Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Ben Niu,Hui Li,Xiaoyan Zhu,Chao Lv

DOI: https://doi.org/10.1109/cis.2011.152

2011-01-01

Abstract:Radio frequency identification technology has been increasingly used in many applications. However, there are many threats and security risks in the RFID systems since an insecure wireless channel exists between the reader and the tags. The security of RFID protocols must be designed and proved with careful cryptanalysis. In this paper, we analyze some RFID authentication protocols proposed recently. Firstly, Shen et al. propose an authentication protocol with strong privacy and security, but we prove that the attacker is able to impersonate a reader to desynchronize a tag by eavesdropping on and modifying the messages transmitted. Secondly, WeiHWang et al. claim that their hash function based protocol can resist from several attacks including denial of service attack, but we perform this attack by inducing a desynchronization of secret between server and tags. At last, Sandhya and Rangaswarmy propose an authentication protocol with many security features, while we present desynchronization attack and reader impersonation attack on this protocol.

Tianjie Cao,Peng Shen

DOI: https://doi.org/10.6633/ijns.200907.9(1).12

2009-01-01

Abstract:Radio frequency identification (RFID) technologies have many advantages in applications such as object tracking and monitoring, ticketing, supply-chain management, contactless payment systems. However, the RFID system may bring about various security and privacy problems. In this paper we present our security analysis of the LAK protocol and the CWH protocol. First, we show that the LAK protocol cannot resist replay attacks, and there- fore an adversary can impersonate a legal tag. Next, we present a full-disclosure attack on the CWH protocol. By sending malicious queries to a tag and collecting the response messages emitted by the tag, the full-disclosure attack allows an adversary to extract the secret information from the tag.

Li-ping LONG,Wei-jian CHEN,Yong-jun YANG,Guang-jun WEN

DOI: https://doi.org/10.3969/j.issn.1000-7024.2013.11.002

2013-01-01

Abstract:Aiming at the new security problems of radio frequency identification system (RFID) which is combined with network,a new so-called two-factor authentication protocol is presented.It is designed to help the back-end server ensuring the legitimacy of the reader in RFID system.This authentication protocol is based on the hardware device information and cryptographic technique.The hardware device information is gained from the only serial number of the OEM RF module configuration data of the reader.The only serial number can be read and written by calling the API function in the real-time access.The cryptographic technique uses a lightweight encryption algorithm which is called Advanced Encryption Standard (AES) .This Twofactor authentication protocol is applicable to product security,warehouse management,logistics tracking and other emerging areas,which has certain practical significance and practical value.

Ching-Hsien Hsu,Shangguang Wang,Daqiang Zhang,Hai-Cheng Chu,Ning Lu

DOI: https://doi.org/10.1002/sec.1488

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Radio Frequency Identification (RFID) technology provides a seamless link between physical world and the information system in cyber space. However, the emerging Internet of Things and cloud systems are full of security holes, which introduce new challenging security problems in both tag identification and data privacy. In this paper, we present efficient methods for identity authentication and data encryption to enhance RFID privacy. The proposed techniques aim to ensure no adversary interacting with the tags and the reader, to infer any information on a tag's identity from the communication. The main idea, a symmetric cryptography technique, termed as Advanced Encryption Standard, was applied to implement both mutual authentication and data encryption between the front and back ends of RFID systems. The Advanced Encryption Standard cryptographic algorithm was adopted because of its low hardware complexity and high security strength. In addition, the proposed key management protocol is proved resistant to several known RFID attacks such as Man-in-the-Middle, Denial-of-Service, replay, clone attack, and backward/forward traceability. The computational time complexity of the proposed scheme through the entire identity authentication and data encryption phases is 3T(encrypt)+1T(nonce)+4T(xor), which is superior to most existing approaches. The proposed scheme was also proved to be able to provide higher data encryption performance than other symmetric cryptographic algorithms with regard to the same level of security strength. Copyright (c) 2016 John Wiley & Sons, Ltd.

Kai Bu,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1109/PADSW.2014.7097801

2014-01-01

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring systems. Along with this trend, tagged objects' value and privacy become a primary concern. A corresponding important problem is to verify the intactness of a set of tagged objects without leaking tag identifiers (IDs). However, existing solutions necessitate the knowledge of tag IDs. Without tag IDs as a priori, this paper studies intactness verification in anonymous RFID systems. We identify three critical solution requirements, that is, deterministic verification, anonymity preservation, and scalability. We propose Cardiff and Divar, two crypto-free, lightweight protocols that isolate tag IDs from intactness verification and satisfy solution requirements. Cardiff explores tag cardinality as intactness proof while Divar leverages Direct-Sequence Spread Spectrum (DSSS) enabled RFID. Both analytical and simulation results demonstrate that Cardiff and Divar can satisfy the requirements of accuracy, privacy, and scalability.

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Shiqi Wang,Linsen Li,Gaosheng Chen,Tao Chen,Zeming Wang

DOI: https://doi.org/10.1109/IACS.2017.7921977

2017-01-01

Abstract:As the RFID based Internet of Things (loT) gets worldwide attention, to prepare for the rapidly increasing applications in daily life, various security protocols are proposed. But, these protocols, most of which are limited by the tag processing capacity and dangerous exposure during transmission, could only be applied in certain fields. Previously, Chen and Deng's mutual authentication and privacy protection protocol which conforming EPC Class 1 Generation 2 Standards stands out for low cost as well as little requirements of the tag processing capacity. However, currently reported by others, this system faces up with severe dangers of tracking or cloning tags via impersonating attacks. After scrutiny, we found out that these vulnerabilities lie in the insufficient protections of random numbers, and we reconstruct the request and response based on the original protocol by making message unrepeatable, key elements secret and adding small storage for comparisons. The security of our protocol, proved by Ban logic analysis, is ensured by double protections — secret key pairs and dynamic random numbers. Our comparisons show that our protocol not only is safe under traditional attacks guaranteed by the original protocol but also overcomes impersonating attacks which represents the inherent weakness of information exposure in public.

ZHANG Wenli,ZHAO Feng

2013-01-01

Abstract:In order to content with the security requirements of RFID system,the study uses mathematic and cryptography methods to solve these problems.Considering the security,privacy and effectiveness of RFID protocol,the paper researches the authentication protocol of the RFID system and proposes a mutual authentication protocol of RFID.Its safety and performance analysis show that the proposed protocol is relatively good in these aspects.It can prevent many security including contents privacy,location tracing,replay attack,spoofing attack,and also has forward security ability.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Yun-feng Wang,Bin Zhang,Yang Liu,Xiao-fei Fei

DOI: https://doi.org/10.3724/SP.J.1146.2013.01337

2014-01-01

Abstract:For addressing the two focus issues under research , security authentication protocol and the multi-tag anti-collision algorithm in the field of Radio Frequency IDentification (RFID), a Code Division Multiple Access (CDMA)-based anti-collision algorithm of the RFID authentication protocol is presented in this paper. The authentication protocol supports dynamic updates of the key and resists database synchronization attacks by using flag mechanism to select spare key. Meanwhile, by combining with CDMA and by retransmitting random number to select spreading code, the authentication protocol solves recognition of tags due to data collisions during the multi-tag identification by one-time retransmission. Firstly, the process of the authentication protocol and an anti-collision theory is described. Secondly, the SVO logic is used to prove correctness of the protocol in theory. Finally, numerical analysis of the system throughput applying the protocol shows that its throughput efficiency is higher than the traditional one.

Mohammad Hassan Habibi,Mahmoud Gardeshi,Mahdi R. Alaghband

DOI: https://doi.org/10.5121/ijdps.2011.2109

2011-02-04

Abstract:Radio Frequency Identification (RFID) is appearing as a favorite technology for automated identification, which can be widely applied to many applications such as e-passport, supply chain management and ticketing. However, researchers have found many security and privacy problems along RFID technology. In recent years, many researchers are interested in RFID authentication protocols and their security flaws. In this paper, we analyze two of the newest RFID authentication protocols which proposed by Fu et al. and Li et al. from several security viewpoints. We present different attacks such as desynchronization attack and privacy analysis over these protocols.

Cryptography and Security

Fang Mingwei,Wu Junjun,Zhang Xinfang,Chen Hong

DOI: https://doi.org/10.4028/www.scientific.net/kem.474-476.1764

2011-01-01

Key Engineering Materials

Abstract:RFID technology plays an important role in our daily life nowadays. It widely used in the automatic identification system by embedding the tag into product. However, some security risks presented due to radio frequency signal channel between the tag and the reader which may lead privacy disclosure for the user. Various solutions are proposed to resole to security issues in RFID system, but there still presented some limitations. A security elliptic curve cryptography based authentication protocol is presented in this paper to preserve the privacy of the RFID system. The proposed protocol provides mutual authentication and a security communication channel between the tag and the reader. By the security analysis, our protocol can resist common passive and active attack; moreover, it also can provide forward security.

LI Heng,GAO Fei,XUE Yan-ming,FENG Shuo

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.32.051

2010-01-01

Abstract:The wireless transmission characteristics of RFID system is vulnerable to be attacked and theft within communication,to people adopt the physical methods and authentication encryption methods to enhance system security,authentication encryption methods is more useful due to its simple design.In this paper,we analysis of security vulnerabilities exist in the commonly used authentication protocol based on Hash function,on this basis bring forward a modified protocol.Through compare them in security,data storage condition and complexity of the algorithm,it can prove that the improved protocol has a very good improvement for RFID system’s overall performance,particularly in security.

Jun Wen,Wenhong Tian,Weidong Wang

DOI: https://doi.org/10.1109/ICCCAS.2010.5582037

2010-01-01

Abstract:Radio Frequency Identification (RFID) technologies have been standardized and widely commercially used, but its security problem is a major challenge. This paper presents an efficient authentication approach to prevent tag from eavesdropping by attackers, tracing by illegal reader. It firstly gives a comprehensive discussion of privacy problems, then presents a mutual authentication and encrypts communication mechanism. And a security analysis on withstanding attackers for the RFID approach is given. © 2010 IEEE.

Chao Lv,Hui Li,Jianfeng Ma,Yaoyu Zhang

DOI: https://doi.org/10.1002/ett.2514

IF: 3.6

2012-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:Radio Frequency Identification (RFID), we show that three recently proposed RFID authentication protocols which rely exclusively on the used of Elliptic Curve Cryptography are not secure against the tracking attack. To make this attack successfully, the adversary needs to execute three phases. Firstly, the attacker just eavesdrops on the messages exchanged between Server and Tag. Secondly, the attacker impersonates Server to reply with the same random number that is obtained from previous phase. Finally, the adversary acts as a man in the middle to tamper the exchanged messages. Then, we propose enhancements and prove that the revisions are secure against the tracking attack that keep other security properties. Copyright (C) 2012 John Wiley & Sons, Ltd.

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Pei-Yu Chen,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/704623

2014-01-01

The Scientific World JOURNAL

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance.

Bing Zhang,Zhi Guang Qin,Guo Gen Wan,Xin

DOI: https://doi.org/10.4028/www.scientific.net/amm.543-547.2255

2014-01-01

Applied Mechanics and Materials

Abstract:This document analyzes the security drawback of the Hash-based algorithm authentication protocols which is frequently used in low-cost RFID systems, and proposes a lightweight mutual authentication protocol. In the proposed protocol, all authenticated information is encrypted , the location privacy is also provided by refreshing an identifier of a tag in each session and lost massages can be recovered from many attacks such as spoofing attacks. The comparison result of the simulation experiment and the formal correctness proof of the proposed authentication protocol is based on BAN logic. It shows that the proposed protocol in this article greatly enhance the capability of verifiability, confidentiality and integrality, it also corrects the existing Hash-based protocol secure deficiency so that it is more suitable for low-cost RFID systems than those existing ones.

Ben Niu,Xiaoyan Zhu,Haotian Chi,Hui Li

DOI: https://doi.org/10.1007/s11277-014-1605-6

IF: 2.017

2014-01-01

Wireless Personal Communications

Abstract:Security and privacy issues in RFID technology gain tremendous popularity recently. However, existing work on RFID authentication problems always make assumptions such as (1) hash function can be fully employed in designing RFID protocols; (2) channels between readers and server are always secure. The first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be directly adopted in mobile RFID applications where wireless channels between readers and server are always insecure. To solve these problems, in this paper, we propose a novel ultralightweight and privacy-preserving authentication protocol for mobile RFID systems. We only use bitwise XOR, and several special constructed pseudo-random number generators to achieve our aims in the insecure mobile RFID environment. We use GNY logic to prove the security correctness of our proposed protocol. The security and privacy analysis show that our protocol can provide several privacy properties and avoid suffering from a number of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare several parameters with existing work, the evaluation results indicate us that our protocol significantly improves the system performance.

Khwaja Mansoor,Anwar Ghani,Shehzad Ashraf Chaudhry,Shahaboddin Shamshirband,Shahbaz Ahmed Khan Ghayyur,Amir Mosavi,Shehzad Chaudhry,Shahbaz Ghayyur

DOI: https://doi.org/10.3390/s19214752

IF: 3.9

2019-11-01

Sensors

Abstract:Despite the many conveniences of Radio Frequency Identification (RFID) systems, the underlying open architecture for communication between the RFID devices may lead to various security threats. Recently, many solutions were proposed to secure RFID systems and many such systems are based on only lightweight primitives, including symmetric encryption, hash functions, and exclusive OR operation. Many solutions based on only lightweight primitives were proved insecure, whereas, due to resource-constrained nature of RFID devices, the public key-based cryptographic solutions are unenviable for RFID systems. Very recently, Gope and Hwang proposed an authentication protocol for RFID systems based on only lightweight primitives and claimed their protocol can withstand all known attacks. However, as per the analysis in this article, their protocol is infeasible and is vulnerable to collision, denial-of-service (DoS), and stolen verifier attacks. This article then presents an improved realistic and lightweight authentication protocol to ensure protection against known attacks. The security of the proposed protocol is formally analyzed using Burrows Abadi-Needham (BAN) logic and under the attack model of automated security verification tool ProVerif. Moreover, the security features are also well analyzed, although informally. The proposed protocol outperforms the competing protocols in terms of security.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation