H. M. Sun,S. M. Chen,K. H. Wang

2011-01-01

Abstract:There are increasing concerns on the security of RFID usages. Recently, Lu et al. presented ACTION, a privacy preservative authentication protocol for RFID. It is claimed that it achieves high level of security even if a large number of tags is compromised. However, we found that this protocol is vulnerable to two severe attacks : Desynchronizing attacks and Tracking attacks. In this pape r, we present how these two attacks work even if the protocol parameters are moderated.

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Li Heng,Gao Fei,Xue Yanming,Feng Shuo

DOI: https://doi.org/10.1007/978-3-642-14350-2_22

2014-01-01

Abstract: The introduction of authentication protocols for RFID system provides the security to it, authentication protocol based on hash function is one of the most commonly used authentication protocol, which the hash function they used is a unilateral function, with a relatively high security, and it is easy to implement in the tag of RFID, so it has a wider application in RFID system. As the hash function, the characteristics of its own will have hash table conflicts, and thus would have resulted in security vulnerabilities, aim at the hash table conflict, this paper proposes a specific solution, and simulate the improved authentication protocol.

CHEN Shao-Wei,CHEN Rui,LING Li

2010-01-01

Abstract:Although RFID technology has been increasingly popular and commonly used,there are still a host of defects in security and privacy.This paper proposes a new improved authentication protocol based on the existing protocols and Hash algorithm,and to some extent,it solves the security and privacy problems. This protocal can prevent replay attack,statistical analysis,spoofing attack,privacy track,and is suitable for the distributed system.

Hung-Min Sun,Wei-Chih Ting,King-Hang Wang

DOI: https://doi.org/10.1109/tdsc.2009.26

2009-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Security issues become more and more significant in RFID development. Recently, Chien proposed an ultralightweight RFID authentication protocol in order to achieve privacy and authenticity with limited computation and transmission resources. However, we find two desynchronization attacks to break the protocol. In order to repair the protocol, two patches that slightly modify the protocol are presented in the paper.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Yang Xu,Jinsha Yuan

DOI: https://doi.org/10.1007/s11107-018-0812-6

IF: 1.768

2018-01-01

Photonic Network Communications

Abstract:With comprehensive applications of radio-frequency identification (RFID) technology in Internet of things, more and more mobile reader devices are utilized. However, in mobile RFID system the readers are not considered trustworthy as usual; thus, an authentication protocol with the mutual authentication ability is demanded; that is, the tag can authenticate the reader when necessary. In this paper, the one-way Hash is used to realize the mutual authentication between RFID tags, readers and application servers. Meanwhile, to solve the tracking attacks of tags, the ID update ability is proposed. The IDs of the RFID tags used in this protocol are variable and traceable. Besides, the out-of-synchronous mechanism and anti-collision mechanism are also designed for the ID-updating stage. BAN logic is used to prove the security of the protocol, and the communication cost simulations of several protocols are carried out and comparisons are then made. Through the security and comparisons performance analysis of various protocols, the proposed protocol is proved to require for a smaller storage space and lower operation cost. What is more, it can resist multiple attacks, which can meet the requirements of the security and privacy of RFID system for the mobile environment.

Jing Li,Zhiping Zhou,Ping Wang

DOI: https://doi.org/10.1109/ccdc.2017.7978502

2017-01-01

Abstract:Through analyzing the security of LMAP protocol, we point out that this protocol is vulnerable to several attacks including the data integrity, reader impersonation and traceability, forward traceability. Based on the above security drawbacks, an improved LAMP protocol is proposed. Aiming at the problem of data integrity, the backend server uses message authentication code to encrypt data information of tag; the reader mixes message generated by tag side to ensure resist impersonation reader attack; the tag side introduces blind factor against traceability attack; in addition, the keys of tags and backend server side can be updated dynamically according to the random number generated by tag side in different authentication cycles, to ensure the forward/backward privacy. The formal proof of correctness of the improved protocol is given based on GNY logic, and shows that the improved protocol resists various attack.

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Pei-Yu Chen,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/704623

2014-01-01

The Scientific World JOURNAL

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance.

Wei Xie,Chen Zhang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.48550/arXiv.1304.1318

2013-04-04

Cryptography and Security

Abstract:This paper address a new problem in RFID authentication research for the first time. That is, existing RFID authentication schemes generally assume that the backend server is absolutely secure, however, this assumption is rarely tenable in practical conditions. It disables existing RFID authentication protocols from being safely applied to a reallife scenario in which the backend server is actually vulnerable, compromised or even malicious itself. We propose an RFID authentication scheme against an unsecure backend server. It is based on hash chain, searching over encrypted data, and coprivacy, defending against the privacy revealing to the backend server. The proposed scheme is scalable, resistant to desynchronization attacks, and provides mutual authentication in only three frontend communication steps. Moreover, it is the first scheme meeting the special security and privacy requirement for a cloud-based RFID authentication scenario in which the backend server is untrustworthy to readers held by cloud clients.

Yalin Chen,Jue-Sam Chou,Hung-Min Sun

DOI: https://doi.org/10.1016/j.comnet.2008.04.016

IF: 5.493

2008-01-01

Computer Networks

Abstract:In 2004, Ari Juels proposed a Yoking-Proofs protocol for RFID systems. Their aim is to permit a pair of tags to generate a proof which is verifiable off-line by a trusted entity even when the readers are potentially untrusted. However, we found that their protocol does not possess the anonymity property but also suffers from both known-plaintext attack and replay attack. Wong et al. [Kirk H.M. Wong, Patrick C.L. Hui, Allan C.K. Chan, Cryptography and authentication on RFID passive tags for apparel products, Computer in Industry 57 (2005) 342–349] proposed an authentication scheme for RFID passive tags, attempting to be a standard for apparel products. Yet, to our review, their protocol suffers from guessing parameter attack and replay attack. Moreover, both of the schemes have the common weakness: the backend server must use brute search for each tag’s authentication. In this paper, we first describe the weaknesses in the two above-mentioned protocols. Then, we propose a novel efficient scheme which not only achieve the mutual authentication between the server and the tag but also can satisfy all the security requirements needed in an RFID system.

JIN Yong-ming,XIN Wei,SUN Hui-ping,CHEN Zhong

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.14.002

2012-01-01

Abstract:Kulseng et al's lightweight Radio Frequency Identification(RFID) authentication protocol has secret loophole that it may cause key leakage if the protocol is attacked by side channel analysis,which leads authentication failure.This paper modifies four-step authentication to three-step authentication,introduces key recovery mechanism and improves usage of key,so that the protocol has higher efficiency,and it is convenient to expend in multi-tag environment.Theory analysis result shows that the new protocol can prevent various attacks,and it is more efficient compared with the original protocol.

Rong Zhu,Xiaoxi He,Jiahong Xie,Zongjie Zhang,Ping Wang

DOI: https://doi.org/10.1109/bigdatase50710.2020.00017

2020-01-01

Abstract:RFID system plays an important role in railway transportation. The importance of RFID security has always been a concern. However, attack methods also develop with the development of protocol design. Many authentication protocols which declared to be secure actually have some defects. These defects may help the attacker to obtain important and confidential data, which can lead to more severe problems. In this paper, we discovered some weaknesses in Safkhani et al.’s RFID authentication scheme. Through theoretical analysis and experiment by an automated analysis tool ProVerif, we found their protocol is susceptible to forgery attack and desynchronization attack. After that, we proposed an improved scheme which achieved better security. Besides, we used ProVerif to formally prove the security of our protocol. ProVerif is more flexible and powerful compared with other formal verification tools. The experiment result shows our protocol is safer than Safkhani et al.’s scheme. In general, our protocol is more practical in the application of the RFID system.

Yongming Jin,Wei Xin,Huiping Sun,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-29253-8_27

2012-01-01

Abstract:RFID tags are now pervasive in our everyday life. They raise a lot of security and privacy issues. Many authentication protocols against these problems assume that the tags can contain a secret key that is unknown to the adversary. However, physical attacks can lead to key exposure and full security breaks. On the other hand, many protocols are only described and analyzed. However, we cannot explain why they are designed like that. Compare with the previous protocols, we first propose a universal RFID authentication protocol and show the principle why the protocol is designed. It can be instantiated for various types and achieve different security properties according to the implementation of the functions. Then we introduce a general prototype of delay-based PUF for low-cost RFID systems and propose a new lightweight RFID authentication protocol based on the general prototype of PUF. The new protocol not only resists the physical attacks and secret key leakage, but also prevents the asynchronization between the reader and the tag. It also can resist the replay attack, man-in-the-middle attack etc. Finally, we show that it is efficient and practical for low-cost RFID systems.

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.

Yongming Jin,Huiping Sun,Wei Xin,Song Luo,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-25243-3_6

2011-01-01

Abstract:The wide deployment of RFID systems has raised many concerns about the security and privacy. Many RFID authentication protocols are proposed for these low-cost RFID tags. However, most of existing RFID authentication protocols suffer from some feasible problems. In this paper, we first discuss the feasible problems that exist in some RFID authentication protocols. Then we propose a lightweight RFID mutual authentication protocol against these feasible problems. To the best of our knowledge, it is the first scalable RFID authentication protocol that based on the SQUASH scheme. The new protocol is lightweight and can provide the forward security. In every authentication session, the tag produces the random number and the response is fresh. It also prevents the asynchronization between the reader and the tag. Additionally, the new protocol is secure against such attacks as replay attack, denial of service attack, man-in-the-middle attack and so on. We also show that it requires less cost of computation and storage than other similar protocols.

Khwaja Mansoor,Anwar Ghani,Shehzad Ashraf Chaudhry,Shahaboddin Shamshirband,Shahbaz Ahmed Khan Ghayyur,Amir Mosavi,Shehzad Chaudhry,Shahbaz Ghayyur

DOI: https://doi.org/10.3390/s19214752

IF: 3.9

2019-11-01

Sensors

Abstract:Despite the many conveniences of Radio Frequency Identification (RFID) systems, the underlying open architecture for communication between the RFID devices may lead to various security threats. Recently, many solutions were proposed to secure RFID systems and many such systems are based on only lightweight primitives, including symmetric encryption, hash functions, and exclusive OR operation. Many solutions based on only lightweight primitives were proved insecure, whereas, due to resource-constrained nature of RFID devices, the public key-based cryptographic solutions are unenviable for RFID systems. Very recently, Gope and Hwang proposed an authentication protocol for RFID systems based on only lightweight primitives and claimed their protocol can withstand all known attacks. However, as per the analysis in this article, their protocol is infeasible and is vulnerable to collision, denial-of-service (DoS), and stolen verifier attacks. This article then presents an improved realistic and lightweight authentication protocol to ensure protection against known attacks. The security of the proposed protocol is formally analyzed using Burrows Abadi-Needham (BAN) logic and under the attack model of automated security verification tool ProVerif. Moreover, the security features are also well analyzed, although informally. The proposed protocol outperforms the competing protocols in terms of security.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Haradhan Ghosh,Pramod Kumar Maurya,Satya Bagchi

DOI: https://doi.org/10.1007/s11277-024-11616-z

IF: 2.017

2024-10-20

Wireless Personal Communications

Abstract:A cutting-edge idea known as the Internet of Things (IoT) connects different physical items with the online environment. IoT technology is expanding quickly and will soon have an important encounter on how we live our everyday lives. IoT applications use radio frequency identification (RFID) to automatically identify the linked devices. RFID-enabled technologies are becoming more common nowadays for protecting privacy in a variety of industries, including the smart grid, smart cities, and smart education. Healthcare is one of the prominent applications of RFID technology. Patients can receive quick and convenient care at home due to RFID-enabled healthcare solutions. However, there are instances of technology forgery, putting patients' medical information in danger. Utilizing an authentication protocol is extensively regarded as the most efficient way for RFID-enabled healthcare systems to prevent malicious attacks and the misuse of resources. Very recently, Shariq and Singh proposed a lightweight RFID-enabled protocol for healthcare using the properties of vector space. This article presents evidence that Shariq and Singh's protocol has some wrong steps and is also liable to tag anonymity and impersonation attacks. Moreover, we proposed a secured authentication protocol to overcome the flaws of Shariq and Singh's protocol using vector addition, scalar multiplication, and dot products. We analyze the formal security utilizing BAN logic and Scyther simulation tools. The proposed protocol performs better than related protocols regarding costs associated with computation, transmission, storage, and security measures.

telecommunications