Wei Xin,Zhi Guan,Tao Yang,Huiping Sun,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-37401-2_53

2013-01-01

Abstract:RFID technology is increasingly become popular in supply chain management. When passing tags on to the next partner in the supply chain, ownership of the old partner is transferred to the new partner. In this paper, we first introduce some existing RFID tag ownership transfer protocols, then give the security and privacy requirements for such kind of protocols, finally, we propose a novel RFID tag ownership transfer protocol which supports constant-time authentication, and effectively protects the privacy of the old tag owner and the new tag owner. © 2013 Springer-Verlag.

Wei Xie,Lei Xie,Chen Zhang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.1109/RFID.2013.6548151

2013-01-01

Abstract:Along with the development of cloud computing, cloud-based RFID is receiving more and more attentions of researchers and engineers. However, there is no research in which cloud computing is applied to RFID authentication schemes. Most current works lay emphasis on functionalities, lacking considerations about security and privacy. Classical RFID authentication schemes fail to meet the special security and privacy requirements of cloud-based RFID. The basic postulates of traditional backend-sever-based RFID authentication, i.e. secure backend channel and entirely trustworthy database, are no longer natively tenable in cloud-based RFID scenarios. In this paper, a virtual private network agency is suggested to build secure backend channels and to provide readers with anonymous access to the cloud. The cloud database is structured as an encrypted hash table. The first cloud-based RFID authentication protocol preserving tag/reader privacy to database keepers is proposed. Comparing with classical schemes, the proposed scheme has advantages in deployment cost saving, pervasiveness of authentication, scalability of O(1) complexity to verify a tag, mobile reader holders' privacy preserving, and database security.

Ye Bi,Kai Fan,Kuan Zhang,Yuhan Bai,Hui Li,Yingtang Yang

DOI: https://doi.org/10.1109/jiot.2023.3267501

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Modern business models improve the efficiency of supply chain management by attaching tags to products. These tagged products typically change owners multiple times during their life cycles. The ownership transfer protocol authorizes the new owner by replacing the old owner’s authentication information stored in the tag with the new owner’s. Until now, a considerable amount of literature has proposed solutions to the problem of RFID ownership transfer. Unfortunately, these existing protocols are either flawed in some security properties especially in protecting new and old owners’ privacy, or are associated with huge computational overheads. In this paper, we propose an ultra-lightweight RFID ownership transfer protocol based on permutation function. The tag and reader only use efficient bit operations, which greatly reduce the computational overhead. An important feature of the proposed protocol is that the new owner can impose calculations on data that has been encrypted by the old owner. The new owner is authorized by the old owner and does not have access to the tag’s key, which protects the old owner’s privacy stored in the tag side. We compare our protocol with existing work, and show the advantages in terms of security, computational overhead, and time cost.

computer science, information systems,telecommunications,engineering, electrical & electronic

Tongliang Li,Zhigang Jin,Chaoyi Pang

DOI: https://doi.org/10.1109/icinis.2010.13

2010-01-01

Abstract:Although widely used in various applications, the current RFID (Radio Frequency Identification) systems lack efficiently enforcement of security and privacy. Furthermore, considering that the bearer of a RFID tag might be changed, the ownership transferring of the tags also becomes an issue. Some schemes have been suggested, but they are lack of participation of people. In this paper, we propose a novel scheme for the low-cost passive RFID tags. In our approach, people are involved in the authentication process. After getting some information from the assistant tag and user's password, the reader uses them to update the key of the common tags to be identified, and this makes the secured ownership transfer come true. In order to reach our goal, pseudonym, mutual authentication mechanism, and lightweight functions are employed. The analysis shows that our scheme not only achieves the secure and private goals, but also supports secured controlled ownership transfer.

Wei Xie,Lei Xie,Chen Zhang,Qiang Wang,Chao Wang,Chaojing Tang

DOI: https://doi.org/10.1002/sec.965

IF: 1.968

2014-01-01

Security and Communication Networks

Abstract:ABSTRACTThis paper addresses radio frequency identification (RFID) authentication and ownership transfer in offline scenarios. Four typical related works are reviewed in detail. A series of shortcomings and vulnerabilities of them are pointed out. A new RFID authentication protocol based on a novel tag‐owner‐assisting architecture is proposed, making a tag's owner an essential participant of the RFID authentication process. The proposed protocol is distinguished from existing works in providing ownership transfer, access control, and mutual authentication without any centralized database neither on a backend server nor in a reader. The security of the proposed protocol is verified by using automated validation of Internet security protocols and applications tool. The proposed protocol is server‐less, simple, scalable, untraceable, and device‐independent. These features are simultaneously achieved in a single RFID authentication protocol for the first time. Copyright © 2014 John Wiley & Sons, Ltd.

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Qing-Shan Li,Xiao-Lin Xu,Zhong Chen

DOI: https://doi.org/10.1109/pdcat.2014.25

2014-01-01

Abstract:In the supply chain, RFID tags are deployed more widely. In the life of the supply chain, the owner of the tag will change frequently. Ownership transfer protocol can achieve the purpose that the access rights of the tag are transferred from the original owner to the new owner, and protect the privacy of the original owner and the new owner. To resist cloning attack and side channel analysis attack, physical unclonable function (PUF) has been proposed to enhance the security of the tags. Since the PUF of each tag is unique and different, it is difficult to be forged. However, most of PUF-based authentication protocols need the response value previously stored in the readers. On the other hand, most of the ownership transfer protocols assume the original owner and the new owner has a secure channel. However, in an open environment, due to time and space constraints, such a channel is often unable to quickly established. In this paper, we studied the ownership transfer protocols in an open environment and proposed a PUF-based RFID ownership transfer protocols, PROTP. The new protocol is the first ownership transfer protocol based on the PUF in an open environment. The new protocol does not need to store the respond values of the PUF. To utilize the randomness of the PUF, it replaces the pseudo-random generator. Meanwhile, PROTP can protect the privacy of the original owner and the new owner. In terms of efficiency, since the protocol is designed to satisfy the requirement in an open environment, the total cost of the computation is more than others protocols. However, due to the new protocol utilizes the PUF to replace the pseudo-random generator, the each step of the authentication messages achieves a better optimization in computational cost.

Shuai-Min Chen,Mu-En Wu,Hung-Min Sun,King-Hang Wang

DOI: https://doi.org/10.1016/j.future.2013.05.004

IF: 7.307

2014-01-01

Future Generation Computer Systems

Abstract:Radio-frequency identification (RFID) systems can benefit from cloud databases since information on thousands of tags is queried at the same time. If all RFID readers in a system query a cloud database, data consistency can easily be maintained by cloud computing. Privacy-preserving authentication (PPA) has been proposed to protect RFID security. The time complexity for searching a cloud database in an RFID system is O(N), which is obviously inefficient. Fortunately, PPA uses tree structures to manage tags, which can reduce the complexity from a linear search to a logarithmic search. Hence, tree-based PPA provides RFID scalability. However, in tree-based mechanisms, compromise of a tag may cause other tags in the system to be vulnerable to tracking attacks. Here we propose a secure and efficient privacy-preserving RFID authentication protocol that uses a cloud database as an RFID server. The proposed protocol not only withstands desynchronizing and tracking attacks, but also provides scalability with O(logN) search complexity.

Yongming Jin,Huiping Sun,Zhong Chen

DOI: https://doi.org/10.1109/ICEBE.2009.77

2009-01-01

Abstract:In the real society, the owner of a tagged object may transfer its ownership to another party. An ownership transfer must satisfy the forward and backward untraceability. It is a new problem in the research of RFID security and privacy. In this paper, a simple and efficient security protocol, HBOT, for lightweight RFID tags with support for ownership transfer is proposed. The new protocol is based on hash function. It is deeply analyzed and it achieves a very strong notion of security that is necessary in RFID ownership transfer: forward and backward privacy. It is also obtained higher performance.

Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

Wei Xie,Chen Zhang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.48550/arXiv.1304.1318

2013-04-04

Cryptography and Security

Abstract:This paper address a new problem in RFID authentication research for the first time. That is, existing RFID authentication schemes generally assume that the backend server is absolutely secure, however, this assumption is rarely tenable in practical conditions. It disables existing RFID authentication protocols from being safely applied to a reallife scenario in which the backend server is actually vulnerable, compromised or even malicious itself. We propose an RFID authentication scheme against an unsecure backend server. It is based on hash chain, searching over encrypted data, and coprivacy, defending against the privacy revealing to the backend server. The proposed scheme is scalable, resistant to desynchronization attacks, and provides mutual authentication in only three frontend communication steps. Moreover, it is the first scheme meeting the special security and privacy requirement for a cloud-based RFID authentication scenario in which the backend server is untrustworthy to readers held by cloud clients.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Jing Huey Khor,Michail Sidorov,Seri Aathira Balqis Zulqarnain

DOI: https://doi.org/10.3390/s23073433

2023-03-24

Abstract:Scalability prevents public blockchains from being widely adopted for Internet of Things (IoT) applications such as supply chain management. Several existing solutions focus on increasing the transaction count, but none of them address scalability challenges introduced by resource-constrained IoT device integration with these blockchains, especially for the purpose of supply chain ownership management. Thus, this paper solves the issue by proposing a scalable public blockchain-based protocol for the interoperable ownership transfer of tagged goods, suitable for use with resource-constrained IoT devices such as widely used Radio Frequency Identification (RFID) tags. The use of a public blockchain is crucial for the proposed solution as it is essential to enable transparent ownership data transfer, guarantee data integrity, and provide on-chain data required for the protocol. A decentralized web application developed using the Ethereum blockchain and an InterPlanetary File System is used to prove the validity of the proposed lightweight protocol. A detailed security analysis is conducted to verify that the proposed lightweight protocol is secure from key disclosure, replay, man-in-the-middle, de-synchronization, and tracking attacks. The proposed scalable protocol is proven to support secure data transfer among resource-constrained RFID tags while being cost-effective at the same time.

Xingmiao Wang,Kai Fan,Kan Yang,Xiaochun Cheng,Qingkuan Dong,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.comcom.2022.01.014

IF: 5.047

2022-03-01

Computer Communications

Abstract:The widespread application of Radio Frequency Identification (RFID) technology in smart living, especially in smart healthcare, has greatly facilitated patient management, reduced the labour cost of medical services, and provided patients with better medical services. However, improper use of RFID tags is highly likely to threaten the safety and privacy of hospitals and even patients, which may not only cause physical and mental harm to patients but also damage the reputation of hospitals. Medical monitoring system based on RFID technology plays a significant role in guaranteeing the security of medical records as well as the privacy of patients. Nevertheless, due to the resource constraint of RFID tags/readers, it is also challenging to design an efficient and effective authentication protocol for RFID medical monitoring system. Aiming to reduce the resource overhead and meet security requirements of the RFID system, in this paper, we propose an ultra-lightweight RFID security authentication protocol utilizing a cloud server named CRUSAP, which is based on Bit-Crossing XOR rearrangement operations that can effectively resist forgery attacks, replay attacks, desynchronization attacks, and denial of service attacks while certifying the cloud server. The formal logic of BAN proves the safety and feasibility of the protocol. Additionally, the security analysis and experimental results show that the proposed authentication protocol can realize higher security goals at a lower cost and is more suitable for scaling to large-scale authentication.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Muhammad Asad Saleem,Xiong Li,Khalid Mahmood,Tayyaba Tariq,Mohammed J. F. Alenazi,Ashok Kumar Das

DOI: https://doi.org/10.1109/tits.2024.3371464

IF: 8.5

2024-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Vehicular network technology has made substantial advancements in recent years in the field of Intelligent Transportation Systems. Vehicular Cloud Computing (VCC) has emerged as a novel paradigm with a substantial increase in data exchange within Vehicular ad-hoc networks (VANETs). VCC integrates cloud computing, vehicular networking, and Internet of Things (IoT) technologies. It enables Infrastructure-to-Vehicle (I2V), Vehicle-to-Vehicle (V2V), and Vehicle-to-Device (V2D) communication. VCC optimizes vehicle, cloud infrastructure, and IoT resources while addressing significant communication security and vehicle-user privacy challenges. To address these issues, we developed an RFID-based authentication protocol for VCC based on a Henon map using a hash function. In addition, we also incorporated a Physical Unclonable Function (PUF) to resist physical tampering attacks. We validate the protocol’s security formally and informally. The formal security analysis is conducted through a widely used RoR model. We use the Scyther simulation tool to verify the proposed protocol’s security against various attacks. Moreover, we compare the performance of our protocol with similar existing protocols across important performance parameters such as communication and computation overheads and security attributes. The proposed protocol yields substantial improvements, demonstrating a 40.74% reduction in computation overhead and a 13.03% decrease in communication overhead as compared to related protocols, delivering both enhanced performance and resource efficiency. The analysis demonstrates its capacity to support secure communication in the VCC environment and satisfy desirable security attributes.

engineering, electrical & electronic,transportation science & technology, civil

Yongming Jin,Huiping Sun,Wei Xin,Song Luo,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-25243-3_6

2011-01-01

Abstract:The wide deployment of RFID systems has raised many concerns about the security and privacy. Many RFID authentication protocols are proposed for these low-cost RFID tags. However, most of existing RFID authentication protocols suffer from some feasible problems. In this paper, we first discuss the feasible problems that exist in some RFID authentication protocols. Then we propose a lightweight RFID mutual authentication protocol against these feasible problems. To the best of our knowledge, it is the first scalable RFID authentication protocol that based on the SQUASH scheme. The new protocol is lightweight and can provide the forward security. In every authentication session, the tag produces the random number and the response is fresh. It also prevents the asynchronization between the reader and the tag. Additionally, the new protocol is secure against such attacks as replay attack, denial of service attack, man-in-the-middle attack and so on. We also show that it requires less cost of computation and storage than other similar protocols.

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.

Tan, C.C.,Qun Li,Lei Xie

DOI: https://doi.org/10.1109/rfid.2010.5467261

2010-01-01

Abstract:RFID technology is increasingly being deployed in ubiquitous computing environments for object tracking and localization. Existing tracking architecture usually assumes the use of a trusted server which is invulnerable to compromise by internal and external adversaries. However, maintaining such a trusted server is unlikely in the real world. In this paper, we consider the problem of adding privacy protection to object tracking systems built upon passive RFID tags, without relying on a trusted server assumption. Our protocol continues to protect user privacy in the event of partial compromise of a server.

Shucheng Yu,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/milcom.2007.4454918

2007-01-01

Abstract:Radio frequency identification (RFID) is an emerging technology for automatic object identification. For successful deployment of tags, a RFID system should provide effective protection over security and privacy. In particular, traceability is the main concern for user privacy. To address these issues, mutual authentication between the reader and tags is required when deploying a RFID system. Unfortunately, because low-cost RFID tags are highly resource constrained, they are not able to carry out expensive cryptographic primitives to achieve strong authentication. This paper introduces a lightweight authentication protocol for low-cost RFID tags. Compared with previous work, our solution provides better traceability protection while keeping the system efficient in terms of computation and communication. Our scheme also maintains comparable strength regarding other security aspects.