Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Luciano Gavoni

DOI: https://doi.org/10.48550/arXiv.2110.00094

2021-10-01

Abstract:Radio Frequency Identification (RFID) systems are among the most widespread computing technologies with technical potential and profitable opportunities in numerous applications worldwide. Further, RFID is the core technology behind the Internet of Things (IoT), which can accomplish the real-time transmission of information between objects without manual operation. However, RFID security has been taken for granted for several years, causing multiple vulnerabilities that can even damage human functionalities. The latest ISO/IEC 18000-63:2015 standard concerning RFID dates to 2015, and much freedom has been given to manufacturers responsible for making their devices secure. The lack of a substantial standard for devices that implement RFID technology creates many vulnerabilities that expose end-users to elevated risk. Hence, this paper gives the reader a clear overview of the technology, and it analyzes 23 well-known RFID attacks such as Reverse Engineering, Buffer Overflow, Eavesdropping, and Malware. Moreover, given the exceptional capabilities and utilities of RFID devices, this paper has focused on security measures and defenses for protecting them, such as Active Jamming, Shielding tag, and Authentication.

Cryptography and Security

H. M. Sun,S. M. Chen,K. H. Wang

2011-01-01

Abstract:There are increasing concerns on the security of RFID usages. Recently, Lu et al. presented ACTION, a privacy preservative authentication protocol for RFID. It is claimed that it achieves high level of security even if a large number of tags is compromised. However, we found that this protocol is vulnerable to two severe attacks : Desynchronizing attacks and Tracking attacks. In this pape r, we present how these two attacks work even if the protocol parameters are moderated.

Xiaoxi Wang

2015-01-01

Abstract:In the implementation of RFID in library application and development, it will meet many contradictions about standard and unified, ideal and reality, design and implementation, technical service and the right protection, economic benefits and social and management benefits, et al. This paper analyzes the related problems, to explore the development of countermeasures to solve the problems.

Kai Bu,Minyu Weng,Yi Zheng,Bin Xiao,Xuan Liu

DOI: https://doi.org/10.1109/comst.2017.2688411

2017-01-01

Abstract:Radio-frequency identification (RFID) is one of the driving technologies for Internet of Things. The architecture-succinctness and cost-effectiveness of RFID tags promise their proliferation as well as allure security and privacy breaches. The cloning attack using clone tags to impersonate genuine tags can lead to unimaginable threats because RFID applications equate tag genuineness to the authenticity of tagged objects. Proposed countermeasures, however, keep showing limitations in effectiveness, efficiency, security, privacy, or applicability as new RFID applications emerge. The countermeasures therefore require constant review and improvement to stay at the leading edge. In this paper, we conduct the first comprehensive and systematic survey of RFID clone prevention and detection solutions. We systematically classify existing RFID cloning countermeasures over the period 2003-2016, sketch the main idea and highlight the strengths and weaknesses of each solution type, and summarize the similarity and difference among solution types. We find that RFID cloning countermeasures turn to be much more complex to design than they were thought in the literature. Prevention solutions can hardly thwart RFID cloning completely. Detection solutions may have specific application requirements to take effect. Many open issues further complicate the design of RFID cloning countermeasures. We hope that our survey can provide academic researchers and industrial engineers with useful references to combat RFID cloning and therefore to secure RFID ecosystem.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Hung-Min Sun,Wei-Chih Ting,King-Hang Wang

DOI: https://doi.org/10.1109/tdsc.2009.26

2009-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Security issues become more and more significant in RFID development. Recently, Chien proposed an ultralightweight RFID authentication protocol in order to achieve privacy and authenticity with limited computation and transmission resources. However, we find two desynchronization attacks to break the protocol. In order to repair the protocol, two patches that slightly modify the protocol are presented in the paper.

Haradhan Ghosh,Pramod Kumar Maurya,Satya Bagchi

DOI: https://doi.org/10.1007/s11277-024-11616-z

IF: 2.017

2024-10-20

Wireless Personal Communications

Abstract:A cutting-edge idea known as the Internet of Things (IoT) connects different physical items with the online environment. IoT technology is expanding quickly and will soon have an important encounter on how we live our everyday lives. IoT applications use radio frequency identification (RFID) to automatically identify the linked devices. RFID-enabled technologies are becoming more common nowadays for protecting privacy in a variety of industries, including the smart grid, smart cities, and smart education. Healthcare is one of the prominent applications of RFID technology. Patients can receive quick and convenient care at home due to RFID-enabled healthcare solutions. However, there are instances of technology forgery, putting patients' medical information in danger. Utilizing an authentication protocol is extensively regarded as the most efficient way for RFID-enabled healthcare systems to prevent malicious attacks and the misuse of resources. Very recently, Shariq and Singh proposed a lightweight RFID-enabled protocol for healthcare using the properties of vector space. This article presents evidence that Shariq and Singh's protocol has some wrong steps and is also liable to tag anonymity and impersonation attacks. Moreover, we proposed a secured authentication protocol to overcome the flaws of Shariq and Singh's protocol using vector addition, scalar multiplication, and dot products. We analyze the formal security utilizing BAN logic and Scyther simulation tools. The proposed protocol performs better than related protocols regarding costs associated with computation, transmission, storage, and security measures.

telecommunications

Pedro Peris-Lopez,Julio C. Hernandez-Castro,Christos Dimitrakakis,Aikaterini Mitrokotsa,Juan M. E. Tapiador

DOI: https://doi.org/10.48550/arXiv.0906.4618

2009-06-25

Cryptography and Security

Abstract:The vast majority of RFID authentication protocols assume the proximity between readers and tags due to the limited range of the radio channel. However, in real scenarios an intruder can be located between the prover (tag) and the verifier (reader) and trick this last one into thinking that the prover is in close proximity. This attack is generally known as a relay attack in which scope distance fraud, mafia fraud and terrorist attacks are included. Distance bounding protocols represent a promising countermeasure to hinder relay attacks. Several protocols have been proposed during the last years but vulnerabilities of major or minor relevance have been identified in most of them. In 2008, Kim et al. [1] proposed a new distance bounding protocol with the objective of being the best in terms of security, privacy, tag computational overhead and fault tolerance. In this paper, we analyze this protocol and we present a passive full disclosure attack, which allows an adversary to discover the long-term secret key of the tag. The presented attack is very relevant, since no security objectives are met in Kim et al.'s protocol. Then, design guidelines are introduced with the aim of facilitating protocol designers the stimulating task of designing secure and efficient schemes against relay attacks. Finally a new protocol, named Hitomi and inspired by [1], is designed conforming the guidelines proposed previously.

Hua Wang,Lili Sun,Jianming Yong,Yongbing Zhang

DOI: https://doi.org/10.1109/cscwd.2009.4968136

2009-01-01

Abstract:This paper focuses on the challenges on the privacy of Radio Frequency Identification (RFID) systems. RFID systems have already widely applied in industry and have been bringing lots of benefits to our daily life, it also creates new security and privacy problems to individuals and organizations. The security and privacy challenges are analysed after a brief introduction of various RFID systems and their associated operations. A proposal to protecting security and privacy of customers, as a solution of the challenge for low-cost RFID systems is designed. Finally, comparisons to related works of the proposal are described.

Seyed Salman Sajjadi Ghaemmaghami,Afrooz Haghbin,Mahtab Mirmohseni

DOI: https://doi.org/10.48550/arXiv.1601.04622

2016-01-19

Abstract:Radio Frequency IDentification (RFID) is a pioneer technology which has depicted a new lifestyle for humanity in all around the world. Every day we observe an increase in the scope of RFID applications and no one cannot withdraw its numerous usage around him/herself. An important issue which should be considered is providing privacy and security requirements of an RFID system. Recently in 2014, Cai et al. proposed two improved RFID authentication protocols based on R-RAPS rules by the names of IHRMA and I2SRS. In this paper, we investigate the privacy of the aforementioned protocols based on Ouafi and Phan formal privacy model and show that both IHRMA and I2SRS protocols cannot provide private authentication for RFID users. Moreover, we showthat these protocols are vulnerable to impersonation, DoS and traceability attacks. Then, by considering the drawbacks of the studied protocols and implementation of messages with new structures, we present two improved efficient and secure authentication protocols to ameliorate the performance of Cai et al schemes. Our analysis illustrate that the existing weaknesses of the discussed protocols are eliminated in our proposed protocols.

Cryptography and Security

Fei Wang,Bin Xiao,Kai Bu,Jinshu Su

DOI: https://doi.org/10.1109/icc.2013.6654842

2013-01-01

Abstract:Blocker tags are initially introduced to protect regular tags in certain ID ranges, called blocking ranges, from unwanted scanning in RFID systems. But if misused, blocker tags can cause blocking attacks that corrupt the communication between interfered regular tags and readers. Previous approaches can only detect blocking behavior. However, they cannot distinguish malicious blocking from legitimate blocking that can be perfectly allowed to protect customer's privacy. To solve the problem, we carry out the first attempt in the paper to detect real blocking attacks by identifying malicious blocking ranges from authorized ones in a system. We present two pioneer probe-based protocols that can accurately identify malicious blocking ranges in popular tree-based RFID systems, and get rid of their impact before performing RFID applications. We validate the efficacy of the two protocols through theoretical analysis and simulation experiments. The results show that our protocols can identify blocking ranges very fast even when the blocker tag percentage is very low, for example, dozens of blocker tags among tens of thousands of regular tags. Our protocols deliver also a faster blocker tag detection than previous detection methods; our best protocol reduces detection time by over 90% compared with the state-of-the-art detection method.

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Lijun Yan,Huaxiong Wang,Hung-Min Sun

2014-01-01

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In 2009, Chien and Laih proposed an RFID authentication protocol based on error correction codes (ECC) to secure RFID systems with untraceability, which is one of the most critical privacy issues on RFID. In this paper, we demonstrate that their scheme is insecure against two kinds of tracing attacks. We also analyze the success probability of our attacks.

Zhao Wang,Xuesong Zhang,Zhong Chen

DOI: https://doi.org/10.1109/iccis.2012.215

2012-01-01

Abstract:Radio frequency identification (RFID) technology is a non-contact automatic identification technology. The basic principle of RFID is coupled with radio frequency signal and the spatial transmission characteristics. From object recognition to achieve automatic recognition, RFID has the advantages of being effective, diversity, high capacity, low cost, anti-pollution, penetrating and so on. However, current RFID authentication protocols cannot defend against DoS attack. This paper proposes Rapdos, a novel mutual authentication protocol, which is based on the use of symmetric encryption and dynamic update key to prevent the DoS attack. The experiment has validated that Rapdos has provided good security for RFID system, and can defeat location privacy attack, relay attack, eavesdropping attack, denial-of-service attack, and solve problems of RFID security privacy.

Yang Xu,Jinsha Yuan

DOI: https://doi.org/10.1007/s11107-018-0812-6

IF: 1.768

2018-01-01

Photonic Network Communications

Abstract:With comprehensive applications of radio-frequency identification (RFID) technology in Internet of things, more and more mobile reader devices are utilized. However, in mobile RFID system the readers are not considered trustworthy as usual; thus, an authentication protocol with the mutual authentication ability is demanded; that is, the tag can authenticate the reader when necessary. In this paper, the one-way Hash is used to realize the mutual authentication between RFID tags, readers and application servers. Meanwhile, to solve the tracking attacks of tags, the ID update ability is proposed. The IDs of the RFID tags used in this protocol are variable and traceable. Besides, the out-of-synchronous mechanism and anti-collision mechanism are also designed for the ID-updating stage. BAN logic is used to prove the security of the protocol, and the communication cost simulations of several protocols are carried out and comparisons are then made. Through the security and comparisons performance analysis of various protocols, the proposed protocol is proved to require for a smaller storage space and lower operation cost. What is more, it can resist multiple attacks, which can meet the requirements of the security and privacy of RFID system for the mobile environment.

Wei Xin,Zhi Guan,Tao Yang,Huiping Sun,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-37401-2_53

2013-01-01

Abstract:RFID technology is increasingly become popular in supply chain management. When passing tags on to the next partner in the supply chain, ownership of the old partner is transferred to the new partner. In this paper, we first introduce some existing RFID tag ownership transfer protocols, then give the security and privacy requirements for such kind of protocols, finally, we propose a novel RFID tag ownership transfer protocol which supports constant-time authentication, and effectively protects the privacy of the old tag owner and the new tag owner. © 2013 Springer-Verlag.

Hung‐Min Sun,Shuai-Min Chen,Chen-En Lu,Cheng‐Ta Yang

2009-01-01

Abstract:There are varies of RFID authentication schemes have been proposed. Most of them address on privacy issues over the tag and the user, however, they are still vulnerable to different attacks and with some weaknesses. In addition, the readers and the back-end server are considered as a single entity for these typical RFID schemes, hence, the communication channel is assumed to be secure. Recently, a concept of mobile reader has been proposed in which the reader is possessed by the user and is equipped inside a mobile device. The mobile RFID reader possessor can extract the information about the tagged objects by communicating with the back-end server through an insecure channel; consequently, a secure RFID authentication is needed. In this paper, two RFID authentication schemes are proposed for the reader-portable RFID environment. These schemes not only provide a novel usage of RFID system, but resolve privacy threats while a mobile reader is not authorized to acquire every tag’s information.

Kai Bu,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1109/PADSW.2014.7097801

2014-01-01

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring systems. Along with this trend, tagged objects' value and privacy become a primary concern. A corresponding important problem is to verify the intactness of a set of tagged objects without leaking tag identifiers (IDs). However, existing solutions necessitate the knowledge of tag IDs. Without tag IDs as a priori, this paper studies intactness verification in anonymous RFID systems. We identify three critical solution requirements, that is, deterministic verification, anonymity preservation, and scalability. We propose Cardiff and Divar, two crypto-free, lightweight protocols that isolate tag IDs from intactness verification and satisfy solution requirements. Cardiff explores tag cardinality as intactness proof while Divar leverages Direct-Sequence Spread Spectrum (DSSS) enabled RFID. Both analytical and simulation results demonstrate that Cardiff and Divar can satisfy the requirements of accuracy, privacy, and scalability.

Behzad Abdolmaleki,Karim Baghery,Shahram Khazaei,Mohammad Reza Aref

DOI: https://doi.org/10.1007/s11277-017-4145-z

IF: 2.017

2017-04-29

Wireless Personal Communications

Abstract:Recently, Radio Frequency Identification (RFID) and Near Field Communication systems are found in various user-friendly services that all of us deal with in our daily lives. As these systems are ubiquitously deployed in different authentication and identification applications, inferring information about our behavior will be possible by monitoring our use of them. In order to provide privacy and security requirements of RFID users in novel authentication applications, lots of security schemes have been proposed which have tried to provide secure and untraceable communication for end-users. In this paper, we investigate the privacy of three RFID security schemes which have been proposed recently. For privacy analysis, we use the well-known RFID formal privacy model proposed by Ouafi and Phan. We show that all the studied protocols have some privacy drawbacks, making them vulnerable to various traceability attacks. Moreover, in order to overcome all the reported weaknesses and prevent the presented attacks, we apply some modifications in the structures of the studied protocols and propose an improved version of each one. Our analyses show that the modified protocols are more efficient than their previous versions and new modifications can omit all the existing weaknesses on the analyzed protocols. Finally, we compare the modified protocols with some new-found RFID authentication protocols in the terms of security and privacy.

telecommunications