Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Yuanchao Shu,Yu Gu,Jiming Chen

DOI: https://doi.org/10.1109/MASS.2012.6502522

2012-01-01

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges can not be transferred among trusted users. In this work, we introduce a sensory-data-enhanced authentication for access control systems. By combining sensory-data obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss and stolen. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with simple sensor data and empirically demonstrate simple rotations can increase key space by more than 30, 000 times with an authentication accuracy of 95%. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Ching-Hsien Hsu,Shangguang Wang,Daqiang Zhang,Hai-Cheng Chu,Ning Lu

DOI: https://doi.org/10.1002/sec.1488

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Radio Frequency Identification (RFID) technology provides a seamless link between physical world and the information system in cyber space. However, the emerging Internet of Things and cloud systems are full of security holes, which introduce new challenging security problems in both tag identification and data privacy. In this paper, we present efficient methods for identity authentication and data encryption to enhance RFID privacy. The proposed techniques aim to ensure no adversary interacting with the tags and the reader, to infer any information on a tag's identity from the communication. The main idea, a symmetric cryptography technique, termed as Advanced Encryption Standard, was applied to implement both mutual authentication and data encryption between the front and back ends of RFID systems. The Advanced Encryption Standard cryptographic algorithm was adopted because of its low hardware complexity and high security strength. In addition, the proposed key management protocol is proved resistant to several known RFID attacks such as Man-in-the-Middle, Denial-of-Service, replay, clone attack, and backward/forward traceability. The computational time complexity of the proposed scheme through the entire identity authentication and data encryption phases is 3T(encrypt)+1T(nonce)+4T(xor), which is superior to most existing approaches. The proposed scheme was also proved to be able to provide higher data encryption performance than other symmetric cryptographic algorithms with regard to the same level of security strength. Copyright (c) 2016 John Wiley & Sons, Ltd.

Baohua Zhao,Ningyu An,Xiao Liang,Chunhui Ren,Zhihao Wang

DOI: https://doi.org/10.1007/978-3-030-05755-8_1

2018-01-01

Abstract:In order to solve the security issues existed in RFID authentication in recent years. A mutual identity authentication scheme based on dynamic is proposed after describing and analyzing the problems that RFID authentication technology encounters, which can solve replay attack, man-in-the-middle attack and other security issues. In addition, this paper also describes the techno of Authentication technology. The method proposed refers to tags privacy level between Tag and Reader to achieve mutual authentication, it not only can enhance the privacy protection of the label carrier and protect the identity privacy of the Reader holder, but also has a certain effectiveness advantage.

Huansheng Ning,Hong Liu,Laurence T. Yang,Yan Zhang

DOI: https://doi.org/10.1002/cpe.1827

2012-01-01

Abstract:The open radio frequency identification (RFID) air interface may suffer from severe threats that make security problem become a critical issue for RFID systems and applications. This paper proposes a dual cryptography authentication protocol (DCAP) for RFID systems. DCAP partitions randomly the tag identifier into two partial identifiers that are used in the forward link and in the backward link, respectively. The protocol applies hash function and shared-key encryption algorithm to safeguard both forward and backward links and provides a three-round authentication mode on each tag and reader in a session. Then, authentication is carried out by the primary, secondary, and final verifications. For a formal analysis, a graphical method Colored Petri Nets is applied to model and analyze the correctness of DCAP. We prove that the protocol owns tag anonymity and forward security and has the capability to resist major attacks such as replay, reader forgery, and tag forgery. Finally, the performance in terms of storage, communication overhead, and computation load is evaluated to demonstrate that the protocol has modest complexity and high efficiency. Copyright © 2011 John Wiley & Sons, Ltd.

Fang Mingwei,Wu Junjun,Zhang Xinfang,Chen Hong

DOI: https://doi.org/10.4028/www.scientific.net/kem.474-476.1764

2011-01-01

Key Engineering Materials

Abstract:RFID technology plays an important role in our daily life nowadays. It widely used in the automatic identification system by embedding the tag into product. However, some security risks presented due to radio frequency signal channel between the tag and the reader which may lead privacy disclosure for the user. Various solutions are proposed to resole to security issues in RFID system, but there still presented some limitations. A security elliptic curve cryptography based authentication protocol is presented in this paper to preserve the privacy of the RFID system. The proposed protocol provides mutual authentication and a security communication channel between the tag and the reader. By the security analysis, our protocol can resist common passive and active attack; moreover, it also can provide forward security.

Yang Liu,Yu Peng,Bailing Wang,Yun Qu,Xuefengi Bai,Xinling Yuan,Zelong Yin

2013-01-01

International Journal of Security and Its Applications

Abstract:With the development and application of RFID technology in Internet of Things (IOT), RFID system plays a more and more important role on privacy protection and information security of users. For the safety need of RFID system and the existing shortage of secure authentication protocols, we offer RFID mutual authentication protocol based on variable update. Mutual authentication is executed in RFID system through the characteristics of Hash function, which prevents the phenomenon of counterfeit in internal system. Meanwhile, we adopt the method of periodic updates System initial value to improve the level of security authentication, which overcomes the various safety attacks. The protocol has certain advantages on security capabilities and algorithm complexity with high safety and practicality.

LI Heng,GAO Fei,XUE Yan-ming,FENG Shuo

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.32.051

2010-01-01

Abstract:The wireless transmission characteristics of RFID system is vulnerable to be attacked and theft within communication,to people adopt the physical methods and authentication encryption methods to enhance system security,authentication encryption methods is more useful due to its simple design.In this paper,we analysis of security vulnerabilities exist in the commonly used authentication protocol based on Hash function,on this basis bring forward a modified protocol.Through compare them in security,data storage condition and complexity of the algorithm,it can prove that the improved protocol has a very good improvement for RFID system’s overall performance,particularly in security.

Martin Feldhofer,Sandra Dominikus,Johannes Wolkerstorfer

DOI: https://doi.org/10.1007/978-3-540-28632-5_26

2004-01-01

Abstract:Radio frequency identification (RFID) is an emerging technology which brings enormous productivity benefits in applications where objects have to be identified automatically. This paper presents issues concerning security and privacy of RFID systems which are heavily discussed in public. In contrast to the RFID community, which claims that cryptographic components are too costly for RFID tags, we describe a solution using strong symmetric authentication which is suitable for today’s requirements regarding low power consumption and low die-size. We introduce an authentication protocol which serves as a proof of concept for authenticating an RFID tag to a reader device using the Advanced Encryption Standard (AES) as cryptographic primitive. The main part of this work is a novel approach of an AES hardware implementation which encrypts a 128-bit block of data within 1000 clock cycles and has a power consumption below 9 μA on a 0.35 μm CMOS process.

Ben Niu,Hui Li,Xiaoyan Zhu,Chao Lv

DOI: https://doi.org/10.1109/cis.2011.152

2011-01-01

Abstract:Radio frequency identification technology has been increasingly used in many applications. However, there are many threats and security risks in the RFID systems since an insecure wireless channel exists between the reader and the tags. The security of RFID protocols must be designed and proved with careful cryptanalysis. In this paper, we analyze some RFID authentication protocols proposed recently. Firstly, Shen et al. propose an authentication protocol with strong privacy and security, but we prove that the attacker is able to impersonate a reader to desynchronize a tag by eavesdropping on and modifying the messages transmitted. Secondly, WeiHWang et al. claim that their hash function based protocol can resist from several attacks including denial of service attack, but we perform this attack by inducing a desynchronization of secret between server and tags. At last, Sandhya and Rangaswarmy propose an authentication protocol with many security features, while we present desynchronization attack and reader impersonation attack on this protocol.

Xiaoyun Chen,Youli Su,Hui Xiong,Yukai Yao,Guohua Liu,Min Yue

DOI: https://doi.org/10.1109/IHMSC.2010.61

2010-01-01

Abstract:Radio Frequency Identification (RFID) systems is increasingly rife in a variety of applications during recent years, such as inventory management, automobile immobilizers, animal tracking, supply chain management (SCM) and payment system. However, due to its wireless communication and demand for invisibility, security and privacy in RFID system becomes a serious challenge. In this paper, our main attention is constructing an efficient privacy preserving proposal. After reviewing the past work, we propose an improved method to enhance the security and privacy in RFID system. Based on random hash lock approach, we use random list stored in tag instead random value generator, and this novel method can achieve both mutual authentication with lower tag design cost. Meanwhile, the proposed solution satisfies security requirements, for instance, no information leaking, forward security and is resistant to replay attacks. In addition, it is suitable for distribute environment. Analysis of this approach shows it effective and efficiency. Compared with some existing schemes, this solution is superior.

CHEN Shao-Wei,CHEN Rui,LING Li

2010-01-01

Abstract:Although RFID technology has been increasingly popular and commonly used,there are still a host of defects in security and privacy.This paper proposes a new improved authentication protocol based on the existing protocols and Hash algorithm,and to some extent,it solves the security and privacy problems. This protocal can prevent replay attack,statistical analysis,spoofing attack,privacy track,and is suitable for the distributed system.

Jun Wen,Wenhong Tian,Weidong Wang

DOI: https://doi.org/10.1109/ICCCAS.2010.5582037

2010-01-01

Abstract:Radio Frequency Identification (RFID) technologies have been standardized and widely commercially used, but its security problem is a major challenge. This paper presents an efficient authentication approach to prevent tag from eavesdropping by attackers, tracing by illegal reader. It firstly gives a comprehensive discussion of privacy problems, then presents a mutual authentication and encrypts communication mechanism. And a security analysis on withstanding attackers for the RFID approach is given. © 2010 IEEE.

Jie Li,Yunfeng Wang,Baoying Jiao,Yong Xu

DOI: https://doi.org/10.1109/iclsim.2010.5461250

2010-01-01

Abstract:A scalable authentication protocol is proposed for security and efficient RFID communication. The performance evaluation and security analysis has proved its advantages. Compared with other protocols, it can preserve content and location privacy, resist replay attacks and Dos attacks, and has forward security and scalable.

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Pei-Yu Chen,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/704623

2014-01-01

The Scientific World JOURNAL

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance.

张诚,葛建华,俞晖

DOI: https://doi.org/10.3969/j.issn.1008-0570.2008.26.066

2008-01-01

Abstract:RFID is now widely deployed in various areas,such as manufacture,military,logistics and daily life. But the information is transmitted by air,which issues a great challenge on privacy and security of RFID system. Based on the overview of the former RFID security mechanism,this paper proposes a bi-directional authentication with aliaes mechanism. This mechanism provides both forward and backward security,and is easy to implement with low cost. The paper also analyzes the system performance from security,computation complexity,resource requirement,all of which indicate that this is an applicable RFID security solution.

Shiqi Wang,Linsen Li,Gaosheng Chen,Tao Chen,Zeming Wang

DOI: https://doi.org/10.1109/IACS.2017.7921977

2017-01-01

Abstract:As the RFID based Internet of Things (loT) gets worldwide attention, to prepare for the rapidly increasing applications in daily life, various security protocols are proposed. But, these protocols, most of which are limited by the tag processing capacity and dangerous exposure during transmission, could only be applied in certain fields. Previously, Chen and Deng's mutual authentication and privacy protection protocol which conforming EPC Class 1 Generation 2 Standards stands out for low cost as well as little requirements of the tag processing capacity. However, currently reported by others, this system faces up with severe dangers of tracking or cloning tags via impersonating attacks. After scrutiny, we found out that these vulnerabilities lie in the insufficient protections of random numbers, and we reconstruct the request and response based on the original protocol by making message unrepeatable, key elements secret and adding small storage for comparisons. The security of our protocol, proved by Ban logic analysis, is ensured by double protections — secret key pairs and dynamic random numbers. Our comparisons show that our protocol not only is safe under traditional attacks guaranteed by the original protocol but also overcomes impersonating attacks which represents the inherent weakness of information exposure in public.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Noureddine Chikouche,Foudil Cherif,Mohamed Benmohammed

DOI: https://doi.org/10.48550/arXiv.1207.5627

2012-07-24

Abstract:Radio Frequency Identification (RFID) and biometric technologies saw fast evolutions during the last years and which are used in several applications, such as access control. Among important characteristics in the RFID tags, we mention the limitation of resources (memory, energy, ...). Our work focuses on the design of a RFID authentication protocol which uses biometric data and which confirms the secrecy, the authentication and the privacy. Our protocol requires a PRNG (Pseud-Random Number Generator), a robust hash function and Biometric hash function. The Biometric hash function is used to optimize and to protect biometric data. For Security analysis of protocol proposed, we will use AVISPA and SPAN tools to verify the authentication and the secrecy.

Cryptography and Security

W Liang,S Xie,X Li,J Long,Y Xie,KC Li

DOI: https://doi.org/10.1007/978-981-10-7398-4_36

2017-01-01

Abstract:The widespread use of radio frequency identification (RFID) in IoTs makes authentication of RFID systems be widely concerned. In existing encryption schemes (e.g., Hash function) in electronic products, secure chip is hard to be used in high performance RFID system due to high computation complexity and cost. In this work, we consider problems in these performances and propose a PUF-GIMAP protocol by combining GIMAP protocol and physically unclonable functions (PUFs). The response of PUF is added into protocol. The mutual authentication between label and reader is realized by transmitting information such as secret key and dynamical pseudonym, which greatly ensures data security in transmission. After authentication, the reserved data is updated in time. The protocol analysis shows that the proposed scheme has the advantages of high security and high reliability.