Radio Frequency Identification Security Research Articles

A study on lightweight mutual authentication for radio-frequency identification medical device

Recently, radio-frequency identification (RFID) technology has been applied to various industrial fields. It is used for various health-care purposes such as patient information management and health management, thereby providing convenience for both hospital officials and patients. However, the RFID system also presents various health-care security threats such as spoofing attacks and counterfeit attacks in the data communication between the server, reader, and tag, which adversely affect both hospital officials and patients. An RFID mutual authentication technique is thus required, and various such techniques have already been proposed. Research is being conducted for performing RFID mutual authentication using bit operation or based on a lightweight public key cryptosystem for application to a low-cost tag environment. In this study, we analyze the RFID mutual authentication protocol for RFID medical devices and propose an efficient, lightweight mutual authentication scheme for secure RFID medical devices by satisfying various security requirements and decreasing the computation cost.

An efficient and secure RFID authentication protocol using elliptic curve cryptography

Radio frequency identification (RFID) is a relatively new technology widely deployed in many applications. Due to several advantages of the technology including decreased costs and increased speed, different organizations and industries show interest in it, and its application range is gradually developing. Some of the main problems of RFID are security and privacy. The implementation of authentication protocols is a flexible and effective way to solve these problems. Several authentication protocols of RFID are based on hash functions or symmetric cryptography. According to the small size of the key, efficient computations, and high security in the elliptic curve cryptography (ECC), its use has increased. Recently some certain ECC-based authentication protocols have been represented. In this paper, a RFID authentication protocol is presented using ECC for mutual authentication to overcome weaknesses of the existing authentication protocols. It has been shown that the proposed protocol satisfies security requirements of RFID authentication protocol and prevents different attacks on RFID systems. Also, the proposed authentication protocol has been analyzed in terms of computational costs, communication costs, and storage requirements. The results revealed that the proposed authentication protocol is an appropriate model for RFID tags with limited resources.

Game-Based Privacy Analysis of RFID Security Schemes for Confident Authentication in IoT

Recently, Radio Frequency Identification (RFID) and Near Field Communication systems are found in various user-friendly services that all of us deal with in our daily lives. As these systems are ubiquitously deployed in different authentication and identification applications, inferring information about our behavior will be possible by monitoring our use of them. In order to provide privacy and security requirements of RFID users in novel authentication applications, lots of security schemes have been proposed which have tried to provide secure and untraceable communication for end-users. In this paper, we investigate the privacy of three RFID security schemes which have been proposed recently. For privacy analysis, we use the well-known RFID formal privacy model proposed by Ouafi and Phan. We show that all the studied protocols have some privacy drawbacks, making them vulnerable to various traceability attacks. Moreover, in order to overcome all the reported weaknesses and prevent the presented attacks, we apply some modifications in the structures of the studied protocols and propose an improved version of each one. Our analyses show that the modified protocols are more efficient than their previous versions and new modifications can omit all the existing weaknesses on the analyzed protocols. Finally, we compare the modified protocols with some new-found RFID authentication protocols in the terms of security and privacy.

ITPMAP: An Improved Three-Pass Mutual Authentication Protocol for Secure RFID Systems

Radio frequency identification (RFID) is a wireless technology used in various applications to minimize the complexity of everyday life. However, it opens a large number of security and privacy issues that require to be addressed before its successful deployment. Many RFID authentication protocols are proposed in recent years to address security and privacy issues, and most of them are based on lightweight cryptographic techniques such as pseudo-random number generators (PRNGs), or bitwise logical operations. However, the existing RFID authentication protocols suffer from security weaknesses, and cannot solve most of the security and privacy problems. A new solution is necessary to address security and privacy issues. In this paper, an improved three-pass mutual authentication protocol (ITPMAP) for low-cost RFID tags is proposed to offer an adequate security level for RFID systems. The proposed ITPMAP protocol uses one PRNG on the tag side and heavy-weighted cryptographic techniques (i.e., digital signature and password-based encryption schemes) on the back-end server side instead of lightweight cryptographic techniques to address the security and privacy issues. The ITPMAP protocol is secure against various attacks such as cloning, spoofing, replay, and desynchronization attacks. Furthermore, as a proof of concept, the ITPMAP protocol is adopted to propose the design of three real-life RFID systems; namely: Signing and Verification of Graduation Certificate System, issuing and verification of e-ticketing system, and charging and discharging of prepaid card system. The Unified Modeling Language is used to demonstrate the design of the proposed ITPMAP protocol and systems. Java language is used for the implementation of the proposed systems. In addition, the “Mifare Classic” tags and readers are used as RFID apparatuses for the proposed systems.

Low Cost Countermeasure at Authentication Protocol Level against Electromagnetic Side Channel Attacks on RFID Tags

Radio Frequency Identification (RFID) technology is widely spread in many security applications. Producing secured low-cost and low-power RFID tags is a challenge. The used of lightweight encryption algorithms can be an economic solution for these RFID security applications. This article proposes low cost countermeasure to secure RFID tags against Electromagnetic Side Channel Attacks (EMA). Firstly, we proposed a parallel architecture of PRESENT block cipher that represents a one way of hiding countermeasures against EMA. 200 000 Electromagnetic traces are used to attack the proposed architecture, whereas 10 000 EM traces are used to attack an existing serial architecture of PRESENT. Then we proposed a countermeasure at mutual authentication protocol by limiting progressively the number of EM traces. This limitation prevents the attacker to perform the EMA. The proposed countermeasure is based on time delay function. It requires 960 GEs and represents a low cost solution compared to existing countermeasures at primitive block cipher (2471 GEs).

A framework introducing implications of RFID network threats to businesses

The radio frequency identification (RFID) technology is increasingly used in several industries for various business tasks (item tracking, inventory, etc.). Many types of security threats to RFID networks have been identified, but the impact of these threats on businesses remains unclear. This research aims at proposing a framework detailing the implications of RFID security threats to businesses. We followed an interpretive study to draw up the proposed framework. Based on a literature review, we established a classification of RFID usages (inventory management, payment systems, identity control, and tracking systems). A number of RFID network security threats (denial of service, spoofing, relay, etc.) were identified and explained. Consequently, a framework linking RFID threats to different types of usages in applications is proposed and explained. This framework exposes clearly the implication of every RFID threat on a specific usage of RFID regardless of the industry (healthcare, education, etc.).

Reverse Engineering and Security Evaluation of Commercial Tags for RFID-Based IoT Applications.

The Internet of Things (IoT) is a distributed system of physical objects that requires the seamless integration of hardware (e.g., sensors, actuators, electronics) and network communications in order to collect and exchange data. IoT smart objects need to be somehow identified to determine the origin of the data and to automatically detect the elements around us. One of the best positioned technologies to perform identification is RFID (Radio Frequency Identification), which in the last years has gained a lot of popularity in applications like access control, payment cards or logistics. Despite its popularity, RFID security has not been properly handled in numerous applications. To foster security in such applications, this article includes three main contributions. First, in order to establish the basics, a detailed review of the most common flaws found in RFID-based IoT systems is provided, including the latest attacks described in the literature. Second, a novel methodology that eases the detection and mitigation of such flaws is presented. Third, the latest RFID security tools are analyzed and the methodology proposed is applied through one of them (Proxmark 3) to validate it. Thus, the methodology is tested in different scenarios where tags are commonly used for identification. In such systems it was possible to clone transponders, extract information, and even emulate both tags and readers. Therefore, it is shown that the methodology proposed is useful for auditing security and reverse engineering RFID communications in IoT applications. It must be noted that, although this paper is aimed at fostering RFID communications security in IoT applications, the methodology can be applied to any RFID communications protocol.

Emulation-based fault analysis on RFID tags for robustness and security evaluation

This paper presents an FPGA (field-programmable gate array) based fault emulation system for analysis of fault impact on security and robustness of RFID (radio frequency identification) tags. This emulation system that deals with any RFID protocol consists of two tag-reader pairs, a fault injection module and an emulation controller all implemented in a single FPGA. The designed approach performs single event upset (SEU) and single event transient (SET) fault injection and permits with high flexibility to set communication scenarios and related parameters. Moreover, we propose a classification of produced errors to evaluate fault impacts and identify most sensitive tag flip-flops causing large number of failures and security concerns. The proposed fault injection approach provides suitable means to increase tags' security and robustness. In our experimentation campaign, an ultra-high frequency (UHF) tag architecture has been exposed to intensive SEU and SET fault injections. The duration of the campaign including results analysis is 30min in where 6,215,316 faults are experimented. Our results have shown that the tag has tolerated 61.82% of SEUs and 67.83% of SETs. The flip-flops that constitute the tag FSM (finite state machine) have been identified as the most sensitive parts causing large number of failures.

Efficient RFID Authentication Using Elliptic Curve Cryptography for the Internet of Things

The Internet of Things (IoT) is an expansion of Internet-based sensing, processing and networking. As a key technique of the IoT, the Radio Frequency Identification (RFID) had a prosperous development in the past decade. Security schemes were also proposed to ensure secure RFID authentication. This paper analyzes security weaknesses found in previous schemes and proposes a new RFID authentication scheme using Elliptic Curve Cryptography (ECC). Security analysis results show that the proposed scheme can meet security requirements of RFID authentication while requiring no extra cost in terms of performance.

A Trajectory Privacy Model for Radio-Frequency Identification System

Here we propose a trajectory privacy model to solve privacy and security problems with radio-frequency identification (RFID) systems. The model first formalizes an Adversary Model and then defines an adversary indistinguishability privacy game and interval security privacy game according to the ability of the adversary. Based on the privacy game between adversary and challenger, the author gives the definition of weak trajectory privacy and strong trajectory privacy. Finally, we analyzed the privacy protection level of present RFID systems with the help of this trajectory privacy model. It can be seen that the trajectory privacy model can effectively analyze and find the privacy vulnerabilities of RFID security protocols.

A Provably Secure RFID Authentication Protocol Based on Elliptic Curve for Healthcare Environments.

To enhance the quality of healthcare in the management of chronic disease, telecare medical information systems have increasingly been used. Very recently, Zhang and Qi (J. Med. Syst. 38(5):47, 32), and Zhao (J. Med. Syst. 38(5):46, 33) separately proposed two authentication schemes for telecare medical information systems using radio frequency identification (RFID) technology. They claimed that their protocols achieve all security requirements including forward secrecy. However, this paper demonstrates that both Zhang and Qi's scheme, and Zhao's scheme could not provide forward secrecy. To augment the security, we propose an efficient RFID authentication scheme using elliptic curves for healthcare environments. The proposed RFID scheme is secure under common random oracle model.

Research on a provable security RFID authentication protocol based on Hash function

Research on existing radio frequency identification (RFID) authentication protocols security risks, poor performance and other problems, a RFID security authentication protocol based on dynamic identification (ID) and Key value renewal is proposed. Meanwhile, the security problems based on Hash function RFID security authentication protocol in recent years have been also sorted and analyzed. Then a security model to design and analyze RFID protocols is built. By using the computational complexity, its correctness and security have been proved. Compared with the safety performance, storage overhead, computational overhead and other aspects of other protocols, the protocol for RFID has more efficient performance and ability to withstand various attacks. And the C# programming language is used to simulate the authentication process on the visual studio platform, which verifies the feasibility of the protocol.

A security protocol for RFID traceability

SummaryNowadays, traceability represents a key activity in many sectors. Many modern traceability systems are based on radio‐frequency identification (RFID) technology. However, the distributed information stored on RFID tags involves new security problems. This paper presents the traceability multi‐entity cryptography, a high‐level data protection scheme based on public key cryptography that is able to protect RFID data for traceability and chain activities. This scheme is able to manage entities with different permissions, and it is especially suitable for applications that require complex Information Systems. Traceability multi‐entity cryptography avoids industrial espionage, guarantees the information authenticity, protects the customer privacy, and detects malicious alterations of the information. In contrast to the state‐of‐the‐art RFID security schemes, the proposed protocol is applicable to standard RFID tags without any cryptographic capability, and it does not require a central database. Copyright © 2016 John Wiley & Sons, Ltd.

Lightweight Cryptographic MTDAS Algorithm for Wireless Sensor Network Devices

In numerous sensor network devices, security is one of the critical issues. A number of symmetric-key encryption algorithms are employed in sensor network hardware and based on standard cryptography, many security algorithms are enhanced for wireless sensor network devices. However, many of these cryptographic algorithms contain own weakness, such as susceptible to selected plaintext attack, password attacks and computational complexity. In WSN, the security of Radio Frequency Identification (RFID) tags contain drawn wide attention from both academia and industry due to the possible wide RFID exploitation and lightweight cryptography in RFID is a significant mechanism in the security information of RFID devices. Therefore, a lightweight cryptographic Multilanguage Two Dimensional Array Substitution Technique (MTDAS) algorithm is presented for RFID tags in this paper to reduce the computational complexity and increase the security during the deployment. This MTDAS algorithm and its low power computational, sizeoptimized accomplishment goals at very embarrassed devicessuch as passive RFID tags. Our proposed algorithm MTDAS gives cryptographic primitivesat very low cost is of dominant significance for protecting applications of RFID. This MTDA Scryptographic algorithm was implemented by using multilingual characters set table. This table is dynamic in nature, and this type of encryption doesn't have any relationship between cipher text and plaintext, so it is difficult for an intruder to get back the plaintext.

A Study of Security Vulnerabilities in Mobile environment

Now day's application had focus more on the security and Radio Frequency Identification (RFID) had become one of the major technologies that become important for security. RFID devices are going to be ubiquitous applications that are used in different areas especially in the business because it simplifies many business transactions. However, security and privacy issues and risks are introduced by pervasiveness of RFID systems. In RFID systems, communication between tag and reader usually takes place via wireless communication. As the nature of radio frequency signal, it can go everywhere and everyone can receive this signal, which is an insecure channel. The computational resources in RFID tag are constrained and it is a big limitation that forces researcher to apply different mitigations compared to common security solutions. At the first part of this research, RFID architecture is introduced briefly. In this paper, the researcher explains existing security challenges in RFID networks then the effects of these threats on security and privacy of RFID are discussed. After analyzing security challenges of RFID networks, different countermeasures that are proposed by other researchers are discussed. At the end of this paper, future security challenges are discussed.

Towards Scalable Identification in RFID Systems

The search efficiency of radio frequency identification (RFID) protocols remains a challenging issue. There are many proposals that address the security and privacy issues of RFID, but most of them require reader work that is linear with the number of tags. Some proposals use a tree-based approach to solve the search efficiency problem. The tree-based approach reduces the search complexity from $${\mathcal {O}}(N)$$O(N) to $${\mathcal {O}}(\log N)$$O(logN). However, tree-based protocols are vulnerable to tag compromising attacks due to the lack of a key-updating mechanism. Therefore, tree-based protocols are weak private in Vaudenay's privacy model. In this paper, we propose a privacy-preserving RFID authentication protocol that does not require lookup. Our solution is based on the use of physically unclonable functions (PUFs) and is destructive-private in the Vaudenay-Model. It provides resistance against tag compromising attack by using PUFs as a secure storage mechanism to preserve the privacy of the tag.

Attacks and improvements to chaotic map‐based RFID authentication protocol

AbstractBecause of its low cost and ease of deployment, radio frequency identification (RFID) technology offers great potential for all applications that require identification. Main obstacle for wide adoption of this technology is the concerns about its security and privacy issues. Many RFID authentication protocols have been proposed to provide desired security and privacy level for RFID systems. Recently, Benssalah et al. have proposed a chaotic map‐based RFID security protocol. In this paper, we analyze the security of this protocol and discover its vulnerabilities. We show that message generation arises some weaknesses, and this protocol is vulnerable to tracking, tag impersonation, and de‐synchronization attacks. The success probabilities of the proposed attacks are significant, and their complexities are polynomial. Furthermore, we propose an RFID authentication protocol. Our protocol utilizes the Chebyshev chaotic map hard problem and conforms to the EPCglobal Class 1 Generation 2 (EPC C1‐G2) standard. Our protocol eliminates the weaknesses of the protocol of Benssalah et al. Copyright © 2015 John Wiley & Sons, Ltd.

Applications of RFID Technology [Book\/Software Reviews

This book is intended for radiofrequency identification (RFID) system designers, program managers, and regulators. It covers broad aspects of RFID requirements and RFID environments. The first chapter of this book offers an introduction to radiofrequency identification (RFID) history, applications, business applications, and standards. The remaining chapters focus on: radio-frequency spectrum and propagation, the theory of electromagnetism and Maxwell’s equations, near field, far field, and EH field; automatic identification systems (AISs; RFID standards, air interface, key players, and an example of an ultrahigh frequency (UHF) tags; RFID near-field and far-field propagation of low-frequency systems and high-frequency/microwave systems; RFID system design requirements; integrating RFIDs and sensor networks; and RFID market trends, barriers to RFID adoption, security, privacy, health risks, ethics, and moral dilemmas of RFID technology.

A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency.

A secure RFID mutual authentication protocol for healthcare environments using elliptic curve cryptography.

Radio Frequency Identification(RFID) is an automatic identification technology, which can be widely used in healthcare environments to locate and track staff, equipment and patients. However, potential security and privacy problems in RFID system remain a challenge. In this paper, we design a mutual authentication protocol for RFID based on elliptic curve cryptography(ECC). We use pre-computing method within tag's communication, so that our protocol can get better efficiency. In terms of security, our protocol can achieve confidentiality, unforgeability, mutual authentication, tag's anonymity, availability and forward security. Our protocol also can overcome the weakness in the existing protocols. Therefore, our protocol is suitable for healthcare environments.