CHEN Shao-Wei,CHEN Rui,LING Li

2010-01-01

Abstract:Although RFID technology has been increasingly popular and commonly used,there are still a host of defects in security and privacy.This paper proposes a new improved authentication protocol based on the existing protocols and Hash algorithm,and to some extent,it solves the security and privacy problems. This protocal can prevent replay attack,statistical analysis,spoofing attack,privacy track,and is suitable for the distributed system.

Rong Zhu,Xiaoxi He,Jiahong Xie,Zongjie Zhang,Ping Wang

DOI: https://doi.org/10.1109/bigdatase50710.2020.00017

2020-01-01

Abstract:RFID system plays an important role in railway transportation. The importance of RFID security has always been a concern. However, attack methods also develop with the development of protocol design. Many authentication protocols which declared to be secure actually have some defects. These defects may help the attacker to obtain important and confidential data, which can lead to more severe problems. In this paper, we discovered some weaknesses in Safkhani et al.’s RFID authentication scheme. Through theoretical analysis and experiment by an automated analysis tool ProVerif, we found their protocol is susceptible to forgery attack and desynchronization attack. After that, we proposed an improved scheme which achieved better security. Besides, we used ProVerif to formally prove the security of our protocol. ProVerif is more flexible and powerful compared with other formal verification tools. The experiment result shows our protocol is safer than Safkhani et al.’s scheme. In general, our protocol is more practical in the application of the RFID system.

JIN Yong-ming,XIN Wei,SUN Hui-ping,CHEN Zhong

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.14.002

2012-01-01

Abstract:Kulseng et al's lightweight Radio Frequency Identification(RFID) authentication protocol has secret loophole that it may cause key leakage if the protocol is attacked by side channel analysis,which leads authentication failure.This paper modifies four-step authentication to three-step authentication,introduces key recovery mechanism and improves usage of key,so that the protocol has higher efficiency,and it is convenient to expend in multi-tag environment.Theory analysis result shows that the new protocol can prevent various attacks,and it is more efficient compared with the original protocol.

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Li Heng,Gao Fei,Xue Yanming,Feng Shuo

DOI: https://doi.org/10.1007/978-3-642-14350-2_22

2014-01-01

Abstract: The introduction of authentication protocols for RFID system provides the security to it, authentication protocol based on hash function is one of the most commonly used authentication protocol, which the hash function they used is a unilateral function, with a relatively high security, and it is easy to implement in the tag of RFID, so it has a wider application in RFID system. As the hash function, the characteristics of its own will have hash table conflicts, and thus would have resulted in security vulnerabilities, aim at the hash table conflict, this paper proposes a specific solution, and simulate the improved authentication protocol.

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Pei-Yu Chen,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/704623

2014-01-01

The Scientific World JOURNAL

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance.

Yang Xu,Jinsha Yuan

DOI: https://doi.org/10.1007/s11107-018-0812-6

IF: 1.768

2018-01-01

Photonic Network Communications

Abstract:With comprehensive applications of radio-frequency identification (RFID) technology in Internet of things, more and more mobile reader devices are utilized. However, in mobile RFID system the readers are not considered trustworthy as usual; thus, an authentication protocol with the mutual authentication ability is demanded; that is, the tag can authenticate the reader when necessary. In this paper, the one-way Hash is used to realize the mutual authentication between RFID tags, readers and application servers. Meanwhile, to solve the tracking attacks of tags, the ID update ability is proposed. The IDs of the RFID tags used in this protocol are variable and traceable. Besides, the out-of-synchronous mechanism and anti-collision mechanism are also designed for the ID-updating stage. BAN logic is used to prove the security of the protocol, and the communication cost simulations of several protocols are carried out and comparisons are then made. Through the security and comparisons performance analysis of various protocols, the proposed protocol is proved to require for a smaller storage space and lower operation cost. What is more, it can resist multiple attacks, which can meet the requirements of the security and privacy of RFID system for the mobile environment.

Zhi-guo Ding,Li Guo,Yu-jie Wang

2009-01-01

Abstract:As RFID becomes more and more popular, it is imperative to design authentication protocols to resist all possible attacks and threats. In order to overcome counterfeits of readers, a new authentication protocol is proposed based on key array. The new protocol can deal with the synchronization of key update by adding flags of key update. It can resist several possible attacks, including reply, tracking, blocking, proofing and inner attacks. Compared with other authentication protocols, the new protocol can improve the security of RFID systems effectively and does not increase the complexity of protocol.

Yuanchao Shu,Yu Gu,Jiming Chen

DOI: https://doi.org/10.1109/MASS.2012.6502522

2012-01-01

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges can not be transferred among trusted users. In this work, we introduce a sensory-data-enhanced authentication for access control systems. By combining sensory-data obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss and stolen. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with simple sensor data and empirically demonstrate simple rotations can increase key space by more than 30, 000 times with an authentication accuracy of 95%. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.

He-Jun Lu,Dui Liu

DOI: https://doi.org/10.1371/journal.pone.0256367

IF: 3.7

2021-08-16

PLoS ONE

Abstract:Aimed at the security authentication problem between Near Field Communication (NFC) devices, this paper uses the technology of asymmetric encryption algorithm, symmetric encryption algorithm, hash function, timestamp and survival period to improve the confidentiality, performance and security of the protocol. The symmetric encryption algorithm encrypts the transmission content, while the asymmetric encryption algorithm encrypts the shared key. The whole authentication process is secure, and the key distribution is secure. The improved NFC device authentication protocol can effectively resist the brute force attack, man-in-the-middle attack and replay attack in the authentication process, it can reduce the number of message transmission in the authentication process, improve the transmission efficiency, enhance the confidentiality, integrity, non-repudiation and improve the security of NFC device authentication.

multidisciplinary sciences

Wang Guowei,Jia Zongpu,Peng Weiping

DOI: https://doi.org/10.2174/1874110x01509010483

2015-01-01

Abstract:To solve the problems about securities, absence of calculation pertinence, incapability of making the most of the reader's computation and storage capacity that emerged in Radio Frequency Identification (RFID) authentication protocols, the paper proposes a Hash function based server/serverless adaptive and mutual authentication protocol of RFID based on the analysis of RFID authentication protocol that using a backend server and without using a backend server.The protocol can automatically switches between the RFID authentication protocol with or without a backend server according to the application range of RFID tags.The BAN logic proof, security and efficiency performances analysis and comparison with other similar RIFD protocols presented by the paper show that the protocol can effectively meets the security requirements of RFID authentication protocols.

Hung-Min Sun,Chen-En Lu,Shuai-Min Chen

DOI: https://doi.org/10.1109/tencon.2007.4429060

2007-01-01

Abstract:RFIDs have been popularly used in daily life. To avoid being intruded on user privacy, proper protection is necessary. The privacy issues, such as object tracking and forgery of tags, are widely studied in the literature. Traditionally, the reader is regarded as a part of the system. In mobile RFID environment, however, anyone who holds the reader can connect to the server and acquire other information about the objects he owns. To verify whether a reader has the rights to access the tags has become essential. In this paper, we propose an RFID authentication protocol that can achieve the above goal and provide tag anonymity and forgery resistance. Hence, the user privacy is guaranteed.

Hung-Min Sun,Wei-Chih Ting,King-Hang Wang

DOI: https://doi.org/10.1109/tdsc.2009.26

2009-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Security issues become more and more significant in RFID development. Recently, Chien proposed an ultralightweight RFID authentication protocol in order to achieve privacy and authenticity with limited computation and transmission resources. However, we find two desynchronization attacks to break the protocol. In order to repair the protocol, two patches that slightly modify the protocol are presented in the paper.

He Xu,Xianzhen Yin,Feng Zhu,Peng Li

DOI: https://doi.org/10.1109/jsen.2021.3077575

IF: 4.3

2021-08-01

IEEE Sensors Journal

Abstract:Currently, Radio Frequency Identification (RFID) is one of the key technologies to realize the Internet of Things (IoT), which is widely used in our daily life. However, there are some security threats such as impersonation attack, replay attack in existed RFID systems. In addition, most physical-layer authentication methods for RFID systems are mainly to authenticate tags without authenticating the user. In this paper, we present the design and implementation of Au-Hota, a system that can authenticate the tag and the user simultaneously, and can resist replaying attack and impersonation attack that cannot be solved by most physical-layer methods. Our idea is to assign a unique identifier to the user based on the inductive coupling between two adjacent tags. When the user draws the identity identifier on the tag, different identity identifiers correspond to unique phase features so that simultaneous authentication of the tag and the user can be achieved under the premise of ensuring security. The system is fully compatible with Ultra High Frequency (UHF) RFID systems without any modification. We implement a prototype of the system and conduct extensive experiments to evaluate performance. Our results demonstrate that the system has good authentication performance.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Li Bin,Jiang Weiyin,Ling Li

DOI: https://doi.org/10.3969/j.issn.1007-757X.2011.07.006

2011-01-01

Abstract:In this paper, based on some classical RFID security protocol, a new protocol based on key value renewal is proposed. The new protocol canprevent RFID system from spoofing attack, replay attack, tracking as well as the problem of desynchomization and provide forward security. To thesystem performance, the protocol can reduce the hardware cost of tags, query time in backend database and the communication between each other.Consequently, the protocol effectively enhanced the security of RFID systems. Also this paper has established an idealized model for the protocol andgiven a theoretically prove to the protocol by using the BAN logic analysis.

Wei Xie,Chen Zhang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.48550/arXiv.1304.1318

2013-04-04

Cryptography and Security

Abstract:This paper address a new problem in RFID authentication research for the first time. That is, existing RFID authentication schemes generally assume that the backend server is absolutely secure, however, this assumption is rarely tenable in practical conditions. It disables existing RFID authentication protocols from being safely applied to a reallife scenario in which the backend server is actually vulnerable, compromised or even malicious itself. We propose an RFID authentication scheme against an unsecure backend server. It is based on hash chain, searching over encrypted data, and coprivacy, defending against the privacy revealing to the backend server. The proposed scheme is scalable, resistant to desynchronization attacks, and provides mutual authentication in only three frontend communication steps. Moreover, it is the first scheme meeting the special security and privacy requirement for a cloud-based RFID authentication scenario in which the backend server is untrustworthy to readers held by cloud clients.