Seyed Salman Sajjadi Ghaemmaghami,Afrooz Haghbin,Mahtab Mirmohseni

DOI: https://doi.org/10.48550/arXiv.1601.04622

2016-01-19

Abstract:Radio Frequency IDentification (RFID) is a pioneer technology which has depicted a new lifestyle for humanity in all around the world. Every day we observe an increase in the scope of RFID applications and no one cannot withdraw its numerous usage around him/herself. An important issue which should be considered is providing privacy and security requirements of an RFID system. Recently in 2014, Cai et al. proposed two improved RFID authentication protocols based on R-RAPS rules by the names of IHRMA and I2SRS. In this paper, we investigate the privacy of the aforementioned protocols based on Ouafi and Phan formal privacy model and show that both IHRMA and I2SRS protocols cannot provide private authentication for RFID users. Moreover, we showthat these protocols are vulnerable to impersonation, DoS and traceability attacks. Then, by considering the drawbacks of the studied protocols and implementation of messages with new structures, we present two improved efficient and secure authentication protocols to ameliorate the performance of Cai et al schemes. Our analysis illustrate that the existing weaknesses of the discussed protocols are eliminated in our proposed protocols.

Cryptography and Security

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Behzad Abdolmaleki,Karim Baghery,Shahram Khazaei,Mohammad Reza Aref

DOI: https://doi.org/10.1007/s11277-017-4145-z

IF: 2.017

2017-04-29

Wireless Personal Communications

Abstract:Recently, Radio Frequency Identification (RFID) and Near Field Communication systems are found in various user-friendly services that all of us deal with in our daily lives. As these systems are ubiquitously deployed in different authentication and identification applications, inferring information about our behavior will be possible by monitoring our use of them. In order to provide privacy and security requirements of RFID users in novel authentication applications, lots of security schemes have been proposed which have tried to provide secure and untraceable communication for end-users. In this paper, we investigate the privacy of three RFID security schemes which have been proposed recently. For privacy analysis, we use the well-known RFID formal privacy model proposed by Ouafi and Phan. We show that all the studied protocols have some privacy drawbacks, making them vulnerable to various traceability attacks. Moreover, in order to overcome all the reported weaknesses and prevent the presented attacks, we apply some modifications in the structures of the studied protocols and propose an improved version of each one. Our analyses show that the modified protocols are more efficient than their previous versions and new modifications can omit all the existing weaknesses on the analyzed protocols. Finally, we compare the modified protocols with some new-found RFID authentication protocols in the terms of security and privacy.

telecommunications

Rong Zhu,Xiaoxi He,Jiahong Xie,Zongjie Zhang,Ping Wang

DOI: https://doi.org/10.1109/bigdatase50710.2020.00017

2020-01-01

Abstract:RFID system plays an important role in railway transportation. The importance of RFID security has always been a concern. However, attack methods also develop with the development of protocol design. Many authentication protocols which declared to be secure actually have some defects. These defects may help the attacker to obtain important and confidential data, which can lead to more severe problems. In this paper, we discovered some weaknesses in Safkhani et al.’s RFID authentication scheme. Through theoretical analysis and experiment by an automated analysis tool ProVerif, we found their protocol is susceptible to forgery attack and desynchronization attack. After that, we proposed an improved scheme which achieved better security. Besides, we used ProVerif to formally prove the security of our protocol. ProVerif is more flexible and powerful compared with other formal verification tools. The experiment result shows our protocol is safer than Safkhani et al.’s scheme. In general, our protocol is more practical in the application of the RFID system.

Saiyu Qi,Yuanqing Zheng,Mo Li,Li Lu,Yunhao Liu

DOI: https://doi.org/10.1109/tc.2016.2538260

2016-01-01

Abstract:Radio Frequency Identification (RFID) is a key emerging technology for supply chain systems. By attaching RFID tags to various products, product-related data can be efficiently indexed, retrieved and shared among multiple participants involved in an RFID-enabled supply chain. The flexible data access property, however, raises security and privacy concerns. In this paper, we target at security and privacy issues in RFID-enabled supply chain systems. We investigate RFID-enabled Third-party Supply chain (RTS) systems and identify several inherent security and efficiency requirements. We further design a Secure RTS system called SRTS, which leverages RFID tags to deliver computation-lightweight crypto-IDs in the RTS system to meet both the security and efficiency requirements. SRTS introduces a Private Verifiable Signature (PVS) scheme to generate computation-lightweight crypto-IDs for product batches, and couples the primitive in RTS system through careful design. We conduct theoretical analysis and experiments to demonstrate the security and efficiency of SRTS.

Haradhan Ghosh,Pramod Kumar Maurya,Satya Bagchi

DOI: https://doi.org/10.1007/s11277-024-11616-z

IF: 2.017

2024-10-20

Wireless Personal Communications

Abstract:A cutting-edge idea known as the Internet of Things (IoT) connects different physical items with the online environment. IoT technology is expanding quickly and will soon have an important encounter on how we live our everyday lives. IoT applications use radio frequency identification (RFID) to automatically identify the linked devices. RFID-enabled technologies are becoming more common nowadays for protecting privacy in a variety of industries, including the smart grid, smart cities, and smart education. Healthcare is one of the prominent applications of RFID technology. Patients can receive quick and convenient care at home due to RFID-enabled healthcare solutions. However, there are instances of technology forgery, putting patients' medical information in danger. Utilizing an authentication protocol is extensively regarded as the most efficient way for RFID-enabled healthcare systems to prevent malicious attacks and the misuse of resources. Very recently, Shariq and Singh proposed a lightweight RFID-enabled protocol for healthcare using the properties of vector space. This article presents evidence that Shariq and Singh's protocol has some wrong steps and is also liable to tag anonymity and impersonation attacks. Moreover, we proposed a secured authentication protocol to overcome the flaws of Shariq and Singh's protocol using vector addition, scalar multiplication, and dot products. We analyze the formal security utilizing BAN logic and Scyther simulation tools. The proposed protocol performs better than related protocols regarding costs associated with computation, transmission, storage, and security measures.

telecommunications

Xingmiao Wang,Kai Fan,Kan Yang,Xiaochun Cheng,Qingkuan Dong,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.comcom.2022.01.014

IF: 5.047

2022-03-01

Computer Communications

Abstract:The widespread application of Radio Frequency Identification (RFID) technology in smart living, especially in smart healthcare, has greatly facilitated patient management, reduced the labour cost of medical services, and provided patients with better medical services. However, improper use of RFID tags is highly likely to threaten the safety and privacy of hospitals and even patients, which may not only cause physical and mental harm to patients but also damage the reputation of hospitals. Medical monitoring system based on RFID technology plays a significant role in guaranteeing the security of medical records as well as the privacy of patients. Nevertheless, due to the resource constraint of RFID tags/readers, it is also challenging to design an efficient and effective authentication protocol for RFID medical monitoring system. Aiming to reduce the resource overhead and meet security requirements of the RFID system, in this paper, we propose an ultra-lightweight RFID security authentication protocol utilizing a cloud server named CRUSAP, which is based on Bit-Crossing XOR rearrangement operations that can effectively resist forgery attacks, replay attacks, desynchronization attacks, and denial of service attacks while certifying the cloud server. The formal logic of BAN proves the safety and feasibility of the protocol. Additionally, the security analysis and experimental results show that the proposed authentication protocol can realize higher security goals at a lower cost and is more suitable for scaling to large-scale authentication.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Kai Bu,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1109/PADSW.2014.7097801

2014-01-01

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring systems. Along with this trend, tagged objects' value and privacy become a primary concern. A corresponding important problem is to verify the intactness of a set of tagged objects without leaking tag identifiers (IDs). However, existing solutions necessitate the knowledge of tag IDs. Without tag IDs as a priori, this paper studies intactness verification in anonymous RFID systems. We identify three critical solution requirements, that is, deterministic verification, anonymity preservation, and scalability. We propose Cardiff and Divar, two crypto-free, lightweight protocols that isolate tag IDs from intactness verification and satisfy solution requirements. Cardiff explores tag cardinality as intactness proof while Divar leverages Direct-Sequence Spread Spectrum (DSSS) enabled RFID. Both analytical and simulation results demonstrate that Cardiff and Divar can satisfy the requirements of accuracy, privacy, and scalability.

Rolando Trujillo-Rasua

DOI: https://doi.org/10.48550/arXiv.1310.5476

2013-10-21

Cryptography and Security

Abstract:Radio Frequency Identification (RFID) is a technology aimed at eficiently identifying and tracking goods and assets. Such identification may be performed without requiring line-of-sight alignment or physical contact between the RFID tag and the RFID reader, whilst tracking is naturally achieved due to the short interrogation field of RFID readers. That is why the reduction in price of the RFID tags has been accompanied with an increasing attention paid to this technology. However, since tags are resource-constrained devices sending identification data wirelessly, designing secure and private RFID identification protocols is a challenging task. This scenario is even more complex when scalability must be met by those protocols. Assuming the existence of a lightweight, secure, private and scalable RFID identification protocol, there exist other concerns surrounding the RFID technology. Some of them arise from the technology itself, such as distance checking, but others are related to the potential of RFID systems to gather huge amount of tracking data. Publishing and mining such moving objects data is essential to improve efficiency of supervisory control, assets management and localisation, transportation, etc. However, obvious privacy threats arise if an individual can be linked with some of those published trajectories. The present dissertation contributes to the design of algorithms and protocols aimed at dealing with the issues explained above. First, we propose a set of protocols and heuristics based on a distributed architecture that improve the efficiency of the identification process without compromising privacy or security. Moreover, we present a novel distance-bounding protocol based on graphs that is extremely low-resource consuming. Finally, we present two trajectory anonymisation methods aimed at preserving the individuals' privacy when their trajectories are released.

Hua Wang,Lili Sun,Jianming Yong,Yongbing Zhang

DOI: https://doi.org/10.1109/cscwd.2009.4968136

2009-01-01

Abstract:This paper focuses on the challenges on the privacy of Radio Frequency Identification (RFID) systems. RFID systems have already widely applied in industry and have been bringing lots of benefits to our daily life, it also creates new security and privacy problems to individuals and organizations. The security and privacy challenges are analysed after a brief introduction of various RFID systems and their associated operations. A proposal to protecting security and privacy of customers, as a solution of the challenge for low-cost RFID systems is designed. Finally, comparisons to related works of the proposal are described.

Qingsong Yao,Yong Qi,Jizhong Zhao,Jinsong Han

DOI: https://doi.org/10.1109/MOBHOC.2009.5337025

2009-01-01

Abstract:Radio Frequency Identification (RFID) technologies are on their highway to pervasive usage. However privacy protection is still an important problem since RFID tags attached to items are so cost constrained. Privacy preserving authentication approaches are proposed to authenticate tags without private information leaking. Previously designed approaches based on synchronization seeks 0(1) complexity. While these synchronization based methods are efficient in normal case, they have weak points when desynchronized. When maliciously scanned, information stored in tag and reader goes farther and farther away from each other. An adversary can utilize this point to track a tag. We propose an Enhanced Synchronization aPproach for RFID private authentication, ESP, to solve this problem. ESP can eliminate the problem caused by Desynchronization Attack and help detecting Replay Attack Analysis shows that ESP enhances privacy protection while still maintaining the authentication efficiency.

Abhay Kumar Agrahari,Shirshu Varma

DOI: https://doi.org/10.1007/s12083-020-01069-z

2021-03-05

Abstract:Radio Frequency Identification (RFID) is an emerging technology that is used for the unique identification of objects. RFID can be used in different application domains, including Health-care systems, where the safety of patient-sensitive data is a primary concern. Since the RFID technology is used in various medicine sectors, particularly real-time patient monitoring, patient medicine Information, medical emergency, and drug administration system, the use of RFID raises severe security and privacy concerns. In order to cope with these security issues, we propose an Elliptic curve based authentication protocol for RFID. The proposed model uses an implicit certificate concept to secure health-care data. We prove this claim for secure communication using the formal security analysis, i.e., BAN logic, security analysis based on the mathematical model, i.e., ROR model, formal verification using AVISPA tool, and informal security analysis. We review some of the RFID authentication schemes based on ECC in terms of performance and security. Our analysis indicates that the proposed protocol provides mobility, scalability, security, and privacy in the health care environment.

computer science, information systems,telecommunications

Saru Kumari,Muhammad Khurram Khan,Rahul Kumar

DOI: https://doi.org/10.1007/s10916-013-9952-5

Abstract:To ensure reliable telecare services some user authentication schemes for telecare medical information system (TMIS) have been presented in literature. These schemes are proposed with intent to regulate only authorized access to medical services so that medical information can be protected from misuse. Very recently Jiang et al. proposed a user authentication scheme for TMIS which they claimed to provide enhanced privacy. They made use of symmetric encryption/decryption with cipher block chaining mode (CBC) to achieve the claimed user privacy. Their scheme provides features like user anonymity and user un-traceability unlike its preceding schemes on which it is built. Unluckily, authors overlook some important aspects in designing their scheme due to which it falls short to resist user impersonation attack, guessing attacks and denial of service attack. Besides, its password change phase is not secure; air message confidentiality is at risk and also has some other drawbacks. Therefore, we propose an improved scheme free from problems observed in Jiang et al.'s scheme and more suitable for TMIS.

CHEN Shao-Wei,CHEN Rui,LING Li

2010-01-01

Abstract:Although RFID technology has been increasingly popular and commonly used,there are still a host of defects in security and privacy.This paper proposes a new improved authentication protocol based on the existing protocols and Hash algorithm,and to some extent,it solves the security and privacy problems. This protocal can prevent replay attack,statistical analysis,spoofing attack,privacy track,and is suitable for the distributed system.

Khwaja Mansoor,Anwar Ghani,Shehzad Ashraf Chaudhry,Shahaboddin Shamshirband,Shahbaz Ahmed Khan Ghayyur,Amir Mosavi,Shehzad Chaudhry,Shahbaz Ghayyur

DOI: https://doi.org/10.3390/s19214752

IF: 3.9

2019-11-01

Sensors

Abstract:Despite the many conveniences of Radio Frequency Identification (RFID) systems, the underlying open architecture for communication between the RFID devices may lead to various security threats. Recently, many solutions were proposed to secure RFID systems and many such systems are based on only lightweight primitives, including symmetric encryption, hash functions, and exclusive OR operation. Many solutions based on only lightweight primitives were proved insecure, whereas, due to resource-constrained nature of RFID devices, the public key-based cryptographic solutions are unenviable for RFID systems. Very recently, Gope and Hwang proposed an authentication protocol for RFID systems based on only lightweight primitives and claimed their protocol can withstand all known attacks. However, as per the analysis in this article, their protocol is infeasible and is vulnerable to collision, denial-of-service (DoS), and stolen verifier attacks. This article then presents an improved realistic and lightweight authentication protocol to ensure protection against known attacks. The security of the proposed protocol is formally analyzed using Burrows Abadi-Needham (BAN) logic and under the attack model of automated security verification tool ProVerif. Moreover, the security features are also well analyzed, although informally. The proposed protocol outperforms the competing protocols in terms of security.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Nasser Zarbi,Ali Zaeembashi,Nasour Bagheri,Morteza Adeli

DOI: https://doi.org/10.1049/cmu2.12794

IF: 1.345

2024-06-23

IET Communications

Abstract:Our article investigates the vulnerabilities of lightweight RFID authentication schemes, namely LRSAS+ and LRARP+, and proposes an enhanced version leveraging the χper function to address their weaknesses. Through formal analysis and comparison with contemporary systems, we demonstrate that the improved scheme achieves robust security while minimizing computational overhead, making it suitable for resource‐constrained environments. In present times, Radio‐Frequency Identification (RFID) systems have seen a significant rise in their usage. There has been an increasing interest in developing even lighter RFID protocols suitable for resource‐constrained environments. Ensuring security and privacy remain critical challenges in RFID‐based systems. Recently proposed lightweight authentication schemes, namely LRSAS+ and LRARP+, are ideally suited for constrained devices. However, this article investigates these schemes and reveals certain vulnerabilities: LRSAS+ is susceptible to tag impersonation, desynchronization, and traceability attacks, while LRARP+ can fall prey to traceability and secret disclosure attacks. An enhanced version of these authentication systems is proposed that tackles their inherent weaknesses by leveraging the χper function. To verify the security of the proposed scheme, a formal analysis is conducted using Gong–Needham–Yahalom logic (GNY logic) and an automated security protocol verification tool, ProVerif. The improved scheme's effectiveness is also compared with multiple contemporary lightweight systems. The results indicate that the enhanced scheme not only meets the security requirements for lightweight authentication schemes but also achieves this with minimal computational overhead.

engineering, electrical & electronic

Feng Zhu,Peng Li,He Xu,Ruchuan Wang

DOI: https://doi.org/10.3390/s20174846

IF: 3.9

2020-08-27

Sensors

Abstract:The Internet of Things (IoT) has been integrated into legacy healthcare systems for the purpose of improving healthcare processes. As one of the key technologies of IoT, radio frequency identification (RFID) technology has been applied to offer services like patient monitoring, drug administration, and medical asset tracking. However, people have concerns about the security and privacy of RFID-based healthcare systems, which require a proper solution. To solve the problem, recently in 2019, Fan et al. proposed a lightweight RFID authentication scheme in the IEEE Network. They claimed that their scheme can resist various attacks in RFID systems with low implementation cost, and thus is suitable for RFID-based healthcare systems. In this article, our contributions mainly consist of two parts. First, we analyze the security of Fan et al.’s scheme and find out its security vulnerabilities. Second, we propose a novel lightweight authentication scheme to overcome these security weaknesses. The security analysis shows that our scheme can satisfy the necessary security requirements. Besides, the performance evaluation demonstrates that our scheme is of low cost. Thus, our scheme is well-suited for practical RFID-based healthcare systems.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Farzana Rahman,Drew Williams,Sheikh I. Ahamed,Ji-Jiang Yang,Qing Wang

DOI: https://doi.org/10.1109/hase.2014.42

2014-01-01

Abstract:The integration of sensing capability into active RFID tags has recently generated a lot of interest among the RFID community. In any sensor enabled Radio Frequency Identification (RFID) system data collection is done continuously. Data collection in this context can refer to the computation of statistical means and moments, as well as other cumulative quantities that summarize the data obtained by the system. However, these systems are usually very critical and used in sensitive applications. One such application area is healthcare where sensor enabled RFID tags are used in hospitals and clinics to provide various healthcare services by collecting different environmental and physiological data. In these types of healthcare services, the leakage of any raw data may lead to privacy violation of the system and the application users (in this case patient) in general. In such sensor enabled RFID based healthcare applications, privacy preservation cannot be accomplished using different cryptographic techniques because they involve heavy computation which is not feasible for resource constrained tags. Moreover, in these types of system, it is desirable to have end-to-end security with the data decrypted only at the reader in order to avoid security vulnerabilities as much as possible. Ensuring system security and preserving data privacy are two conflicting goals. To address this problem, we propose a privacy preserving data collection technique (PriDaC) for sensor enabled RFID based healthcare application. In PriDaC the data secrecy maintenance and data privacy protection mechanisms work cooperatively. To the best of our knowledge, it is the first work that allows privacy preserving data collection in sensor enabled RFID systems that provides healthcare services.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.