Shucheng Yu,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/milcom.2007.4454918

2007-01-01

Abstract:Radio frequency identification (RFID) is an emerging technology for automatic object identification. For successful deployment of tags, a RFID system should provide effective protection over security and privacy. In particular, traceability is the main concern for user privacy. To address these issues, mutual authentication between the reader and tags is required when deploying a RFID system. Unfortunately, because low-cost RFID tags are highly resource constrained, they are not able to carry out expensive cryptographic primitives to achieve strong authentication. This paper introduces a lightweight authentication protocol for low-cost RFID tags. Compared with previous work, our solution provides better traceability protection while keeping the system efficient in terms of computation and communication. Our scheme also maintains comparable strength regarding other security aspects.

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Eslam Gamal Ahmed,Eman Shaaban,Mohamed Hashem

DOI: https://doi.org/10.48550/arXiv.1005.4499

2010-05-25

Cryptography and Security

Abstract:Radio Frequency Identification (RFID) technology one of the most promising technologies in the field of ubiquitous computing. Indeed, RFID technology may well replace barcode technology. Although it offers many advantages over other identification systems, there are also associated security risks that are not easy to be addressed. When designing a real lightweight authentication protocol for low cost RFID tags, a number of challenges arise due to the extremely limited computational, storage and communication abilities of Low-cost RFID tags. This paper proposes a real mutual authentication protocol for low cost RFID tags. The proposed protocol prevents passive attacks as active attacks are discounted when designing a protocol to meet the requirements of low cost RFID tags. However the implementation of the protocol meets the limited abilities of low cost RFID tags.

He Jialiang -,Ouyang Dantong -,Ye Yuxin -

DOI: https://doi.org/10.4156/aiss.vol3.issue9.43

2011-01-01

INTERNATIONAL JOURNAL ON Advances in Information Sciences and Service Sciences

Abstract:Wireless communication, signal broadcasting, strictly limited resources in tags make RFID systems being confronted with many security attacks and privacy disclosure threats. In this paper，an efficient lightweight RFID mutual authentication protocol is proposed, this protocol only requires O(1) work to identify and authenticate a tag in the backend server and is particularly suitable for the low-cost RFID systems because only one-way hash function, XOR operation and concatenation operation are needed in tags. The security and performance of this protocol are analyzed as well by comparing with the related RFID authentication protocols.

Yongming Jin,Huiping Sun,Wei Xin,Song Luo,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-25243-3_6

2011-01-01

Abstract:The wide deployment of RFID systems has raised many concerns about the security and privacy. Many RFID authentication protocols are proposed for these low-cost RFID tags. However, most of existing RFID authentication protocols suffer from some feasible problems. In this paper, we first discuss the feasible problems that exist in some RFID authentication protocols. Then we propose a lightweight RFID mutual authentication protocol against these feasible problems. To the best of our knowledge, it is the first scalable RFID authentication protocol that based on the SQUASH scheme. The new protocol is lightweight and can provide the forward security. In every authentication session, the tag produces the random number and the response is fresh. It also prevents the asynchronization between the reader and the tag. Additionally, the new protocol is secure against such attacks as replay attack, denial of service attack, man-in-the-middle attack and so on. We also show that it requires less cost of computation and storage than other similar protocols.

Bing Zhang,Zhi Guang Qin,Guo Gen Wan,Xin

DOI: https://doi.org/10.4028/www.scientific.net/amm.543-547.2255

2014-01-01

Applied Mechanics and Materials

Abstract:This document analyzes the security drawback of the Hash-based algorithm authentication protocols which is frequently used in low-cost RFID systems, and proposes a lightweight mutual authentication protocol. In the proposed protocol, all authenticated information is encrypted , the location privacy is also provided by refreshing an identifier of a tag in each session and lost massages can be recovered from many attacks such as spoofing attacks. The comparison result of the simulation experiment and the formal correctness proof of the proposed authentication protocol is based on BAN logic. It shows that the proposed protocol in this article greatly enhance the capability of verifiability, confidentiality and integrality, it also corrects the existing Hash-based protocol secure deficiency so that it is more suitable for low-cost RFID systems than those existing ones.

LUO Zong-wei,ZHOU Shi-jie,Jenny Li

2007-01-01

Abstract:This article has a deep analysis on the potential danger of the Exclusive OR (XOR) and Hash chain based light weight Radio Frequency Edentification (RFID) security protocol brought by some articles. On the base of analysis, combining the traditional security schemes widely used in Internet or existing application systems and some light weight and resource-saving security mechanism, we enhance the lightweight RFID security protocol mentioning above and give a new light weight RFID security protocol. Special attention is focused on the deployment considerations for applying the protocol in real application to avoid the identified potential risk. Full consideration is given to the low cost demands for RFID tags, the power restrictions, and the non-resistant against physical tampering feature, which are common limitations in the RFID system.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Zongwei Luo,Terry Chan,Jenny S. Li,Edward Wong,William Cheung,Victor Ng,Wilton Fok

DOI: https://doi.org/10.1109/icebe.2006.49

2006-01-01

Abstract:Radio frequency identification (RFID) technology is expected to become a critical and ubiquitous infrastructure technology of logistics and supply chain management (SCM) related processes and services. Low-cost has been the key to RFID adoption in many logistics/SCM applications. However, the deployment of such tags may create new threats to user privacy due to the powerful track and trace capabilities of the tags, in addition to tag/reader manufacturing challenges. As a result, some security mechanisms must be imposed on the RFID tags for addressing the privacy problems. This paper provides detailed discussion on our proposal of a lightweight RFID security protocol. It examines the features and issues through experimental analysis pertinent to efficiency and scalability to meet the requirements of the proposed security protocol in metering and payment e-commerce applications

Shijie Zhou,Zhen Zhang,Zongwei Luo,Edward C. Wong

DOI: https://doi.org/10.1007/s10796-009-9216-6

2009-01-01

Information Systems Frontiers

Abstract:Radio frequency identification (RFID) technology has been widely used in ubiquitous infrastructures. However, resource constraint in the low-cost RFID systems has posed potential risks such as privacy and security problems, becoming adoption barrier for RFID-based applications. In this paper, current security issues in RFID are introduced firstly. Then, we propose a lightweight Anti-desynchronization privacy preserving RFID authentication protocol. It is particularly suitable for the low-cost RFID environment for only the capacity of one-way hash function and XOR operation is needed. In this lightweight Anti-desynchronization RFID authentication protocol, the back-end server keeps the history of the random key update to prevent the active attackers from de-synchronizing the shared secret between the tag and the back-end server. The security and the performance of the proposed protocol are analyzed as well.

ZHANG Bing,MA Xin-xin,QIN Zhi-guang

DOI: https://doi.org/10.3969/j.issn.1001-0548.2013.03.021

2013-01-01

Abstract:The security of Hash-based operation authentication protocol, which is usually used by the low-cost RFID system, is researched. Based on the analysis of security shortcomings and flows of this protocol, a thesis of low-cost RFID authentication protocol to meet the security requirements is formulized and a light-weight RFID bi-directional authentication protocol is proposed. The security of the proposed protocol is proved by using the formal analysis method of BAN logic. The results show that the proposed protocol can meet the security requirements of confidentiality, integrity, and traceability in RFID applications. Besides, the protocol can resist attacks of tracking, label counterfeit, and replay, improve the security flaws existing in the current Hash-based operation authentication protocol, and better meets the security requirements of the low-cost RFID system.

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.

Kai Fan,Qi Luo,Kuan Zhang,Yintang Yang

DOI: https://doi.org/10.1016/j.ins.2019.08.006

2017-01-01

Abstract:Radio Frequency Identification (RFID) makes it a supporting technology for the Internet of things (IoT). While RFID has been widely used and developed rapidly, its security and privacy issues cannot be ignored. With the development of cloud computing, cloud based RFID system has become a new solution. Protecting the security of RFID system in cloud environment is particularly important. Not verifying the tag or reader when reading message will have serious consequences, which may suffer many secure issues, such as intercept, modifying, replaying, DoS and synchronization. This paper puts forward an efficient and reliable RFID security authentication scheme in cloud environment. The protocol combines the logic encryption operation with timestamp, which can resist DoS attacks and anti-synchronization attacks. The proposed protocol not only can well solve the RFID security and privacy issues, but also can use the powerful cloud computing capabilities to process data.

Amol Bandal,Shankar Nawale

DOI: https://doi.org/10.48550/arXiv.1207.2639

2012-07-11

Abstract:In recent years, radio frequency identification technology has moved into the mainstream applications that help to speed up handling of manufactured goods and materials. RFID tags are divided into two classes: active and passive. Active tag requires a power source that's why its cost is more than passive tags. However, the low-cost RFID tags are facing new challenges to security and privacy. Some solutions utilize expensive cryptographic primitives such as hash or encryption functions, and some lightweight approaches have been reported to be not secure. This paper describes a lightweight Mutual authentication and ownership transfer protocol utilizing minimalistic cryptography using Physically Unclonable Functions (PUF) and Linear Feedback Shift Registers (LFSR). PUFs and LFSRs are very efficient in hardware and particularly suitable for the low-cost RFID tags. To functioning security in low cost RFID tag minimum gate requirement is 2000 gates. To implement security protocols using PUF and LFSR functions need only approx 800 gates. In this paper it is explained how we can authenticate and transfer ownership of low cost RFID tag securely using LFSR and PUF as compared to existing solutions based on hash functions.

Cryptography and Security

Sanjeev Kumar,Haider Banka,Baijnath Kaushik,Kumar, Sanjeev

DOI: https://doi.org/10.1007/s11042-024-19013-1

IF: 2.577

2024-04-02

Multimedia Tools and Applications

Abstract:Nowadays, wireless technology has been widely used in healthcare and communication systems. It makes our life easier in all respects. A radiofrequency identification device (RFID) has been deployed as a wireless and identity communication device. RFID is a low-resource device that requires cryptography with limited energy regarding the minimum key size. Security and authentication between the server and the tags are key challenges for an RFID system to maintain data privacy. This article presents the security vulnerabilities of recent existing RFID authentication schemes. Keeping the focus on stringent security, privacy, and low cost, we have designed a new lightweight group authentication protocol for the robust RFID system. A single server controls multiple tags by using the proposed lightweight protocol in the RFID system. Formal and informal security analysis is performed compared to other lightweight group authentication articles in which only informal security analysis is carried out. The formal security strength of our proposed protocol is analyzed using the AVISPA (Automated Verification of Internet Security Protocol Analysis) tool, confirming that it is safe from different security threats. The newly designed protocol's performance analysis results are measured in terms of computational cost, storage space, and communication cost. Finally, the combined consequence of security and lightweight of the proposed group authentication protocol is superior and outperforms compared to the existing scheme.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Yan Wang,Feng Shu,Xuemei Lei,Xuehui Wang,Rongen Dong,Qiankun Cheng

DOI: https://doi.org/10.1109/cbd63341.2023.00021

2023-01-01

Abstract:In this paper, a new protocol is proposed to improve the security of mobile RFID smart medical system based on three existing RFID security authentication protocols. Through security analysis, BAN logic analysis and Scyther tool test, it is shown that the proposal protocol can effectively resist many typical attacks that RFID system is vulnerable to, such as location privacy leakage, impersonation attack and desynchronization attack. In addition, the time cost of tag, reader and server is 0.042 ms, 0.084 ms and 0.042 ms respectively in the process of protocol mutual authentication. The storage cost of the tag is 96 bits, and the communication cost of the protocol is 864 bits. Therefore, the results of security and performance analysis show that the protocol is low cost and high security, and can meet to the EPC C1G2 standard.

He Jialiang -,Ouyang Dantong -,Bai Tian -,Zhang Liming -

DOI: https://doi.org/10.4156/jdcta.vol6.issue6.10

2012-01-01

International Journal of Digital Content Technology and its Applications

Abstract:Special physical character and strictly limited resources in tags make RFID systems being confronted with many security problems, mobile reader brings higher design requirements for RFID protocols. In this paper, a lightweight RFID authentication protocol for mobile reader is proposed, this protocol only requires O(1) work to identify and authenticate a tag in the server and is suitable for the low-cost RFID systems. The security and performance of the proposed protocol are analyzed as well.

Xiu-qing CHEN,Tian-jie CAO,Yu GUO

DOI: https://doi.org/10.3969/j.issn.1002-137X.2013.11.022

2013-01-01

Computer Science

Abstract:We analyzed the security of RFID authentication protocols recently proposed by Ha et al.Our security analysis clearly highlights important security weakness in this article.More precisely,an adversary analyzes the messages between reader and tag and implements traceability attacks.Then,the adversary performs the passive full-disclosure attacks and discloses the tags' secret.In order to evaluate the performance of traceability attacks,we observed the toy experimental results by running several tests on an implementation of the protocol.Finally,we used the formal model of untraceability,which successfully proves the robustness against tracing attacks and the untraceability of the enhanced scheme.

Leyi SHI,Cong JIA,Jian GONG,Xin LIU,Honglong CHEN

DOI: https://doi.org/10.11999/JEIT150653

2016-01-01

Abstract:Concerning the resource-limited RFID tags, this paper presents a lightweight mutual authentication scheme based on Hash function, combining with the pseudo-random number and shared secret mechanisms, and implements the mutual authentication among the end database, reader and the tags. The anti-attack performance and the overhead of the scheme are analyzed in detail. Afterwards, the protocol security model is formalized using BAN logical analysis method. Theoretical analysis shows that the proposed authentication scheme could achieve the desired security goals, has good anti-attack performance and high efficiency. It can be applied to big population RFID since its low overhead for RFID tags.

Shiqi Wang,Linsen Li,Gaosheng Chen,Tao Chen,Zeming Wang

DOI: https://doi.org/10.1109/IACS.2017.7921977

2017-01-01

Abstract:As the RFID based Internet of Things (loT) gets worldwide attention, to prepare for the rapidly increasing applications in daily life, various security protocols are proposed. But, these protocols, most of which are limited by the tag processing capacity and dangerous exposure during transmission, could only be applied in certain fields. Previously, Chen and Deng's mutual authentication and privacy protection protocol which conforming EPC Class 1 Generation 2 Standards stands out for low cost as well as little requirements of the tag processing capacity. However, currently reported by others, this system faces up with severe dangers of tracking or cloning tags via impersonating attacks. After scrutiny, we found out that these vulnerabilities lie in the insufficient protections of random numbers, and we reconstruct the request and response based on the original protocol by making message unrepeatable, key elements secret and adding small storage for comparisons. The security of our protocol, proved by Ban logic analysis, is ensured by double protections — secret key pairs and dynamic random numbers. Our comparisons show that our protocol not only is safe under traditional attacks guaranteed by the original protocol but also overcomes impersonating attacks which represents the inherent weakness of information exposure in public.