Wei Xin,Tao Yang,Cong Tang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/IMCCC.2011.115

2011-01-01

Abstract:This Radio Frequency Identification (RFID) systems suffer from different security and privacy problems, among which relay attack is a hot topic recently. A relay attack is a type of attack related to man-in-the-middle and replay attacks, in which an attacker relays verbatim a message from the sender to a valid receiver of the message. The sender may not be aware of even sending the message to the attacker. The main countermeasure against relay attack is the use of distance bounding protocols measuring the round-trip time between the reader and the tag. In this paper, we consider a modification of these protocols using `error state' which stands for the number of response bit errors that have already occurred. We set a maximal error number to prevent adversary from malicious queries, we also apply a punishment mechanism for error responding, which to my best knowledge is proposed at the first time in distance bounding protocols, if the tag sends one error bit, it should respond one more challenge bit to successfully finish the protocol. By using error state and punishment mechanism, the success probability for an adversary to access to the system decreases. Finally, we use the Hancke and Kuhn's protocol as a comparison, to show the improvements achieved when different cases are analyzed.

Li Lu,Muhammad Jawad Hussain,Zhigang Han

DOI: https://doi.org/10.1109/twc.2016.2532858

IF: 10.4

2016-01-01

IEEE Transactions on Wireless Communications

Abstract:We present a physical layer solution to RF distance bounding, which reduces the prover's processing delay virtually to zero by employing the concepts of frequency modulated continuous wave (FMCW) and secondary radars, and equipping it with the capability of cryptographic communication over unintelligent radar signals. To realize, we encode the verifier's challenges in waveform slope of signals while the prover communicates its cryptographic replies in shape of backscatter modulation. For resilience to multipath, the prover introduces analog frequency modulation using the principle of secondary radar. Our protocol is based on pre-commitment distance bounding scheme. Our paper primarily focuses on design intricacies of a realizable system while we briefly present the simulation results. We critically analyze the security of our protocol against attacksmost concerned in distance bounding and thoroughly investigate its robustness under noise and multipath environments. A shortcoming of our design is low range resolution at lower spectral bandwidths, which can be foretoken as system tolerance. We foresee our endeavor to present a viable zero-delay RF distance bounding scheme while minimizing the hardware, energy, and computational overhead for passive and semipassive tokens.

Pedro Peris-Lopez,Julio C. Hernandez-Castro,Christos Dimitrakakis,Aikaterini Mitrokotsa,Juan M. E. Tapiador

DOI: https://doi.org/10.48550/arXiv.0906.4618

2009-06-25

Cryptography and Security

Abstract:The vast majority of RFID authentication protocols assume the proximity between readers and tags due to the limited range of the radio channel. However, in real scenarios an intruder can be located between the prover (tag) and the verifier (reader) and trick this last one into thinking that the prover is in close proximity. This attack is generally known as a relay attack in which scope distance fraud, mafia fraud and terrorist attacks are included. Distance bounding protocols represent a promising countermeasure to hinder relay attacks. Several protocols have been proposed during the last years but vulnerabilities of major or minor relevance have been identified in most of them. In 2008, Kim et al. [1] proposed a new distance bounding protocol with the objective of being the best in terms of security, privacy, tag computational overhead and fault tolerance. In this paper, we analyze this protocol and we present a passive full disclosure attack, which allows an adversary to discover the long-term secret key of the tag. The presented attack is very relevant, since no security objectives are met in Kim et al.'s protocol. Then, design guidelines are introduced with the aim of facilitating protocol designers the stimulating task of designing secure and efficient schemes against relay attacks. Finally a new protocol, named Hitomi and inspired by [1], is designed conforming the guidelines proposed previously.

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Longfei Shangguan,Lei Yang,Jinsong Han,Zimu Zhou,Wei Gong,Yiyang Zhao

2014-01-01

Abstract:Counting or estimating the number of tags is crucial for RFID system. Researchers have proposed several fast cardinality estimation schemes to estimate the quantity of a batch of tags within a short time frame. However, existing estimation schemes scarcely consider the privacy issue. Without effective protection, the adversary can utilize the responding signals to estimate the number of tags as accurately as the valid reader. To, address this issue, we propose a novel privacy-preserving estimation scheme, termed as MEAS, which provides an active RF countermeasure against the estimation from invalid readers. MEAS comprises of two components, an Estimation Interference Device (EID) and two well-designed Interference Blanking Estimators (IBE). EID is deployed with the tags to actively generate interfering signals, which introduce sufficiently large estimation errors to invalid or malicious readers. Using a secret interference factor shared with EID, a valid reader can perform accurate estimation via two IBEs. Our theoretical analysis and simulation results show the effectiveness of MEAS. Meanwhile, MEAS can also maintain a high estimation accuracy using IBEs.

Kai Bu,Bin Xiao,Qingjun Xiao,Shigang Chen

DOI: https://doi.org/10.1109/tpds.2012.48

IF: 5.3

2012-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Radio-Frequency Identification (RFID) technology brings many innovative applications. Of great importance to RFID applications in production economics is misplaced-tag pinpointing (MTP), because misplacement errors fail optimal inventory placement and thus significantly decrease profit. The existing MTP solution [1], originally proposed from a data-processing perspective, collects and processes a large amount of data. It suffers from time inefficiency (and energy-inefficiency as well if active tags are in use). The problem of finding efficient solutions for the MTP problem from the communication protocol design perspective has never been investigated before. In this paper, we propose a series of protocols toward efficient MTP solutions in large RFID systems. The proposed protocols detect misplaced tags using reader positions instead of tag positions to guarantee the efficiency and scalability as system scale grows, because RFID readers are much fewer than tags. Considering applications that employ active tags, we further propose a solution requiring responses from only a subset of tags in favor of energy saving. We also design a distributed protocol that enables each reader to independently detect misplaced tags. We then investigate how to apply the proposed protocols in scenarios with tag mobility. To evaluate the proposed protocols, we analyze their optimal performances to demonstrate their efficiency potential and also conduct extensive simulation experiments. The results show that the proposed protocols can significantly increase the time efficiency and the energy efficiency by over 70 percent on average when compared with the best existing work.

Lei Yang,Jinsong Han,Yong Qi,Cheng Wang,Zhuo Li,Qingsong Yao,Ying Chen,Xiao Zhong

DOI: https://doi.org/10.1109/ICPADS.2010.106

2010-01-01

Abstract:Counting or estimating the number of tags is crucial for RFID system. Researchers have proposed several fast cardinality estimation schemes to estimate the quantity of a batch of tags within a short time frame. Existing estimation schemes scarcely consider the privacy issue. Without effective protection, the adversary can utilize the responding signals to estimate the number of tags as accurate as the valid reader. To address this issue, we propose a novel privacy-preserving estimation scheme, termed as MEAS, which provides an active RF countermeasure against the estimation from invalid readers. MEAS comprises of two components, an Estimation Interference Device (EID) and two well-designed Interference Blanking Estimators (IBE). EID is deployed with the tags to actively generate interfering signals, which introduce sufficiently large estimation errors to invalid or malicious readers. Using a secret interference factor shared with EID, a valid reader can perform accurate estimation via two IBEs. Our theoretical analysis and simulation results show the effectiveness of MEAS. Meanwhile, MEAS can also maintain a high estimation accuracy using IBEs.

Fan Yang,Fengli Zhang,Jiahao Wang,Zhiguang Qin,Xiaolu Yuan

DOI: https://doi.org/10.1002/cpe.3500

2015-01-01

Abstract:Both distance fraud attacks and relay attacks threaten radio-frequency identification (RFID) applications but are hard to prevent. Existing approaches can neither avoid tags to response the rouge reader's challenges nor have the simultaneous feature to defend the two kinds of attacks. In a first step, this paper presents an improved distance-bounding protocol that a tag deduces the distance to a reader and reports if the reader is honest or malicious through the output of trust values that can defend distance fraud. When multiple readers are synchronized and scheduled, we just logically threat them as one. So our solutions fix a flaw in prior work that may be leveraged by attackers to increase the successful rate of discovering relay attack. Secondly, we deploy trusted third party architecture to provide anonymity for tags in anonymous RFID systems without requiring tag identifiers. Existing distance-based attack detection methods are not applicable in anonymous RFID systems because of the requirement of awareness of tag identifiers. This insight inspires Distance-Bounding Trust Protocol (DBTP), which is for both distance fraud and relay attacks detection in anonymous RFID systems. DBTP can make correct decisions through trust values in accepting or rejecting a reader's challenge by establishing collaborations and trust relationship between one reader (verifier) and active tags (provers). We evaluate the performance of DBTP through theoretical analysis and extensive simulations. The results show that DBTP can detect both distance fraud and relay attacks, and it is effective to guarantee security for anonymous RFID systems. Copyright (c) 2015 John Wiley & Sons, Ltd.

Shiqi Wang,Linsen Li,Gaosheng Chen,Tao Chen,Zeming Wang

DOI: https://doi.org/10.1109/IACS.2017.7921977

2017-01-01

Abstract:As the RFID based Internet of Things (loT) gets worldwide attention, to prepare for the rapidly increasing applications in daily life, various security protocols are proposed. But, these protocols, most of which are limited by the tag processing capacity and dangerous exposure during transmission, could only be applied in certain fields. Previously, Chen and Deng's mutual authentication and privacy protection protocol which conforming EPC Class 1 Generation 2 Standards stands out for low cost as well as little requirements of the tag processing capacity. However, currently reported by others, this system faces up with severe dangers of tracking or cloning tags via impersonating attacks. After scrutiny, we found out that these vulnerabilities lie in the insufficient protections of random numbers, and we reconstruct the request and response based on the original protocol by making message unrepeatable, key elements secret and adding small storage for comparisons. The security of our protocol, proved by Ban logic analysis, is ensured by double protections — secret key pairs and dynamic random numbers. Our comparisons show that our protocol not only is safe under traditional attacks guaranteed by the original protocol but also overcomes impersonating attacks which represents the inherent weakness of information exposure in public.

Xiaofei He,Xinyu Yang,Rui Li,Qingyu Yang

DOI: https://doi.org/10.1007/978-3-642-39701-1_8

2013-01-01

Abstract:Smart measurement devices play an important role in smart grid and might always be connected through open network interfaces. In this scenario, the adversary could launch code injection attacks to compromise these measurement devices and gain benefits by these compromised devices. To deal with this issue, a number of attestation schemes have been designed to defense the malicious attacks in the past. However, because the detection methods of these schemes are based on extra CPU clock cycles, they could be ineffective when the network delivery delay is significant. To address this problem, in this paper we propose a novel Delay-resilient Remote Memory Attestation scheme (DRMA), which can eliminate the impact of network delivery delay in the multi-hop networks and achieve great accuracy on compromised measurement devices detection. Specially, without sending beacon packets periodically, the proposed scheme can not only get the real-time end-to-end delay via evaluating the time difference reported by the relay nodes in the challenge-response attestation process, but also reduce the network load and achieve great accuracy of network delay. Via extensive theoretical analysis and experiments, our scheme shows better performance and less computing overhead in comparison with existing schemes.

Qunying Sun,Hongjian Zhang,Lingfei Mo

DOI: https://doi.org/10.1109/imtc.2010.5488278

2010-01-01

Abstract:Active RFID is a popular technology in online measurement, remote monitoring, wireless tracking, fleet management etc. The communication algorithms widely used are based on a random access algorithm ALOHA, with which the data packets are transmitted in a random delay when collisions happen. However, collisions in ALOHA based algorithms are severe in dense active systems. In this paper, we propose a Master-Salve Dual Readers (MSDR) anti-collision mechanism. Multiple experiments were performed to identify multiple active tags within a reader's interrogation range. Compared with the parallel dual readers (PPDR) mechanism and the single reader mechanism, the proposed MSDR reduces the rate of packets loss significantly.

Xuan Liu,Bin Xiao,Shigeng Zhang,Kai Bu,Alvin Chan

DOI: https://doi.org/10.1109/tc.2015.2394461

IF: 3.183

2015-01-01

IEEE Transactions on Computers

Abstract:The radio frequency identification (RFID) technology is greatly revolutionizing applications such as warehouse management and inventory control in retail industry. In large RFID systems, an important and practical issue is tag searching: Given a particular set of tags called wanted tags, tag searching aims to determine which of them are currently present in the system and which are not. As an RFID system usually contains a large number of tags, the intuitive solution that collects IDs of all the tags in the system and compares them with the wanted tag IDs to obtain the result is highly time inefficient. In this paper, we design a novel technique called testing slot, with which a reader can quickly figure out which wanted tags are absent from its interrogation region without tag ID transmissions. The testing slot technique thus greatly reduces transmission overhead during the searching process. Based on this technique, we propose two protocols to perform time-efficient tag searching in practical large RFID systems containing multiple readers. In our protocols, each reader first employs the testing slot technique to obtain its local searching result by iteratively eliminating wanted tags that are absent from its interrogation region. The local searching results of readers are then combined to form the final searching result. The proposed protocols outperform existing solutions in both time efficiency and searching precision. Simulation results show that, compared with the state-of-the-art solution, our best protocol reduces execution time by up to 60 percent, meanwhile promotes the searching precision by nearly an order of magnitude.

Qunying Sun,Hongjian Zhang,Lingfei Mo

DOI: https://doi.org/10.1002/dac.1225

2011-01-01

International Journal of Communication Systems

Abstract:Radio Frequency Identification (RFID) becomes increasingly widespread in various applications. However, data collision is one of the most concerns in dense active RFID systems. Data collision will cause serious data loss, slow identification speed and high energy consumption. In this paper, data collision problem is addressed and two communication protocols are presented based on the dual‐reader structure. One is the master–slave dual‐reader (MSDR) protocol, and the other is called the dual‐reader DCMA (DRDCMA) protocol. Both protocols are implemented in the hardware platform and their performances are compared with other conventional anti‐collision protocols . Experimental results show that our proposed protocols outperform the conventional ones in terms of identification rate, identification speed and energy consumption. Compared to the Single‐reader (SR) protocol, the proposed MSDR protocol can improve the identification rate by 82.9%, reduce the access latency and energy consumption by 47.0%. Besides, the proposed DRDCMA protocol can reduce the access latency and energy consumption by 69.1 and 78.3 %, respectively , in comparison with DCMA . Moreover, MSDR has the fastest identification speed and it can improve nearly 100% over SR when the communication load is large enough. DRDCMA presents the highest identification rate with nearly no data loss , while the identification rate in MSDR is 40.6 % and decreases dramatically with the increment in communication load . Copyright © 2011 John Wiley & Sons, Ltd.

Rolando Trujillo-Rasua,Benjamin Martin,Gildas Avoine

DOI: https://doi.org/10.48550/arXiv.1405.5704

2014-05-22

Cryptography and Security

Abstract:Contactless technologies such as RFID, NFC, and sensor networks are vulnerable to mafia and distance frauds. Both frauds aim at passing an authentication protocol by cheating on the actual distance between the prover and the verifier. To cope these security issues, distance-bounding protocols have been designed. However, none of the current proposals simultaneously resists to these two frauds without requiring additional memory and computation. The situation is even worse considering that just a few distance-bounding protocols are able to deal with the inherent background noise on the communication channels. This article introduces a noise-resilient distance-bounding protocol that resists to both mafia and distance frauds. The security of the protocol is analyzed with respect to these two frauds in both scenarios, namely noisy and noiseless channels. Analytical expressions for the adversary's success probabilities are provided, and are illustrated by experimental results. The analysis, performed in an already existing framework for fairness reasons, demonstrates the undeniable advantage of the introduced lightweight design over the previous proposals.

Yongming Jin,Huiping Sun,Wei Xin,Song Luo,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-25243-3_6

2011-01-01

Abstract:The wide deployment of RFID systems has raised many concerns about the security and privacy. Many RFID authentication protocols are proposed for these low-cost RFID tags. However, most of existing RFID authentication protocols suffer from some feasible problems. In this paper, we first discuss the feasible problems that exist in some RFID authentication protocols. Then we propose a lightweight RFID mutual authentication protocol against these feasible problems. To the best of our knowledge, it is the first scalable RFID authentication protocol that based on the SQUASH scheme. The new protocol is lightweight and can provide the forward security. In every authentication session, the tag produces the random number and the response is fresh. It also prevents the asynchronization between the reader and the tag. Additionally, the new protocol is secure against such attacks as replay attack, denial of service attack, man-in-the-middle attack and so on. We also show that it requires less cost of computation and storage than other similar protocols.

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Pei-Yu Chen,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/704623

2014-01-01

The Scientific World JOURNAL

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance.

Qingsong Yao,Jianfeng Ma,Rui Li,Xinghua Li,Jinku Li,Jiao Liu

DOI: https://doi.org/10.1109/access.2019.2922220

IF: 3.9

2019-01-01

IEEE Access

Abstract:Internet of Things (IoT) devices are basic units in edge computing. Denial of service (DoS) attack is a great threat to low-cost IoT devices, even worse in privacy-preserving authentication protocols for radio frequency identification (RFID) tags. During DoS attacks, the attacker consumes the legal states in a target tag by continuous scanning and further observes its behavior in authentication to break privacy. Due to lack of adequate energy and computing power, it is hard for passive backscattering RFID tags to defend against DoS attacks. In this work, we cast a new insight on the DoS attacks to RFID tags and leverage the malicious scanning behavior as a new energy source. In this way, a passive tag gains more and more energy and can afford more and more complex cryptography computation under a DoS attack. Finally, the victim tag with adequate energy achieves to complete the complicated public key cryptographic computations and defend against the DoS attack. We further propose a protocol, namely the RUND protocol. We define the tracking privacy model and introduce in the notion of tracking interval to define the tracking privacy other than indistinguishable privacy. To guarantee the security and tracking privacy properties of our protocol, we propose 3 rules as designing guidelines. The analysis shows that our approach can achieve $O$ (1) efficiency while providing DoS-defending privacy-preserving authentication. Furthermore, with proper parameters our approach can save about 40% boosting time at least, compared to the directly charging for public key cryptographic computation method.

Xiuqing Chen,Tianjie Cao,Yu Guo

DOI: https://doi.org/10.12785/amis/080450

2014-01-01

Applied Mathematics & Information Sciences

Abstract:The radio frequency identification (RFID) protocols are vulnerable to va rious attacks from an active or passive adversary. We shed light upon some existing security flaws in these delegation protocols . It is useful to mitigate many security weaknesses in such delegation protocols to promote the acceptance of RFID tags. We propose that a scalable RFID delegation protocol will be against traceability attacks with a stateful variant so that it provides the claimed secu rity requirements. Compared with the previous schemes, we emphasize three critical distinctions in our protocol. First, the reader an d the tag decrease one bitwise XOR of the message and reduce the computational complexity. Second, a solution to reducing the maximum search complexity can be that add two different flags to the tags responses in order to distinguish delegation request from delegation update. Third, the number of exchanged flows during different cases of our revision is same. Finally, the proposed s cheme achieves scalability and untraceability property without leading to a security collision.

Aanjhan Ranganathan,Boris Danev,Srdjan Capkun

DOI: https://doi.org/10.48550/arXiv.1404.4435

2014-04-17

Cryptography and Security

Abstract:A distance bounding system guarantees an upper bound on the physical distance between a verifier and a prover. However, in contrast to a conventional wireless communication system, distance bounding systems introduce tight requirements on the processing delay at the prover and require high distance measurement precision making their practical realization challenging. Prior proposals of distance bounding systems focused primarily on building provers with minimal processing delays but did not consider the power limitations of provers and verifiers. However, in a wide range of applications (e.g., physical access control), provers are expected to be fully or semi-passive introducing additional constraints on the design and implementation of distance bounding systems. In this work, we propose a new physical layer scheme for distance bounding and leverage this scheme to implement a distance bounding system with a low-power prover. Our physical layer combines frequency modulated continuous wave (FMCW) and backscatter communication. The use of backscatter communication enables low power consumption at the prover which is critical for a number of distance bounding applications. By using the FMCW-based physical layer, we further decouple the physical distance estimation from the processing delay at the prover, thereby enabling the realization of the majority of distance bounding protocols developed in prior art. We evaluate our system under various attack scenarios and show that it offers strong security guarantees against distance, mafia and terrorist frauds. Additionally, we validate the communication and distance measurement characteristics of our system through simulations and experiments and show that it is well suited for short-range physical access control and payment applications.

Yihang Song,Songfan Li,Chong Zhang,Li Lu

DOI: https://doi.org/10.1155/2021/6668498

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:Distance bounding protocols guarantee a credible distance upper bound between the devices which require the spatial distance as a security parameter to defend Mafia Fraud attacks. However, in RF systems, the realization of distance bounding protocol faces obstacles due to low spectrum efficiency, since the distance bound estimation consumes a significant amount of frequency band in existing schemes. This hinders RF distance bounding from being practically deployed, especially in commonly used ISM bands. In this work, we propose an alternative, spectrum-efficient scheme for RF distance bounding. We build the physical layer as well as a protocol design based on SFCW signal and SFCW ranging. Thus, comparing existing schemes that consume many frequency bands, our scheme frees many spectrum resources. We propose solutions to the unique challenges facing such an SFCW-based scheme design, namely, data communication over unintelligent SFCW signals, and secure synchronization in the SFCW-based challenge-response exchange. We evaluate our scheme via the security analysis and physical layer simulations. The results show (i) its resistance to attacks commonly concerned in distance bounding, (ii) the feasibility of the physical layer design such as accurate ranging and data communication function, and (iii) the communication noise tolerance and the ability of multipath signal discrimination.