Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

H. M. Sun,S. M. Chen,K. H. Wang

2011-01-01

Abstract:There are increasing concerns on the security of RFID usages. Recently, Lu et al. presented ACTION, a privacy preservative authentication protocol for RFID. It is claimed that it achieves high level of security even if a large number of tags is compromised. However, we found that this protocol is vulnerable to two severe attacks : Desynchronizing attacks and Tracking attacks. In this pape r, we present how these two attacks work even if the protocol parameters are moderated.

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Lijun Yan,Huaxiong Wang,Hung-Min Sun

2014-01-01

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In 2009, Chien and Laih proposed an RFID authentication protocol based on error correction codes (ECC) to secure RFID systems with untraceability, which is one of the most critical privacy issues on RFID. In this paper, we demonstrate that their scheme is insecure against two kinds of tracing attacks. We also analyze the success probability of our attacks.

Zhihui Zhu,Wei Liu,Xiangyu Li,Liji Wu,Xiangming Zhang

DOI: https://doi.org/10.1109/ICSICT.2012.6467633

2012-01-01

Abstract:An electromagnetic (EM) analysis and attacks system has been designed for cryptographic Radio Frequency Identification Devices (RFID). The system has the function of carrier removing in analog front-end with adaptive carrier obtain and EM shielding, finding the best acquisition position base on multiple feedback judgment, preprocessing and analysis with drift elimination and noise reduction. Analysis is performed on a practical 13.56M RFID, the Triple-DES (3DES) operation time is located with 1400 curves, and the key of 3DES is recovered with 14000 curves using preprocessing with drift elimination and noise reduction.

Song Li,Xue-tao Weng

DOI: https://doi.org/10.1109/eptc.2008.4763566

2008-01-01

Abstract:The number of applications that use radio-frequency identification (RFID) technology has grown continually in the last few years. In this presentation we will present the results of research on the electromagnetic environment on RFID systems. We analyze the effects of UHF MHz China RFID system near a GSM frequency bands. Kurokawa's method of calculating the power reflection coefficient from the Smith chart in the situation is applied to passive RFID tag design. The performance analysis of a specific RFID tag is presented to be compared with the theory. One of our objectives has been to examine tag designs that are less sensitive to their environment, in that their radiation patters and tag response characteristics change little when placed on different distance and orientation. We introduce a technique for deploying RFID systems and engineering solutions based on fundamental electromagnetic understanding. The paper will also explore tag designs that use electromagnetic models to simulate and engineer RFID systems.

Wei Xie,Chen Zhang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.48550/arXiv.1304.1318

2013-04-04

Cryptography and Security

Abstract:This paper address a new problem in RFID authentication research for the first time. That is, existing RFID authentication schemes generally assume that the backend server is absolutely secure, however, this assumption is rarely tenable in practical conditions. It disables existing RFID authentication protocols from being safely applied to a reallife scenario in which the backend server is actually vulnerable, compromised or even malicious itself. We propose an RFID authentication scheme against an unsecure backend server. It is based on hash chain, searching over encrypted data, and coprivacy, defending against the privacy revealing to the backend server. The proposed scheme is scalable, resistant to desynchronization attacks, and provides mutual authentication in only three frontend communication steps. Moreover, it is the first scheme meeting the special security and privacy requirement for a cloud-based RFID authentication scenario in which the backend server is untrustworthy to readers held by cloud clients.

JIN Yong-ming,XIN Wei,SUN Hui-ping,CHEN Zhong

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.14.002

2012-01-01

Abstract:Kulseng et al's lightweight Radio Frequency Identification(RFID) authentication protocol has secret loophole that it may cause key leakage if the protocol is attacked by side channel analysis,which leads authentication failure.This paper modifies four-step authentication to three-step authentication,introduces key recovery mechanism and improves usage of key,so that the protocol has higher efficiency,and it is convenient to expend in multi-tag environment.Theory analysis result shows that the new protocol can prevent various attacks,and it is more efficient compared with the original protocol.

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Abhay Kumar Agrahari,Shirshu Varma

DOI: https://doi.org/10.1007/s12083-020-01069-z

2021-03-05

Abstract:Radio Frequency Identification (RFID) is an emerging technology that is used for the unique identification of objects. RFID can be used in different application domains, including Health-care systems, where the safety of patient-sensitive data is a primary concern. Since the RFID technology is used in various medicine sectors, particularly real-time patient monitoring, patient medicine Information, medical emergency, and drug administration system, the use of RFID raises severe security and privacy concerns. In order to cope with these security issues, we propose an Elliptic curve based authentication protocol for RFID. The proposed model uses an implicit certificate concept to secure health-care data. We prove this claim for secure communication using the formal security analysis, i.e., BAN logic, security analysis based on the mathematical model, i.e., ROR model, formal verification using AVISPA tool, and informal security analysis. We review some of the RFID authentication schemes based on ECC in terms of performance and security. Our analysis indicates that the proposed protocol provides mobility, scalability, security, and privacy in the health care environment.

computer science, information systems,telecommunications

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Pei-Yu Chen,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/704623

2014-01-01

The Scientific World JOURNAL

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance.

Haradhan Ghosh,Pramod Kumar Maurya,Satya Bagchi

DOI: https://doi.org/10.1504/ijahuc.2024.141960

2024-10-04

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Radio frequency identification technology has been rapidly embraced throughout different wireless communication domains as one of the primary identification solutions for the internet of things. Most present RFID authentication techniques are susceptible to a wide range of malicious attacks. A typical security feature in RFID authentication protocols is key updating, which leads to desynchronisation attacks. We propose a shared key update approach to overcome this issue by the hash function, properties of eigenvectors of a matrix, and addition and concatenation operations. Formal and informal security analyses of the proposed protocol reveal that it is durable to numerous assaults. To simulate the protocol, we apply the Scyther tool, and the findings suggest that the proposed protocol may endure severe assaults. The performance analysis also shows that it has less computation costs on the tag side, making it suitable for use in real-time control systems.

computer science, information systems,telecommunications

Zhi-guo Ding,Li Guo,Yu-jie Wang

2009-01-01

Abstract:As RFID becomes more and more popular, it is imperative to design authentication protocols to resist all possible attacks and threats. In order to overcome counterfeits of readers, a new authentication protocol is proposed based on key array. The new protocol can deal with the synchronization of key update by adding flags of key update. It can resist several possible attacks, including reply, tracking, blocking, proofing and inner attacks. Compared with other authentication protocols, the new protocol can improve the security of RFID systems effectively and does not increase the complexity of protocol.

Kai Bu,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1109/PADSW.2014.7097801

2014-01-01

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring systems. Along with this trend, tagged objects' value and privacy become a primary concern. A corresponding important problem is to verify the intactness of a set of tagged objects without leaking tag identifiers (IDs). However, existing solutions necessitate the knowledge of tag IDs. Without tag IDs as a priori, this paper studies intactness verification in anonymous RFID systems. We identify three critical solution requirements, that is, deterministic verification, anonymity preservation, and scalability. We propose Cardiff and Divar, two crypto-free, lightweight protocols that isolate tag IDs from intactness verification and satisfy solution requirements. Cardiff explores tag cardinality as intactness proof while Divar leverages Direct-Sequence Spread Spectrum (DSSS) enabled RFID. Both analytical and simulation results demonstrate that Cardiff and Divar can satisfy the requirements of accuracy, privacy, and scalability.

Qingsong Yao,Yong Qi,Jinsong Han,Jizhong Zhao,Xiangyang Li,Yunhao Liu

DOI: https://doi.org/10.1109/percom.2009.4912773

2009-01-01

Abstract:Privacy protection is increasingly important during authentications in Radio Frequency Identification (RFID) systems. In order to achieve high-speed authentication in large-scale RFID systems, researchers propose tree-based approaches, in which any pair of tags share a number of key components. Such designs, being efficient, often fail to achieve forward secrecy and resistance to attacks, such as compromising and desynchronization. Indeed, these attacks may still take effect even after a tag successfully finishes the authentication and key-updating procedure. To address the issue, we propose a lightweight RFID private authentication protocol, RWP, based on the random walk concept. RWP also provides the forward security and temporal resistance to the tracking attack. The analysis results show that RWP effectively enhances the security protection for RFID private authentication, and increases the authentication efficiency from O(logN) to O(1).

Hung-Min Sun,Wei-Chih Ting,King-Hang Wang

DOI: https://doi.org/10.1109/tdsc.2009.26

2009-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Security issues become more and more significant in RFID development. Recently, Chien proposed an ultralightweight RFID authentication protocol in order to achieve privacy and authenticity with limited computation and transmission resources. However, we find two desynchronization attacks to break the protocol. In order to repair the protocol, two patches that slightly modify the protocol are presented in the paper.

Rong Zhu,Xiaoxi He,Jiahong Xie,Zongjie Zhang,Ping Wang

DOI: https://doi.org/10.1109/bigdatase50710.2020.00017

2020-01-01

Abstract:RFID system plays an important role in railway transportation. The importance of RFID security has always been a concern. However, attack methods also develop with the development of protocol design. Many authentication protocols which declared to be secure actually have some defects. These defects may help the attacker to obtain important and confidential data, which can lead to more severe problems. In this paper, we discovered some weaknesses in Safkhani et al.’s RFID authentication scheme. Through theoretical analysis and experiment by an automated analysis tool ProVerif, we found their protocol is susceptible to forgery attack and desynchronization attack. After that, we proposed an improved scheme which achieved better security. Besides, we used ProVerif to formally prove the security of our protocol. ProVerif is more flexible and powerful compared with other formal verification tools. The experiment result shows our protocol is safer than Safkhani et al.’s scheme. In general, our protocol is more practical in the application of the RFID system.

Hung‐Min Sun,Shuai-Min Chen,Chen-En Lu,Cheng‐Ta Yang

2009-01-01

Abstract:There are varies of RFID authentication schemes have been proposed. Most of them address on privacy issues over the tag and the user, however, they are still vulnerable to different attacks and with some weaknesses. In addition, the readers and the back-end server are considered as a single entity for these typical RFID schemes, hence, the communication channel is assumed to be secure. Recently, a concept of mobile reader has been proposed in which the reader is possessed by the user and is equipped inside a mobile device. The mobile RFID reader possessor can extract the information about the tagged objects by communicating with the back-end server through an insecure channel; consequently, a secure RFID authentication is needed. In this paper, two RFID authentication schemes are proposed for the reader-portable RFID environment. These schemes not only provide a novel usage of RFID system, but resolve privacy threats while a mobile reader is not authorized to acquire every tag’s information.

Yang Xu,Jinsha Yuan

DOI: https://doi.org/10.1007/s11107-018-0812-6

IF: 1.768

2018-01-01

Photonic Network Communications

Abstract:With comprehensive applications of radio-frequency identification (RFID) technology in Internet of things, more and more mobile reader devices are utilized. However, in mobile RFID system the readers are not considered trustworthy as usual; thus, an authentication protocol with the mutual authentication ability is demanded; that is, the tag can authenticate the reader when necessary. In this paper, the one-way Hash is used to realize the mutual authentication between RFID tags, readers and application servers. Meanwhile, to solve the tracking attacks of tags, the ID update ability is proposed. The IDs of the RFID tags used in this protocol are variable and traceable. Besides, the out-of-synchronous mechanism and anti-collision mechanism are also designed for the ID-updating stage. BAN logic is used to prove the security of the protocol, and the communication cost simulations of several protocols are carried out and comparisons are then made. Through the security and comparisons performance analysis of various protocols, the proposed protocol is proved to require for a smaller storage space and lower operation cost. What is more, it can resist multiple attacks, which can meet the requirements of the security and privacy of RFID system for the mobile environment.