Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

H. M. Sun,S. M. Chen,K. H. Wang

2011-01-01

Abstract:There are increasing concerns on the security of RFID usages. Recently, Lu et al. presented ACTION, a privacy preservative authentication protocol for RFID. It is claimed that it achieves high level of security even if a large number of tags is compromised. However, we found that this protocol is vulnerable to two severe attacks : Desynchronizing attacks and Tracking attacks. In this pape r, we present how these two attacks work even if the protocol parameters are moderated.

Yongming Jin,Huiping Sun,Wei Xin,Song Luo,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-25243-3_6

2011-01-01

Abstract:The wide deployment of RFID systems has raised many concerns about the security and privacy. Many RFID authentication protocols are proposed for these low-cost RFID tags. However, most of existing RFID authentication protocols suffer from some feasible problems. In this paper, we first discuss the feasible problems that exist in some RFID authentication protocols. Then we propose a lightweight RFID mutual authentication protocol against these feasible problems. To the best of our knowledge, it is the first scalable RFID authentication protocol that based on the SQUASH scheme. The new protocol is lightweight and can provide the forward security. In every authentication session, the tag produces the random number and the response is fresh. It also prevents the asynchronization between the reader and the tag. Additionally, the new protocol is secure against such attacks as replay attack, denial of service attack, man-in-the-middle attack and so on. We also show that it requires less cost of computation and storage than other similar protocols.

Shiqi Wang,Linsen Li,Gaosheng Chen,Tao Chen,Zeming Wang

DOI: https://doi.org/10.1109/IACS.2017.7921977

2017-01-01

Abstract:As the RFID based Internet of Things (loT) gets worldwide attention, to prepare for the rapidly increasing applications in daily life, various security protocols are proposed. But, these protocols, most of which are limited by the tag processing capacity and dangerous exposure during transmission, could only be applied in certain fields. Previously, Chen and Deng's mutual authentication and privacy protection protocol which conforming EPC Class 1 Generation 2 Standards stands out for low cost as well as little requirements of the tag processing capacity. However, currently reported by others, this system faces up with severe dangers of tracking or cloning tags via impersonating attacks. After scrutiny, we found out that these vulnerabilities lie in the insufficient protections of random numbers, and we reconstruct the request and response based on the original protocol by making message unrepeatable, key elements secret and adding small storage for comparisons. The security of our protocol, proved by Ban logic analysis, is ensured by double protections — secret key pairs and dynamic random numbers. Our comparisons show that our protocol not only is safe under traditional attacks guaranteed by the original protocol but also overcomes impersonating attacks which represents the inherent weakness of information exposure in public.

Yongming Jin,Wei Xin,Huiping Sun,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-29253-8_27

2012-01-01

Abstract:RFID tags are now pervasive in our everyday life. They raise a lot of security and privacy issues. Many authentication protocols against these problems assume that the tags can contain a secret key that is unknown to the adversary. However, physical attacks can lead to key exposure and full security breaks. On the other hand, many protocols are only described and analyzed. However, we cannot explain why they are designed like that. Compare with the previous protocols, we first propose a universal RFID authentication protocol and show the principle why the protocol is designed. It can be instantiated for various types and achieve different security properties according to the implementation of the functions. Then we introduce a general prototype of delay-based PUF for low-cost RFID systems and propose a new lightweight RFID authentication protocol based on the general prototype of PUF. The new protocol not only resists the physical attacks and secret key leakage, but also prevents the asynchronization between the reader and the tag. It also can resist the replay attack, man-in-the-middle attack etc. Finally, we show that it is efficient and practical for low-cost RFID systems.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Xiuqing Chen,Tianjie Cao,Robin Doss,Jingxuan Zhai

DOI: https://doi.org/10.1007/s11277-017-4449-z

IF: 2.017

2017-01-01

Wireless Personal Communications

Abstract:Radio Frequency Identification (RFID) technology is expected to play a key role in the Internet of Things (IoT) and has applications in a wide variety of domains ranging from automation to healthcare systems. Therefore, the security and privacy of RFID communication is critical. In this paper, we analyze two recent RFID protocols proposed by researchers. Specifically we show that the ownership transfer protocol proposed by Wang et al., is vulnerable to tracing attacks while the mutual authentication protocol proposed by Cho et al. is vulnerable to key disclosure and backward traceable attacks. We propose secure improvements to these protocols to address the vulnerabilities, and improve the scalability of these schemes making them suitable for large-scale deployments.

Hanguang Luo,Guangjun Wen,Jian Su,Zhong Huang

DOI: https://doi.org/10.1007/s11276-016-1323-y

IF: 2.701

2016-01-01

Wireless Networks

Abstract:Data security is crucial for a RFID system. Since the existing RFID mutual authentication protocols encounter the challenges such as security risks, poor performance, an ultra-lightweight authentication protocol named Succinct and Lightweight Authentication Protocol (SLAP) is proposed. SLAP is only composed of bitwise operations like XOR, left rotation and conversion which is easy to implement on a passive tag. The proposed conversion operation as the main security component guarantees the security of RFID system with the properties such as irreversibility, sensibility, full confusion and low complexity, which better performed or even absent in other previous protocols. Security analysis shows that SLAP guarantees the functionalities of mutual authentication as well as resistance to various attacks such as de-synchronization attack, replay attack and traceability attack, etc. Furthermore, performance evaluation also indicates that the proposed scheme outperforms the existing protocols in terms of less computation requirement and fewer communication messages during authentication process.

Zongwei Luo,Terry Chan,Jenny S. Li,Edward Wong,William Cheung,Victor Ng,Wilton Fok

DOI: https://doi.org/10.1109/icebe.2006.49

2006-01-01

Abstract:Radio frequency identification (RFID) technology is expected to become a critical and ubiquitous infrastructure technology of logistics and supply chain management (SCM) related processes and services. Low-cost has been the key to RFID adoption in many logistics/SCM applications. However, the deployment of such tags may create new threats to user privacy due to the powerful track and trace capabilities of the tags, in addition to tag/reader manufacturing challenges. As a result, some security mechanisms must be imposed on the RFID tags for addressing the privacy problems. This paper provides detailed discussion on our proposal of a lightweight RFID security protocol. It examines the features and issues through experimental analysis pertinent to efficiency and scalability to meet the requirements of the proposed security protocol in metering and payment e-commerce applications

Han Ding,Jinsong Han,Yanyong Zhang,Fu Xiao,Wei Xi,Ge Wang,Zhiping Jiang

DOI: https://doi.org/10.1109/infocom.2018.8486424

2018-01-01

Abstract:As the Ultra High Frequency (UHF) passive Radio Frequency IDentification (RFID) technology becomes increasingly deployed, it faces an array of new security attacks. In this paper, we consider a type of attack in which a malicious RFID reader could arbitrarily modify the tags via standard commands, e.g., IDs or other data in the memory. To deal with this type of attack, we propose a physical-layer RF signal based reader authentication solution, namely Arbitrator, that involves passively listening on RF channels, analyzing the communication signals, identifying unauthorized readers and jamming the commands from such readers. Our solution does not need to modify RFID devices or the underlying communication standards, hence fully compatible with the existing RFID infrastructure. In this study, we have implemented a prototype Arbitrator over the Universal Software Radio Peripheral (USRP) platform, and conducted extensive experiments to evaluate its performance. Our results show that Arbitrator can detect unauthorized RFID readers with high accuracy, and thus effectively diminish the unauthorized access attacks.

Tianjie Cao,Peng Shen,Elisa Bertino

DOI: https://doi.org/10.4304/jcm.3.7.20-27

2008-01-01

Journal of Communications

Abstract:Two effective attacks, namely de-synchronization attack and impersonation attack, against Ha et al.’s LCSS RFID authentication protocol, Song and Mitchell’s protocol are identified. The former attack can break the synchronization between the RFID reader and the tag in a single protocol run so that they can not authenticate each other in any following protocol run. The latter can impersonate a legal tag to spoof the RFID reader by extracting the ID of a specific tag during the authentication process. An impersonation attack against Chen et al.’s RFID authentication scheme is also identified. By sending malicious queries to the tag and collecting the response messages emitted by the tag, the attack allows an adversary to extract the secret information from the tag and further to impersonate the legal tag.

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Pei-Yu Chen,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/704623

2014-01-01

The Scientific World JOURNAL

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance.

Bing-Qing Zhao,Hui-Ming Wang,Peng Liu

DOI: https://doi.org/10.1109/jiot.2020.2998789

IF: 10.6

2020-12-01

IEEE Internet of Things Journal

Abstract:Passive radio-frequency identification (RFID) communication raises new transmission secrecy protection challenges, since passive tags stored information lack effective information protection mechanisms. Due to constraints of passive tags, such as limited computation and storage capabilities, security solutions based on the physical-layer security (PLS) are promising candidates compared to those based on conventional lightweight cryptography. Unlike existing endeavors on PLS of RFID wireless communication, we consider an RFID system in the presence of a special proactive eavesdropper, which is able to both enhance the information wiretap and interfere with the information detection at the RFID reader simultaneously by broadcasting its own continuous-wave (CW) signal. To defend against proactive eavesdropping attacks, we propose a wiretap-channel-conscious artificial-noise (AN)-aided secure transmission scheme for the RFID reader, which first estimates both legitimate and wiretap channels and then superimposes an AN signal on the CW signal to confuse the proactive eavesdropper. The transmit power and power allocation between the AN signal and the CW signal are optimized to maximize the secrecy rate. Furthermore, we model the attack and defense process between the proactive eavesdropper and the RFID reader as a hierarchical security game and prove it can achieve the equilibrium. The simulation results show the superiority of our proposed scheme in terms of the secrecy rate and the interactions between the RFID reader and the proactive eavesdropper.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chen Qian,Yunhuai Liu,Hoilun Ngan,Lionel M. Ni

DOI: https://doi.org/10.1109/icdcs.2010.84

2010-01-01

Abstract:The growing importance of operations such as identification, location sensing and object tracking has led to increasing interests in contact less Radio Frequency Identification (RFID) systems. Enjoying the low cost of RFID tags, modern RFID systems tend to be deployed for large-scale mobile objects. Both the theoretical and experimental results suggest that when tags are mobile and with large numbers, two classical MAC layer collision-arbitration protocols, slotted ALOHA and Tree-traversal, do not satisfy the scalability and time-efficiency requirements of many applications. To address this problem, we propose Adaptively Splitting-based Arbitration Protocol (ASAP), a scheme that provides low-latency RFID identification and has stable performance for massive RFID networks. Theoretical analysis and experimental evaluation show that ASAP outperforms most existing collision-arbitration solutions. ASAP is efficient for both small and large deployment of RFID tags, in terms of time and energy cost. Hence it can benefit dynamic and large-scale RFID systems.

Xiuqing Chen,Tianjie Cao,Yu Guo

DOI: https://doi.org/10.12785/amis/080450

2014-01-01

Applied Mathematics & Information Sciences

Abstract:The radio frequency identification (RFID) protocols are vulnerable to va rious attacks from an active or passive adversary. We shed light upon some existing security flaws in these delegation protocols . It is useful to mitigate many security weaknesses in such delegation protocols to promote the acceptance of RFID tags. We propose that a scalable RFID delegation protocol will be against traceability attacks with a stateful variant so that it provides the claimed secu rity requirements. Compared with the previous schemes, we emphasize three critical distinctions in our protocol. First, the reader an d the tag decrease one bitwise XOR of the message and reduce the computational complexity. Second, a solution to reducing the maximum search complexity can be that add two different flags to the tags responses in order to distinguish delegation request from delegation update. Third, the number of exchanged flows during different cases of our revision is same. Finally, the proposed s cheme achieves scalability and untraceability property without leading to a security collision.

Zhao Wang,Xuesong Zhang,Zhong Chen

DOI: https://doi.org/10.1109/iccis.2012.215

2012-01-01

Abstract:Radio frequency identification (RFID) technology is a non-contact automatic identification technology. The basic principle of RFID is coupled with radio frequency signal and the spatial transmission characteristics. From object recognition to achieve automatic recognition, RFID has the advantages of being effective, diversity, high capacity, low cost, anti-pollution, penetrating and so on. However, current RFID authentication protocols cannot defend against DoS attack. This paper proposes Rapdos, a novel mutual authentication protocol, which is based on the use of symmetric encryption and dynamic update key to prevent the DoS attack. The experiment has validated that Rapdos has provided good security for RFID system, and can defeat location privacy attack, relay attack, eavesdropping attack, denial-of-service attack, and solve problems of RFID security privacy.

Tianjie Cao,Peng Shen

DOI: https://doi.org/10.6633/ijns.200907.9(1).12

2009-01-01

Abstract:Radio frequency identification (RFID) technologies have many advantages in applications such as object tracking and monitoring, ticketing, supply-chain management, contactless payment systems. However, the RFID system may bring about various security and privacy problems. In this paper we present our security analysis of the LAK protocol and the CWH protocol. First, we show that the LAK protocol cannot resist replay attacks, and there- fore an adversary can impersonate a legal tag. Next, we present a full-disclosure attack on the CWH protocol. By sending malicious queries to a tag and collecting the response messages emitted by the tag, the full-disclosure attack allows an adversary to extract the secret information from the tag.

Cui Zhao,Han Ding,Kaiyan Cui,Fan Liang

DOI: https://doi.org/10.1007/978-3-030-00018-9_2

2018-01-01

Abstract:As the Ultra High Frequency (UHF) passive Radio Frequency IDentification (RFID) technology becomes widespread, it faces various challenges of security attacks due to the inherent characteristics of the design of tag hardware and communication protocol. Recently, physical-layer identification methods are proved to be promising to validate the authenticity of passive tags. However, existing methods are usually highly location-dependent and susceptible to environment variations. This paper presents a new authentication solution, namely SecurArray, that involves analyzing the coupling among tags, profiling the communication signal, and conducting the feature matching. SecurArray deploys an array of tags in close proximity as the identity of an object and utilizes the near-field capability of UHF tags for authentication. We implement our prototype using commercial off-the-shelf UHF RFID reader and tags. Extensive experiment results demonstrate that SecurArray effectively achieves high accuracy of physical-layer authentication.

Xingmiao Wang,Kai Fan,Kan Yang,Xiaochun Cheng,Qingkuan Dong,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.comcom.2022.01.014

IF: 5.047

2022-03-01

Computer Communications

Abstract:The widespread application of Radio Frequency Identification (RFID) technology in smart living, especially in smart healthcare, has greatly facilitated patient management, reduced the labour cost of medical services, and provided patients with better medical services. However, improper use of RFID tags is highly likely to threaten the safety and privacy of hospitals and even patients, which may not only cause physical and mental harm to patients but also damage the reputation of hospitals. Medical monitoring system based on RFID technology plays a significant role in guaranteeing the security of medical records as well as the privacy of patients. Nevertheless, due to the resource constraint of RFID tags/readers, it is also challenging to design an efficient and effective authentication protocol for RFID medical monitoring system. Aiming to reduce the resource overhead and meet security requirements of the RFID system, in this paper, we propose an ultra-lightweight RFID security authentication protocol utilizing a cloud server named CRUSAP, which is based on Bit-Crossing XOR rearrangement operations that can effectively resist forgery attacks, replay attacks, desynchronization attacks, and denial of service attacks while certifying the cloud server. The formal logic of BAN proves the safety and feasibility of the protocol. Additionally, the security analysis and experimental results show that the proposed authentication protocol can realize higher security goals at a lower cost and is more suitable for scaling to large-scale authentication.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hung-Min Sun,Wei-Chih Ting,King-Hang Wang

DOI: https://doi.org/10.1109/tdsc.2009.26

2009-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Security issues become more and more significant in RFID development. Recently, Chien proposed an ultralightweight RFID authentication protocol in order to achieve privacy and authenticity with limited computation and transmission resources. However, we find two desynchronization attacks to break the protocol. In order to repair the protocol, two patches that slightly modify the protocol are presented in the paper.