authentication protocol, but the existing RFID authentication protocols using traditional key updating mechanism usually cannot resist against desynchronization attack. To address this issue, we present a new shared key updating method by using pseudo-random number generator (PRNG) with the seeds negotiated by tag and server. Moreover, a new bit flipping operation is proposed to reduce the computation cost of tag. On these basis, we design a lightweight RFID mutual authentication protocol SDRLAP based on double physical unclonable function (PUF) by using PRNG and bit flipping operation. Compared with most of the existing RFID authentication protocols with the traditional key updating mechanism, SDRLAP guarantees the security and privacy of RFID systems, and meanwhile has the obvious advantages in terms of computational cost, storage requirement and communication overhead.

computer science, information systems,telecommunications

Yongming Jin,Huiping Sun,Wei Xin,Song Luo,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-25243-3_6

2011-01-01

Abstract:The wide deployment of RFID systems has raised many concerns about the security and privacy. Many RFID authentication protocols are proposed for these low-cost RFID tags. However, most of existing RFID authentication protocols suffer from some feasible problems. In this paper, we first discuss the feasible problems that exist in some RFID authentication protocols. Then we propose a lightweight RFID mutual authentication protocol against these feasible problems. To the best of our knowledge, it is the first scalable RFID authentication protocol that based on the SQUASH scheme. The new protocol is lightweight and can provide the forward security. In every authentication session, the tag produces the random number and the response is fresh. It also prevents the asynchronization between the reader and the tag. Additionally, the new protocol is secure against such attacks as replay attack, denial of service attack, man-in-the-middle attack and so on. We also show that it requires less cost of computation and storage than other similar protocols.

Junyu Wang,Christian Floerkemeier,Sanjay E. Sarma

DOI: https://doi.org/10.1007/s00779-014-0788-x

2014-01-01

Personal and Ubiquitous Computing

Abstract:Radio frequency identification (RFID) is an important technique used for automatic identification and data capture. In recent years, low-cost RFID tags have been used in many open-loop applications beyond supply chain management, such as the tagging of the medicine, clothes, and belongings after the point of sales. At the same time, with the development of semiconductor industry, handheld terminals and mobile phones are becoming RFID-enabled. Unauthorized mobile RFID readers could be abused by the malicious hackers or curious common people. Even for authorized RFID readers, the ownership of the reader can be transferred and the owners of the authorized mobile reader may not be always reliable. The authorization and authentication of the mobile RFID readers need to take stronger security measures to address the privacy or security issues that may arise in the emerging open-loop applications. In this paper, the security demands of RFID tags in emerging open-loop applications are summarized, and two example protocols for authorization, authentication and key establishment based on symmetric cryptography are presented. The proposed protocols adopt a timed-session-based authorization scheme, and all reader-to-tag operations are authorized by a trusted third party using a newly defined class of timed sessions. The output of the tags is randomized to prevent unauthorized tracking of the RFID tags. An instance of the protocol A is implemented in 0.13-μm CMOS technology, and the functions are verified by field programmable gate array. The baseband consumes 44.0 μW under 1.08 V voltage and 1.92 MHz frequency, and it has 25,067 gate equivalents. The proposed protocols can successfully resist most security threats toward open-loop RFID systems except physical attacks. The timing and scalability of the two protocols are discussed in detail.

Hanguang Luo,Guangjun Wen,Jian Su,Zhong Huang

DOI: https://doi.org/10.1007/s11276-016-1323-y

IF: 2.701

2016-01-01

Wireless Networks

Abstract:Data security is crucial for a RFID system. Since the existing RFID mutual authentication protocols encounter the challenges such as security risks, poor performance, an ultra-lightweight authentication protocol named Succinct and Lightweight Authentication Protocol (SLAP) is proposed. SLAP is only composed of bitwise operations like XOR, left rotation and conversion which is easy to implement on a passive tag. The proposed conversion operation as the main security component guarantees the security of RFID system with the properties such as irreversibility, sensibility, full confusion and low complexity, which better performed or even absent in other previous protocols. Security analysis shows that SLAP guarantees the functionalities of mutual authentication as well as resistance to various attacks such as de-synchronization attack, replay attack and traceability attack, etc. Furthermore, performance evaluation also indicates that the proposed scheme outperforms the existing protocols in terms of less computation requirement and fewer communication messages during authentication process.

Pedro Peris-Lopez,Julio C. Hernandez-Castro,Christos Dimitrakakis,Aikaterini Mitrokotsa,Juan M. E. Tapiador

DOI: https://doi.org/10.48550/arXiv.0906.4618

2009-06-25

Cryptography and Security

Abstract:The vast majority of RFID authentication protocols assume the proximity between readers and tags due to the limited range of the radio channel. However, in real scenarios an intruder can be located between the prover (tag) and the verifier (reader) and trick this last one into thinking that the prover is in close proximity. This attack is generally known as a relay attack in which scope distance fraud, mafia fraud and terrorist attacks are included. Distance bounding protocols represent a promising countermeasure to hinder relay attacks. Several protocols have been proposed during the last years but vulnerabilities of major or minor relevance have been identified in most of them. In 2008, Kim et al. [1] proposed a new distance bounding protocol with the objective of being the best in terms of security, privacy, tag computational overhead and fault tolerance. In this paper, we analyze this protocol and we present a passive full disclosure attack, which allows an adversary to discover the long-term secret key of the tag. The presented attack is very relevant, since no security objectives are met in Kim et al.'s protocol. Then, design guidelines are introduced with the aim of facilitating protocol designers the stimulating task of designing secure and efficient schemes against relay attacks. Finally a new protocol, named Hitomi and inspired by [1], is designed conforming the guidelines proposed previously.

Sanjeev Kumar,Haider Banka,Baijnath Kaushik,Kumar, Sanjeev

DOI: https://doi.org/10.1007/s11042-024-19013-1

IF: 2.577

2024-04-02

Multimedia Tools and Applications

Abstract:Nowadays, wireless technology has been widely used in healthcare and communication systems. It makes our life easier in all respects. A radiofrequency identification device (RFID) has been deployed as a wireless and identity communication device. RFID is a low-resource device that requires cryptography with limited energy regarding the minimum key size. Security and authentication between the server and the tags are key challenges for an RFID system to maintain data privacy. This article presents the security vulnerabilities of recent existing RFID authentication schemes. Keeping the focus on stringent security, privacy, and low cost, we have designed a new lightweight group authentication protocol for the robust RFID system. A single server controls multiple tags by using the proposed lightweight protocol in the RFID system. Formal and informal security analysis is performed compared to other lightweight group authentication articles in which only informal security analysis is carried out. The formal security strength of our proposed protocol is analyzed using the AVISPA (Automated Verification of Internet Security Protocol Analysis) tool, confirming that it is safe from different security threats. The newly designed protocol's performance analysis results are measured in terms of computational cost, storage space, and communication cost. Finally, the combined consequence of security and lightweight of the proposed group authentication protocol is superior and outperforms compared to the existing scheme.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Jing Li,Zhiping Zhou,Ping Wang

DOI: https://doi.org/10.1109/ccdc.2017.7978502

2017-01-01

Abstract:Through analyzing the security of LMAP protocol, we point out that this protocol is vulnerable to several attacks including the data integrity, reader impersonation and traceability, forward traceability. Based on the above security drawbacks, an improved LAMP protocol is proposed. Aiming at the problem of data integrity, the backend server uses message authentication code to encrypt data information of tag; the reader mixes message generated by tag side to ensure resist impersonation reader attack; the tag side introduces blind factor against traceability attack; in addition, the keys of tags and backend server side can be updated dynamically according to the random number generated by tag side in different authentication cycles, to ensure the forward/backward privacy. The formal proof of correctness of the improved protocol is given based on GNY logic, and shows that the improved protocol resists various attack.

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.

Yongming Jin,Wei Xin,Huiping Sun,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-29253-8_27

2012-01-01

Abstract:RFID tags are now pervasive in our everyday life. They raise a lot of security and privacy issues. Many authentication protocols against these problems assume that the tags can contain a secret key that is unknown to the adversary. However, physical attacks can lead to key exposure and full security breaks. On the other hand, many protocols are only described and analyzed. However, we cannot explain why they are designed like that. Compare with the previous protocols, we first propose a universal RFID authentication protocol and show the principle why the protocol is designed. It can be instantiated for various types and achieve different security properties according to the implementation of the functions. Then we introduce a general prototype of delay-based PUF for low-cost RFID systems and propose a new lightweight RFID authentication protocol based on the general prototype of PUF. The new protocol not only resists the physical attacks and secret key leakage, but also prevents the asynchronization between the reader and the tag. It also can resist the replay attack, man-in-the-middle attack etc. Finally, we show that it is efficient and practical for low-cost RFID systems.

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Lijun Yan,Huaxiong Wang,Hung-Min Sun

2014-01-01

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In 2009, Chien and Laih proposed an RFID authentication protocol based on error correction codes (ECC) to secure RFID systems with untraceability, which is one of the most critical privacy issues on RFID. In this paper, we demonstrate that their scheme is insecure against two kinds of tracing attacks. We also analyze the success probability of our attacks.

ZW Luo,T Chan,JS Li

DOI: https://doi.org/10.1109/icebe.2005.7

2005-01-01

Abstract:Radio frequency identification (RFID) technology is expected to become an important and ubiquitous infrastructure technology of supply chain processes and customer service. The low-cost tag, or so-called passive tag, will be likely the factor for widespread adoption of the technology. It must be noticed that the deployment of such tags may create new threats to user privacy due to the powerful tracking capability of the tags. As a result, some sort of security issues must be imposed on the passive tags for addressing the privacy problem. However, providing security in such tags is a challenging task because they are highly resource constrained and cannot support strong cryptography. This paper provides both discussion on the requirements and restrictions of security implementation of a RFID system. It also examines the features and issues pertinent to several existing RFID security solution. Finally, this paper suggests the use of our proposed lightweight security protocol based on Ohkubo's scheme, which protects user privacy using a hash chain mechanism and also provides an analysis of the protocol

Zongwei Luo,Terry Chan,Jenny S. Li,Edward Wong,William Cheung,Victor Ng,Wilton Fok

DOI: https://doi.org/10.1109/icebe.2006.49

2006-01-01

Abstract:Radio frequency identification (RFID) technology is expected to become a critical and ubiquitous infrastructure technology of logistics and supply chain management (SCM) related processes and services. Low-cost has been the key to RFID adoption in many logistics/SCM applications. However, the deployment of such tags may create new threats to user privacy due to the powerful track and trace capabilities of the tags, in addition to tag/reader manufacturing challenges. As a result, some security mechanisms must be imposed on the RFID tags for addressing the privacy problems. This paper provides detailed discussion on our proposal of a lightweight RFID security protocol. It examines the features and issues through experimental analysis pertinent to efficiency and scalability to meet the requirements of the proposed security protocol in metering and payment e-commerce applications