Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

He Jialiang -,Ouyang Dantong -,Ye Yuxin -

DOI: https://doi.org/10.4156/aiss.vol3.issue9.43

2011-01-01

INTERNATIONAL JOURNAL ON Advances in Information Sciences and Service Sciences

Abstract:Wireless communication, signal broadcasting, strictly limited resources in tags make RFID systems being confronted with many security attacks and privacy disclosure threats. In this paper，an efficient lightweight RFID mutual authentication protocol is proposed, this protocol only requires O(1) work to identify and authenticate a tag in the backend server and is particularly suitable for the low-cost RFID systems because only one-way hash function, XOR operation and concatenation operation are needed in tags. The security and performance of this protocol are analyzed as well by comparing with the related RFID authentication protocols.

Yongming Jin,Huiping Sun,Wei Xin,Song Luo,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-25243-3_6

2011-01-01

Abstract:The wide deployment of RFID systems has raised many concerns about the security and privacy. Many RFID authentication protocols are proposed for these low-cost RFID tags. However, most of existing RFID authentication protocols suffer from some feasible problems. In this paper, we first discuss the feasible problems that exist in some RFID authentication protocols. Then we propose a lightweight RFID mutual authentication protocol against these feasible problems. To the best of our knowledge, it is the first scalable RFID authentication protocol that based on the SQUASH scheme. The new protocol is lightweight and can provide the forward security. In every authentication session, the tag produces the random number and the response is fresh. It also prevents the asynchronization between the reader and the tag. Additionally, the new protocol is secure against such attacks as replay attack, denial of service attack, man-in-the-middle attack and so on. We also show that it requires less cost of computation and storage than other similar protocols.

Shucheng Yu,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/milcom.2007.4454918

2007-01-01

Abstract:Radio frequency identification (RFID) is an emerging technology for automatic object identification. For successful deployment of tags, a RFID system should provide effective protection over security and privacy. In particular, traceability is the main concern for user privacy. To address these issues, mutual authentication between the reader and tags is required when deploying a RFID system. Unfortunately, because low-cost RFID tags are highly resource constrained, they are not able to carry out expensive cryptographic primitives to achieve strong authentication. This paper introduces a lightweight authentication protocol for low-cost RFID tags. Compared with previous work, our solution provides better traceability protection while keeping the system efficient in terms of computation and communication. Our scheme also maintains comparable strength regarding other security aspects.

Bing Zhang,Zhi Guang Qin,Guo Gen Wan,Xin

DOI: https://doi.org/10.4028/www.scientific.net/amm.543-547.2255

2014-01-01

Applied Mechanics and Materials

Abstract:This document analyzes the security drawback of the Hash-based algorithm authentication protocols which is frequently used in low-cost RFID systems, and proposes a lightweight mutual authentication protocol. In the proposed protocol, all authenticated information is encrypted , the location privacy is also provided by refreshing an identifier of a tag in each session and lost massages can be recovered from many attacks such as spoofing attacks. The comparison result of the simulation experiment and the formal correctness proof of the proposed authentication protocol is based on BAN logic. It shows that the proposed protocol in this article greatly enhance the capability of verifiability, confidentiality and integrality, it also corrects the existing Hash-based protocol secure deficiency so that it is more suitable for low-cost RFID systems than those existing ones.

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.

ZW Luo,T Chan,JS Li

DOI: https://doi.org/10.1109/icebe.2005.7

2005-01-01

Abstract:Radio frequency identification (RFID) technology is expected to become an important and ubiquitous infrastructure technology of supply chain processes and customer service. The low-cost tag, or so-called passive tag, will be likely the factor for widespread adoption of the technology. It must be noticed that the deployment of such tags may create new threats to user privacy due to the powerful tracking capability of the tags. As a result, some sort of security issues must be imposed on the passive tags for addressing the privacy problem. However, providing security in such tags is a challenging task because they are highly resource constrained and cannot support strong cryptography. This paper provides both discussion on the requirements and restrictions of security implementation of a RFID system. It also examines the features and issues pertinent to several existing RFID security solution. Finally, this paper suggests the use of our proposed lightweight security protocol based on Ohkubo's scheme, which protects user privacy using a hash chain mechanism and also provides an analysis of the protocol

LUO Zong-wei,ZHOU Shi-jie,Jenny Li

2007-01-01

Abstract:This article has a deep analysis on the potential danger of the Exclusive OR (XOR) and Hash chain based light weight Radio Frequency Edentification (RFID) security protocol brought by some articles. On the base of analysis, combining the traditional security schemes widely used in Internet or existing application systems and some light weight and resource-saving security mechanism, we enhance the lightweight RFID security protocol mentioning above and give a new light weight RFID security protocol. Special attention is focused on the deployment considerations for applying the protocol in real application to avoid the identified potential risk. Full consideration is given to the low cost demands for RFID tags, the power restrictions, and the non-resistant against physical tampering feature, which are common limitations in the RFID system.

Ning, Jianting

DOI: https://doi.org/10.1007/s12083-023-01471-3

IF: 3.488

2023-04-25

Peer-to-Peer Networking and Applications

Abstract:As one of the key identity authentication technologies in the Internet of Things (IoT), Radio Frequency Identification (RFID) technology has been widely adopted in various wireless communication fields. However, increasing security and privacy issues have been limiting the development of RFID system. Most of the existing RFID authentication protocols are vulnerable to many malicious attacks. Key updating is a common security mechanism in RFID authentication protocol, but the existing RFID authentication protocols using traditional key updating mechanism usually cannot resist against desynchronization attack. To address this issue, we present a new shared key updating method by using pseudo-random number generator (PRNG) with the seeds negotiated by tag and server. Moreover, a new bit flipping operation is proposed to reduce the computation cost of tag. On these basis, we design a lightweight RFID mutual authentication protocol SDRLAP based on double physical unclonable function (PUF) by using PRNG and bit flipping operation. Compared with most of the existing RFID authentication protocols with the traditional key updating mechanism, SDRLAP guarantees the security and privacy of RFID systems, and meanwhile has the obvious advantages in terms of computational cost, storage requirement and communication overhead.

computer science, information systems,telecommunications

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Qingsong Yao,Yong Qi,Ying Chen,Xiao Zhong

DOI: https://doi.org/10.1007/978-3-642-14654-1_16

2010-01-01

Abstract:Previous designed synchronization approaches advocate an O(1) search complexity. Although it is efficient, such an approach is vulnerable to Desynchronization Attacks, in which the secret information will become incrementally different between the tag and reader. Either adversary can utilize this to distinguish tags or the legitimate tag and reader cannot authenticate with each other. Even worse, synchronization approaches suffer from replay attacks. To address these problems, we propose a DESynchronization Tolerant RFID private authentication protocol, DEST, which forces a tag to keep its behaviors undistinguishable. DEST provides desynchronization tolerance, replay attack resistance, and forward secrecy. The analysis results show that DEST effectively enhances the privacy protection for RFID private authentication, and provides the same efficiency, O(1), as traditional synchronization approaches.

Tian Fu,Zhen Wang,PanDeng Yang

DOI: https://doi.org/10.4028/www.scientific.net/amm.336-338.1882

2013-01-01

Applied Mechanics and Materials

Abstract:With the gradual application of RFID technology, the problems of privacy security arouse people's great attention. To address the problems of the existing RFID authentication protocol, such as the weakness on security and privacy, the high cost and the un-stabilizing systems performance, this paper puts forward a kind effective protection of privacy and low cost RFID security authentication protocol, analyses the security and performance of this protocol. This protocol can not only effectively solve the problems of replay attacks, location privacy attack and data synchronization, but also greatly use the Reader computing resources to reduce the cost of system construction, so it is appropriate for the application of RFID system.

Zhen Zhang,Shijie Zhou,Zongwei Luo

DOI: https://doi.org/10.1109/icebe.2008.92

2008-01-01

Abstract:Radio frequency identification (RFID) technology has been widely used in ubiquitous infrastructures. On the other hand, the low-cost RFID system has potential risks such as privacy and security problems, which would be a big barrier for the application. First of all, we analyze the current security protocols for the RFID system. To protect user privacy and remove security vulnerabilities, we propose a robust and privacy preserving mutual authentication protocol that is suitable for the low-cost RFID environment. Finally, the correctness of the proposed authentication protocol is proved by the BAN logic.

Ben Niu,Xiaoyan Zhu,Haotian Chi,Hui Li

DOI: https://doi.org/10.1007/s11277-014-1605-6

IF: 2.017

2014-01-01

Wireless Personal Communications

Abstract:Security and privacy issues in RFID technology gain tremendous popularity recently. However, existing work on RFID authentication problems always make assumptions such as (1) hash function can be fully employed in designing RFID protocols; (2) channels between readers and server are always secure. The first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be directly adopted in mobile RFID applications where wireless channels between readers and server are always insecure. To solve these problems, in this paper, we propose a novel ultralightweight and privacy-preserving authentication protocol for mobile RFID systems. We only use bitwise XOR, and several special constructed pseudo-random number generators to achieve our aims in the insecure mobile RFID environment. We use GNY logic to prove the security correctness of our proposed protocol. The security and privacy analysis show that our protocol can provide several privacy properties and avoid suffering from a number of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare several parameters with existing work, the evaluation results indicate us that our protocol significantly improves the system performance.

Yan Wang,Feng Shu,Xuemei Lei,Xuehui Wang,Rongen Dong,Qiankun Cheng

DOI: https://doi.org/10.1109/cbd63341.2023.00021

2023-01-01

Abstract:In this paper, a new protocol is proposed to improve the security of mobile RFID smart medical system based on three existing RFID security authentication protocols. Through security analysis, BAN logic analysis and Scyther tool test, it is shown that the proposal protocol can effectively resist many typical attacks that RFID system is vulnerable to, such as location privacy leakage, impersonation attack and desynchronization attack. In addition, the time cost of tag, reader and server is 0.042 ms, 0.084 ms and 0.042 ms respectively in the process of protocol mutual authentication. The storage cost of the tag is 96 bits, and the communication cost of the protocol is 864 bits. Therefore, the results of security and performance analysis show that the protocol is low cost and high security, and can meet to the EPC C1G2 standard.

Wei Xie,Chen Zhang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.48550/arXiv.1304.1318

2013-04-04

Cryptography and Security

Abstract:This paper address a new problem in RFID authentication research for the first time. That is, existing RFID authentication schemes generally assume that the backend server is absolutely secure, however, this assumption is rarely tenable in practical conditions. It disables existing RFID authentication protocols from being safely applied to a reallife scenario in which the backend server is actually vulnerable, compromised or even malicious itself. We propose an RFID authentication scheme against an unsecure backend server. It is based on hash chain, searching over encrypted data, and coprivacy, defending against the privacy revealing to the backend server. The proposed scheme is scalable, resistant to desynchronization attacks, and provides mutual authentication in only three frontend communication steps. Moreover, it is the first scheme meeting the special security and privacy requirement for a cloud-based RFID authentication scenario in which the backend server is untrustworthy to readers held by cloud clients.

Qingsong Yao,Yong Qi,Jizhong Zhao,Jinsong Han

DOI: https://doi.org/10.1109/MOBHOC.2009.5337025

2009-01-01

Abstract:Radio Frequency Identification (RFID) technologies are on their highway to pervasive usage. However privacy protection is still an important problem since RFID tags attached to items are so cost constrained. Privacy preserving authentication approaches are proposed to authenticate tags without private information leaking. Previously designed approaches based on synchronization seeks 0(1) complexity. While these synchronization based methods are efficient in normal case, they have weak points when desynchronized. When maliciously scanned, information stored in tag and reader goes farther and farther away from each other. An adversary can utilize this point to track a tag. We propose an Enhanced Synchronization aPproach for RFID private authentication, ESP, to solve this problem. ESP can eliminate the problem caused by Desynchronization Attack and help detecting Replay Attack Analysis shows that ESP enhances privacy protection while still maintaining the authentication efficiency.

Ying ZHENG,Dantong OUYANG,Lili HE,Hongtao BAI

DOI: https://doi.org/10.13413/j.cnki.jdxblxb.2015.03.29

2015-01-01

Abstract:For synchronous safety problems existed in RFID technology,the paper proposes a new security authentication protocol based on a one-way Hash function,a more comprehensive solution to the presence of RFID systems in various security problems.The proposed protocol was formally proven and comparatively analyzed based on GNY logic.The results show that the protocol can effectively solve the eavesdropping,replay attacking and synchronization losing problems and other safety issues,and is prior to a series of agreements in the current mainstream in energy,security and performance.

Ben Niu,Hui Li,Xiaoyan Zhu,Chao Lv

DOI: https://doi.org/10.1109/cis.2011.152

2011-01-01

Abstract:Radio frequency identification technology has been increasingly used in many applications. However, there are many threats and security risks in the RFID systems since an insecure wireless channel exists between the reader and the tags. The security of RFID protocols must be designed and proved with careful cryptanalysis. In this paper, we analyze some RFID authentication protocols proposed recently. Firstly, Shen et al. propose an authentication protocol with strong privacy and security, but we prove that the attacker is able to impersonate a reader to desynchronize a tag by eavesdropping on and modifying the messages transmitted. Secondly, WeiHWang et al. claim that their hash function based protocol can resist from several attacks including denial of service attack, but we perform this attack by inducing a desynchronization of secret between server and tags. At last, Sandhya and Rangaswarmy propose an authentication protocol with many security features, while we present desynchronization attack and reader impersonation attack on this protocol.

Xiaoyun Chen,Youli Su,Hui Xiong,Yukai Yao,Guohua Liu,Min Yue

DOI: https://doi.org/10.1109/IHMSC.2010.61

2010-01-01

Abstract:Radio Frequency Identification (RFID) systems is increasingly rife in a variety of applications during recent years, such as inventory management, automobile immobilizers, animal tracking, supply chain management (SCM) and payment system. However, due to its wireless communication and demand for invisibility, security and privacy in RFID system becomes a serious challenge. In this paper, our main attention is constructing an efficient privacy preserving proposal. After reviewing the past work, we propose an improved method to enhance the security and privacy in RFID system. Based on random hash lock approach, we use random list stored in tag instead random value generator, and this novel method can achieve both mutual authentication with lower tag design cost. Meanwhile, the proposed solution satisfies security requirements, for instance, no information leaking, forward security and is resistant to replay attacks. In addition, it is suitable for distribute environment. Analysis of this approach shows it effective and efficiency. Compared with some existing schemes, this solution is superior.