Abstract
Radio-frequency identification (RFID) technology constitutes an important part of what has become known as the Internet of Things (IoT) that is accessible and interconnected machines and everyday objects that form a dynamic and complex environment. To secure the IoT in a cost-efficient manner, we need to build security and privacy into the design of its components. Moreover, mechanisms should be constructed that will allow both individuals and organizations to actively manage their “things” and information in a highly flux environment. The contributions of this paper are twofold: We first discuss the use of security and privacy policies that can offer fine granularity and context-aware information control in RFID systems. Second, we propose a novel secure and privacy-preserving tag management protocol that can support such policies. Our protocol has a modular design that allows it to support a set of desirable management operations (viz. tag authentication, delegation, and ownership transfer) while imposing minimal hardware and computational requirements on the tag side. Furthermore, inspired by the European Network and Information Security Agency's Flying 2.0 study, we describe a near-future air travel scenario to further explain and demonstrate the inner workings of our proposal.
Abstract
In this paper, we describe an attack against one of the most efficient authentication protocols for low-cost RFID tags recently proposed by Song and Mitchell. A weak attacker, i.e. an attacker that has no access to the internal data of a tag, is able to impersonate a legitimate reader/server, and to desynchronize a tag. The attack is very efficient and has minimal computational complexity. Finally, we propose a simple solution to fix the flaw.
Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.
Abstract
In the last few years, a plethora of RFID authentication protocols have been proposed and several security analyses have been published creating the impression that designing such a protocol must be, more or less, a straightforward task. In this paper, we investigate the security of two recently proposed schemes, showing that designing a secure RFID authentication protocol is still a demanding process. One is a mature work; in the sense that it has predecessors that have been extensively analyzed, while the other is a fresh proposal. Our security analysis demonstrates that both are weak, as they suffer from a similar desychronization attack. In addition we prove the existence of a fatal tag impersonation attack against the second one.
Abstract
RFID technology constitutes an important part of what has become known as the IoT; i.e accessible and interconnected machines and everyday objects that form a dynamic and complex environment. In order to be able to secure the IoT in a cost-efficient manner we need to build security and privacy into the design of its components. Thus, in this paper, we first introduce the use of security and privacy policies that can offer fine granularity and context-aware information control in RFID systems, and with this in mind, we propose a novel secure and privacy preserving tag management protocol to implement such policies. The new protocol has a modular design in order to support all the basic management operations (tag authentication, delegation and ownership transfer), while imposing minimal hardware and computational requirements on the tag side.
Abstract
Motivated by the plethora of RFID security protocols and the interoperability problems that this diversity causes, we propose a software agent-based platform that allows an RFID back-end subsystem to integrate and manage heterogeneous tags that are based on non-standardized implementations. In addition, we introduce a new suite of lightweight tag management protocols that support tag authentication, time-based tag delegation and ownership transfer. The protocols can take advantage of the proposed agent-based platform and do satisfy all the standard security and privacy requirements.
Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.
Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.
Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.