Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Daniel W. Engels,You Sung Kang,Junyu Wang

DOI: https://doi.org/10.1109/RFID.2013.6548148

2013-01-01

Abstract:Radio frequency identification (RFID) systems compliant to the EPCglobal Generation 2 (Gen2) passive UHF RFID protocol are being deployed in a broad range of applications including access control, automated tolling, personal identification, anti-counterfeiting, and supply chain management. With the broad applications and the demand for ever increasing amounts of on-tag functionality, security on the tag has become a critical enabling functionality in many applications. To address this growing marketplace need, EPCglobal is developing a standard security framework within which security functionality may be integrated seamlessly into the Gen2 protocol. We review the proposed Gen2 security framework and introduce example cryptographic suites to illustrate how to utilize this framework to provide a range of security functionality. We analyze the security of the Gen2 protocol and this new functionality in the context of timing-based attacks. We conclude that the tight communication timings specified in the Gen2 protocol mitigate timing-based attacks; however, the loose timing implementations on commercial interrogators and limited timing enforcement on tags lesson the effectiveness of the specified timing constraints. Further, we conclude that the new security framework allows for the efficient integration of secure functionality that, as specified, is resistant to timing-based attacks; however, we caution that using the delayed response of the new Gen2 security functionality creates new vulnerabilities to timing based attacks such as relay attacks and man-in-the-middle attacks. © 2013 IEEE.

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.

Hung-Min Sun,Chen-En Lu,Shuai-Min Chen

DOI: https://doi.org/10.1109/tencon.2007.4429060

2007-01-01

Abstract:RFIDs have been popularly used in daily life. To avoid being intruded on user privacy, proper protection is necessary. The privacy issues, such as object tracking and forgery of tags, are widely studied in the literature. Traditionally, the reader is regarded as a part of the system. In mobile RFID environment, however, anyone who holds the reader can connect to the server and acquire other information about the objects he owns. To verify whether a reader has the rights to access the tags has become essential. In this paper, we propose an RFID authentication protocol that can achieve the above goal and provide tag anonymity and forgery resistance. Hence, the user privacy is guaranteed.

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Pei-Yu Chen,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/704623

2014-01-01

The Scientific World JOURNAL

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance.

Hung‐Min Sun,Shuai-Min Chen,Chen-En Lu,Cheng‐Ta Yang

2009-01-01

Abstract:There are varies of RFID authentication schemes have been proposed. Most of them address on privacy issues over the tag and the user, however, they are still vulnerable to different attacks and with some weaknesses. In addition, the readers and the back-end server are considered as a single entity for these typical RFID schemes, hence, the communication channel is assumed to be secure. Recently, a concept of mobile reader has been proposed in which the reader is possessed by the user and is equipped inside a mobile device. The mobile RFID reader possessor can extract the information about the tagged objects by communicating with the back-end server through an insecure channel; consequently, a secure RFID authentication is needed. In this paper, two RFID authentication schemes are proposed for the reader-portable RFID environment. These schemes not only provide a novel usage of RFID system, but resolve privacy threats while a mobile reader is not authorized to acquire every tag’s information.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Hao Min,ID Lab

2007-01-01

Abstract:Radio-frequency identification(RFID) is expected to take an important role for object identification as a ubiquitous infrastructure.As it will be pervasive in the social life,the security and privacy have to be concerned.Many jobs have been done in the communication between the reader and the backend database,however as an integrated technology the security of the reader and tag channel is also a weak point to be attacked.The challenge to provide RFID tag security is the limitation of its power resource,its cost requirement and even more the communication speed users bear such as EPC C1G2 standard defines the margin time the tag can process instructions.A peculiar security model of the channel between reader and tag is described in this paper,and based on the EPC C1G2 protocol the vulnerable points is analysed.The resource on the tag is recounted regarding the protocol.A modified scheme with security strategy is also suggested afterwards.

Shucheng Yu,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/milcom.2007.4454918

2007-01-01

Abstract:Radio frequency identification (RFID) is an emerging technology for automatic object identification. For successful deployment of tags, a RFID system should provide effective protection over security and privacy. In particular, traceability is the main concern for user privacy. To address these issues, mutual authentication between the reader and tags is required when deploying a RFID system. Unfortunately, because low-cost RFID tags are highly resource constrained, they are not able to carry out expensive cryptographic primitives to achieve strong authentication. This paper introduces a lightweight authentication protocol for low-cost RFID tags. Compared with previous work, our solution provides better traceability protection while keeping the system efficient in terms of computation and communication. Our scheme also maintains comparable strength regarding other security aspects.

FAN Jun-di,LI Min-bo,CHEN Guang-yu

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.19.042

2011-01-01

Abstract:The method of implementation of security and privacy in low cost tags is a key technique to be solve in research field.Based on the use of pseudo-random number generation function in writer/reader device instead of in tags,this paper proposes a new Radio Frequency Identification(RFID) mutual authentication protocol,focus on high-capacity but low-cost tags,which possesses forward security ability and can defeat location privacy attack,relay attack,eavesdropping attack and can protect data from being falsifying.The new scheme effectively solves problems of RFID security and privacy with lower complexity of hardware,so it is useful for low-cost RFID tags.

Jinsong Han,Chen Qian,Panlong Yang,Dan Ma,Zhiping Jiang,Wei Xi,Jizhong Zhao

DOI: https://doi.org/10.1109/tnet.2015.2391300

2016-01-01

IEEE/ACM Transactions on Networking

Abstract:Physical-layer identification utilizes unique features of wireless devices as their fingerprints, providing authenticity and security guarantee. Prior physical-layer identification techniques on radio frequency identification (RFID) tags require nongeneric equipments and are not fully compatible with existing standards. In this paper, we propose a novel physical-layer identification system, GenePrint, for UHF passive tags. The GenePrint prototype system is implemented by a commercial reader, a USRP-based monitor, and off-the-shelf UHF passive tags. Our solution is generic and completely compatible with the existing standard, EPCglobal C1G2 specification. GenePrint leverages the internal similarity among pulses of tags' RN16 preamble signals to extract a hardware feature as the fingerprint. We conduct extensive experiments on over 10 000 RN16 preamble signals from 150 off-the-shelf RFID tags. The results show that GenePrint achieves a high identification accuracy of 99.68%. The feature extraction of GenePrint is resilient to various malicious attacks, such as the feature replay attack.

Junyu Wang,Christian Floerkemeier,Sanjay E. Sarma

DOI: https://doi.org/10.1007/s00779-014-0788-x

2014-01-01

Personal and Ubiquitous Computing

Abstract:Radio frequency identification (RFID) is an important technique used for automatic identification and data capture. In recent years, low-cost RFID tags have been used in many open-loop applications beyond supply chain management, such as the tagging of the medicine, clothes, and belongings after the point of sales. At the same time, with the development of semiconductor industry, handheld terminals and mobile phones are becoming RFID-enabled. Unauthorized mobile RFID readers could be abused by the malicious hackers or curious common people. Even for authorized RFID readers, the ownership of the reader can be transferred and the owners of the authorized mobile reader may not be always reliable. The authorization and authentication of the mobile RFID readers need to take stronger security measures to address the privacy or security issues that may arise in the emerging open-loop applications. In this paper, the security demands of RFID tags in emerging open-loop applications are summarized, and two example protocols for authorization, authentication and key establishment based on symmetric cryptography are presented. The proposed protocols adopt a timed-session-based authorization scheme, and all reader-to-tag operations are authorized by a trusted third party using a newly defined class of timed sessions. The output of the tags is randomized to prevent unauthorized tracking of the RFID tags. An instance of the protocol A is implemented in 0.13-μm CMOS technology, and the functions are verified by field programmable gate array. The baseband consumes 44.0 μW under 1.08 V voltage and 1.92 MHz frequency, and it has 25,067 gate equivalents. The proposed protocols can successfully resist most security threats toward open-loop RFID systems except physical attacks. The timing and scalability of the two protocols are discussed in detail.

Kai Bu,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1109/PADSW.2014.7097801

2014-01-01

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring systems. Along with this trend, tagged objects' value and privacy become a primary concern. A corresponding important problem is to verify the intactness of a set of tagged objects without leaking tag identifiers (IDs). However, existing solutions necessitate the knowledge of tag IDs. Without tag IDs as a priori, this paper studies intactness verification in anonymous RFID systems. We identify three critical solution requirements, that is, deterministic verification, anonymity preservation, and scalability. We propose Cardiff and Divar, two crypto-free, lightweight protocols that isolate tag IDs from intactness verification and satisfy solution requirements. Cardiff explores tag cardinality as intactness proof while Divar leverages Direct-Sequence Spread Spectrum (DSSS) enabled RFID. Both analytical and simulation results demonstrate that Cardiff and Divar can satisfy the requirements of accuracy, privacy, and scalability.

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Yalin Chen,Jue-Sam Chou,Hung-Min Sun

DOI: https://doi.org/10.1016/j.comnet.2008.04.016

IF: 5.493

2008-01-01

Computer Networks

Abstract:In 2004, Ari Juels proposed a Yoking-Proofs protocol for RFID systems. Their aim is to permit a pair of tags to generate a proof which is verifiable off-line by a trusted entity even when the readers are potentially untrusted. However, we found that their protocol does not possess the anonymity property but also suffers from both known-plaintext attack and replay attack. Wong et al. [Kirk H.M. Wong, Patrick C.L. Hui, Allan C.K. Chan, Cryptography and authentication on RFID passive tags for apparel products, Computer in Industry 57 (2005) 342–349] proposed an authentication scheme for RFID passive tags, attempting to be a standard for apparel products. Yet, to our review, their protocol suffers from guessing parameter attack and replay attack. Moreover, both of the schemes have the common weakness: the backend server must use brute search for each tag’s authentication. In this paper, we first describe the weaknesses in the two above-mentioned protocols. Then, we propose a novel efficient scheme which not only achieve the mutual authentication between the server and the tag but also can satisfy all the security requirements needed in an RFID system.

Yang Xu,Jinsha Yuan

DOI: https://doi.org/10.1007/s11107-018-0812-6

IF: 1.768

2018-01-01

Photonic Network Communications

Abstract:With comprehensive applications of radio-frequency identification (RFID) technology in Internet of things, more and more mobile reader devices are utilized. However, in mobile RFID system the readers are not considered trustworthy as usual; thus, an authentication protocol with the mutual authentication ability is demanded; that is, the tag can authenticate the reader when necessary. In this paper, the one-way Hash is used to realize the mutual authentication between RFID tags, readers and application servers. Meanwhile, to solve the tracking attacks of tags, the ID update ability is proposed. The IDs of the RFID tags used in this protocol are variable and traceable. Besides, the out-of-synchronous mechanism and anti-collision mechanism are also designed for the ID-updating stage. BAN logic is used to prove the security of the protocol, and the communication cost simulations of several protocols are carried out and comparisons are then made. Through the security and comparisons performance analysis of various protocols, the proposed protocol is proved to require for a smaller storage space and lower operation cost. What is more, it can resist multiple attacks, which can meet the requirements of the security and privacy of RFID system for the mobile environment.

Yongming Jin,Wei Xin,Huiping Sun,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-29253-8_27

2012-01-01

Abstract:RFID tags are now pervasive in our everyday life. They raise a lot of security and privacy issues. Many authentication protocols against these problems assume that the tags can contain a secret key that is unknown to the adversary. However, physical attacks can lead to key exposure and full security breaks. On the other hand, many protocols are only described and analyzed. However, we cannot explain why they are designed like that. Compare with the previous protocols, we first propose a universal RFID authentication protocol and show the principle why the protocol is designed. It can be instantiated for various types and achieve different security properties according to the implementation of the functions. Then we introduce a general prototype of delay-based PUF for low-cost RFID systems and propose a new lightweight RFID authentication protocol based on the general prototype of PUF. The new protocol not only resists the physical attacks and secret key leakage, but also prevents the asynchronization between the reader and the tag. It also can resist the replay attack, man-in-the-middle attack etc. Finally, we show that it is efficient and practical for low-cost RFID systems.

Shaoying Cai,Yingjiu Li,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-30436-1_41

2012-01-01

Abstract:In this paper, we propose a distributed path authentication solution for dynamic RFID-enabled supply chains to address the counterfeiting problem. Compared to existing general anti-counterfeiting solutions, our solution requires non sharing of item-level RFID information among supply chain parties, thus eliminating the requirement on high network bandwidth and fine-grained access control. Our solution is secure, privacy-preserving, and practical. It leverages on the standard EPCglobal network to share information about paths and parties in path authentication. Our solution can be implemented on standard EPC class 1 generation 2 tags with only 720 bits storage and no computational capability.

Tongliang Li,Zhigang Jin,Chaoyi Pang

DOI: https://doi.org/10.1109/icinis.2010.13

2010-01-01

Abstract:Although widely used in various applications, the current RFID (Radio Frequency Identification) systems lack efficiently enforcement of security and privacy. Furthermore, considering that the bearer of a RFID tag might be changed, the ownership transferring of the tags also becomes an issue. Some schemes have been suggested, but they are lack of participation of people. In this paper, we propose a novel scheme for the low-cost passive RFID tags. In our approach, people are involved in the authentication process. After getting some information from the assistant tag and user's password, the reader uses them to update the key of the common tags to be identified, and this makes the secured ownership transfer come true. In order to reach our goal, pseudonym, mutual authentication mechanism, and lightweight functions are employed. The analysis shows that our scheme not only achieves the secure and private goals, but also supports secured controlled ownership transfer.