A Secure and Efficient Authentication Protocol for Mobile RFID Systems

Size: px
Start display at page:

Download "A Secure and Efficient Authentication Protocol for Mobile RFID Systems"

Transcription

1 A Secure and Efficient Authentication Protocol for Mobile RFID Systems M.Sandhya 1, T.R.Rangaswamy 2 1 Assistant Professor (Senior Lecturer) CSE Department B.S.A.Crescent Engineering College Chennai, India 2 IT Department B.S.A.Crescent Engineering College Chennai, India Journal of Digital Information Management Abstract: The design of a secure communication scheme for Radio Frequency Identification (RFID) systems has been extensively studied in recent years in view of the awareness of individual privacy and the requirement of robust system security. Most of previous works assume the communication channel between an RFID reader and its backend server is secure and concentrate on the security enhancement between an RFID tag and an RFID reader. However, once RFID reader modules are extensively deployed in consumer s handheld devices, the security violation problems at reader side will be deeply concerned by individuals and organizations. In this paper, it is assumed that the future communication environment for RFID systems will be all wireless and insecure. Under such infrastructure, handheld device such as mobile phone, embedded with RFID reader modules will be situated everywhere and operated with many RFID tags in various RFID application systems. Hence in this paper, an authentication protocol in mobile RFID environment is proposed which effectively achieves forward security with preventing replay, eavesdropping, and counterfeit tag attacks. Based on the security analyses, it has been shown that the scheme can enhance data security and provide privacy protection at reader side even in the presence of an active adversary under insecure mobile RFID environment. Categories and Subject Descriptors C.2.2 Network Protocols D.4.6 Security and Protection Authentication C.2.1 Network Architecture and Design Wireless communication General Terms: RFID, Authentication protocols, Communication security, Wireless security Keywords: RFID, Mobile RFID, Eavesdropping, Forward security Received: 27 December 2010, Revised 10 February 2010, Accepted 2 March Introduction RFID is a wireless communication technology which automatically identifies target without physical contact. An RFID application system consists of includes three components: tag, reader and backend database. There are two types of tags available in the market: active and passive tag. Most of tags are composed of IC chip, antenna and memory etc. Active tags require additional power, such as battery whereas Passive tags depend on electromagnetic induction to generate power. Researchers have indicated that applications of RFID systems may pose a serious threat to information security and consumer privacy. An adversary can easily eavesdrop the communication between tag and reader for the insecure wireless channel they used. Many tags use light weight security protocols to communicate with reader and backend database. In these protocols, lightweight operations such as hash function, XOR etc.are used instead of symmetric or asymmetric encryption algorithm because the most widely used tags are low-cost passive tags and have very limited computational resources. Mobile RFID networks services can be established by converging the existing wireless networks for mobile phone and RFID networks. Originally, the goal of RFID networks is distribution and circulation of objects; however, mobile RFID network services are targeting personal users [1]. Mobile phone, as a powerful device enabling complex personal services can provide personalized services to a user in many ways [2]. The RFID system causes security and privacy problems such as impersonation, traceability and reply attack because it uses wireless communication with RF signals. For this reason, the mobile RFID system has these problems which are similar to the RFID system, and they are more serious than the RFID system because anyone has the mobile device as a reader and obtains information of tagged objects. Traditionally, it is believed that the communication channel between the reader and the database is safe. However, in the mobile RFID system, the communication between the reader and the database is using wireless channel, thus, the communication channel between the reader and the database is not assumed to be safe. Those features require a new authentication protocol suitable to mobile RFID systems. There is scant published research on the feasible rogue-scanning and eavesdropping ranges for mobile RFID. Such research would benefit both mobile RFID security analyses and public policy formulation. The importance of mobile RFID privacy in restricted environment such as military operations reinforces an oft-neglected point: Privacy is not just a consumer concern. The enhanced supply-chain visibility that makes mobile RFID so attractive to industry can also, in another guise, betray competitive intelligence. Enemy forces monitoring or harvesting mobile RFID communications in a military supply chain could learn about troop movements. In civilian applications, similar risks apply. For example, many retailers see item-level RFID tagging as a means to monitor stock levels on retail shelves, and avoid out-of-stock products. Individually tagged objects could also make it easier for competitors to learn about stock turnover rates; corporate spies could walk through shops surreptitiously scanning items. From the above discussion, it is clear that it is necessary to design a new protocol for mobile RFID systems that Journal of Digital Information Management Volume 9 Number 3 June

2 incorporates a form of challenge-response mechanism to avoid attacks like: Authentication attack Replay attack Communication channel attack (eavesdropping) The remaining paper is structured as follows. Section 2 presents in detail about the Mobile RFID Network Services. Section 3 describes the desirable security goals of RFID systems. Section 4 describes the related work in security of Mobile RFID. Section 5 describes about the proposed method. The security analysis of the proposed method is given in Section 6.The Implementation details of the proposed method are described in Section 7. The Performance of the proposed method is evaluated in Section 8.Finally Section 9 outlines the conclusions. 2. Mobile RFID Network Services Mobile RFID network services are the services which are provided to users by using mobile phone having a built- in RFID reader through mobile networks. Users having mobile phone can use ubiquitous services regardless of time and location with the networks. Figure 1 shows the network architecture proposed by mobile RFID forum [3]. A mobile device needs Object Discovery System (ODS), Object Information Service (OIS), and Object Tracing Service (OTS) to acquire the detailed information related with RFID tag read by a reader. ODS, as a RFID retrieval system, is similar to Object Naming Service (ONS) of EPCglobal which notifies the location (URI) of server having the related product information for an RFID code in a tag. OIS, a databases system of individual industry or institution, is similar to EPCIS and is called as a RFID information server storing dynamic and static information for various kinds of products. Figure 1. Overall view of Mobile RFID networks OTS, which corresponds to EPCDS in EPCglobal networks gathers, stores the historical data of products, and provides retrieval services to users. 3. Security Goals of RFID Systems The five main goals of RFID systems are explained in the following. Maintain data security. Illegitimate reading of data must be prevented in RFID systems because the data may be privacy sensitive. The simplest way of reaching that goal is to move all data from tags into the backend infrastructure. If the tags only have an identifier with random appearance and all associated data is securely stored in the backend, one has no hassle in preventing unwanted reading. As there are no tight resource restrictions in the backend like in tags, one can implement flexible access control schemes there. Further, one can access and modify the associated data without the tag being in the read range of a reader. Cope with denial-of-service. This goal is directly connected to the availability of RFID systems. Even if attackers try to put a system out of service, ideally the system should keep running and provide service to legitimate users. A prerequisite is that the integrity of the system is preserved. As it is not possible to prevent all kinds of denial-of service attacks (e.g. shielding tags with a Faraday cage), RFID systems should at least provide means to cope with denial-of- service attacks, e.g. by implementing means for detection of malicious actions and recovering from them. The RFID protocols presented in this paper are designed in such a way that no additional vulnerabilities are introduced by them. Prevent counterfeiting. For many applications, preventing counterfeiting is a goal that should outweigh the higher cost of RFID compared to optical barcodes, which can be copied easily. If RFID tags only emit unique numbers for identification, they can be copied or mimicked easily. But with RFID tags that can prove their genuineness, counterfeiting can be prevented effectively. Such RFID tags can then be used for security sensitive applications like for granting access to restricted areas. Prevent illegitimate access. Illegitimate access to system components enables the infiltration of false data. Thus, it is essential to ensure that only data from trusted sources is processed. Preventing illegitimate access is thus a prerequisite for ensuring the integrity of the data in an RFID system. Prevent unwanted recognition and tracking. Recognition and tracking of objects are core functionalities of RFID systems. They are relevant in all supply chain applications. But if persons get involved, that functionality is often no longer a wanted one for privacy reasons. There is thus a severe conflict that needs to be solved: Sometimes the functionality of recognition and tracking is wanted and sometimes not. There need to be technically implemented models to provide a suitable trade-off. Based on the presented system-level goals, one can identify the following three tasks that an RFID protocol needs to perform: identification, authentication, and secret identifier modification. Identification is the main purpose of an RFID system and thus needs to be provided by any RFID protocol. This is done in practice by assigning a unique identifier to each tag. Authentication is used for preventing counterfeiting and for preventing illegitimate access to backend systems. If tags are able to prove their identity, they cannot be copied easily and one can be sure that the data they provide is valid. Secret Identifier modification is used to prevent unwanted recognition and tracking. As a static identifier can be used by anybody for recognition and tracking, the idea is to change the secret key identifier regularly. This is done in such a way that only the legitimate backend entity can recognize it. 4. Related Work Many approaches have been proposed to achieve private authentication in RFID Systems.Ohkubo et al. [4], also based on hashing chain, proposed a mutual authentication scheme for 100 Journal of Digital Information Management Volume 9 Number 3 June 2011

3 RFID system. The scheme aimed to provide the forward secrecy: that means even if we assume that an attacker can compromise a tag at some time, he cannot trace the past communications from the same tag. Unfortunately, the scheme cannot resist the replay attack [5].The Henrici Mauller scheme [6] updates a tag s identification after each successful authentication, and uses this varying identification to protect location privacy and anonymity. However, a tag always responses the same hashed value of the identification before the next successful authentication. This property allows an attacker to trace tags. Yang et al. [7,8] improved the Henrici Mauller scheme to achieve anonymity. However, it was pointed out that the scheme cannot protect privacy [5]. Rhee et al. [9], also based on PRNG function and hash function, proposed a mutual authentication scheme for RFID systems. However, the scheme cannot provide forward secrecy. Like Rhee et al. s scheme, Molnar and Wagner s scheme [10] still cannot provide forward secrecy: once a tag is compromised, the past communications from this tag can be traced. Juels [11] suggested a scheme to prevent the cloned tags from impersonating legitimate GEN-2 tags. However, his protocol did not take eavesdropping and privacy issues into consideration, therefore provides no protection against privacy invasion and secret information leakage [12]. Dimitriou proposed scheme [13] that intends to perform mutual authentication using a shared secret ID i. In this scheme, the reader sends a random number N R as the challenge. Upon receiving the challenge, the tag generates another random number N T and computes the signature hid i (N T, N R ) as the response to the challenge. To help the back-end server search the corresponding ID i, the tag also sends a metaid h(id i ) to the reader. However, an adversary can trace the tag by metaid. To address this problem, the scheme updates ID i after each successful interrogation. This enhancement can protect the tag from being traced forever. But the tag is traceable between two successive successful interrogations because metaid remains unchanged. Tsudik proposed a scheme called YA-TRAP (Yet Another Trivial RFID Authentication Protocol) [14]. In YA-TRAP, tag Ti shares a unique key ki with the reader. T i also stores a timestamp ti that records the last time at which it was interrogated. J. Collins et.al. [15] proposed that the tags can be saved either by destroying them or just by partially disabling them. Later Inoue et al. [16], Karjoth et.al. [17] and Good et.al. [18] suggested bringing some changes in this approach. The approach named Minimalist cryptography was introduced by Juels [19] which is also a kind of renaming approach in which tags can change their identity on their own. Juels and Pappu [20] proposed a new approach called the re-encryption in which they applied some cryptography and used keys and cipher text, but were not generalized. So, to generalize it they made changes in it and named it Universal re-encryption [21]. A Faraday Cage [22] approach was also proposed to get rid of some security issues which are nothing but an extra device added approach. There is a similar kind of approach named Proxying approach in which Floerkemeier et.al [23] introduced a prototype named Watchdog Tag. Rieback et al. [24] and Juels et al. [25] addressed a solution in which they introduced a concept of RFID Guardian. Yong Ki Lee and Ingrid Verbauwhede [26] propose two protocols SRAC and A-SRAC. The first protocol SRAC (Semi-Randomized Access Control) is designed using only a hash function as security primitives in tags. In spite of very restricted functionality, SRAC resolves not only security properties, such as the tracking problem, the forward secrecy and the denial of service attack, but also operational properties such as the scalability and the uniqueness of metaids. The second protocol ASRAC (Advanced SRAC) resolves the replay attack in the cost of a random number generator in tags. Moreover, these schemes have significantly reduced the amount of tag transmissions which is the most energy consuming task. Another invention is a RFID blocker tag [27] which exploit tag singulation (anti-collision) protocols in order to interrupt the communication with all tags or tags within a specific ID range. The blocker works for the most relevant anti-collision protocols (tree walking and ALOHA) and may be used for privacy protection but it can also be misused for mounting denial-of-service attacks. Y.C. Lee et al. [28] proposed an improved protocol which can avoid tracking and spoofing attack through the different hash value during each authentication. Shang-ping Wang et al. proposed a low-cost RFID mutual authentication protocol [29] based on the method of HMAC under the assumption that the Hash function is secure, the property that the new protocol can achieve mutual authentication between reader and tag. He Lei et al. proposed a one-way Hash based low-cost authentication protocol [30] with forward security and analyze its efficiency but the computation load was not taken into consideration. K.H.Yeh and Lo developed a robust EPC GEN-2 conformed protocol, called TRAP-3, to pursue stronger anonymity property and security feature [31]. Unfortunately, TRAP-3 still suffers from the de-synchronization attacks. He Lei et al.proposed an improved lightweight authentication protocol [32] using substring functions and analyzed its property. Allen Y.Chang et al. proposed an effective and secured certificate mechanism using mobile devices as RFID readers together with the credit cards containing RFID tags [33]. The result shows it can improve the existing RFID security issues under the premise of safety, efficiency and compatibility of the EPC network. Sun et al. [34] showed a desynchronization attack on SASI with at most 96 trials. 5. Proposed Method According to the problems in the literature review outlined above, an improved protocol is proposed which is also based on the hash function, and it can prevent illegal access, eavesdropping, tracking, impersonation and replay attacks. The protocol is illustrated in figure 2. The notations used in the proposed method are summarized in Table 1. Mobile RFID reader has to register and authenticate itself to the server. The server authenticates the reader and sends an ID R and K R to the reader. Symbol ID t ID R K i K i+1 K R r g Meanings Unique Identifier of the tag Unique Identifier of the reader Secret key shared between the tag and the server Updated Secret key used in between the tag and the server Secret key shared between the reader and the server Exclusive OR operation A random number generated through the use of a PRNG within the reader A random number generated through the use of a PRNG within the server for updating K i Journal of Digital Information Management Volume 9 Number 3 June

4 D H Detailed Information about the tag in the database Hash function Table 1. Notations of Proposed Protocol The details of the proposed method are described in following steps. 1. The reader generates and saves a pseudo random number r by utilizing PRNG and sends a query request to the tag. 2. After receiving the query message the tag computes H (ID t K i ) and forwards it to the reader. 3. The reader generates H (ID R ) and forwards it along with the message H (ID t K i ) to the server. 4. The server checks whether H (ID t K i ) forwarded by the reader matches with the stored hash code of the tags. If it matches then the database authenticates the tag as a legitimate one. Then it verifies the authenticity of the reader by matching the received hash code of the reader H (ID R ) with the stored hash code. If they are equal, the reader passes the authentication; otherwise, the reader is not authenticated. The server updates the confidential information K i to K i+1 where K i+1 = PRNG (K i ).g is the random number used to update the secret key K i. The server computes H (K i ) and operates XOR algorithm with g to generate H (K i ) g.this message along with the detailed information of tag D is forwarded in encrypted form to the reader using the reader password K R. 5. The reader decrypts and obtains the tag data D. It then utilizes the XOR algorithm to generate H (K i ) g r and forward it to the tag. The tag verifies the authenticity of the reader by using the random number r. It then verifies whether the received hash code of the secret identifier K i matches with the computed hash code of K i. If it matches then it computes K i+1 by performing the XOR operation of K i with random number g.it generates K i+1 and updates the secret key information K i to K i Security Analysis Figure 2. Proposed Method In this section, the security strength of the proposed method is analyzed. Eavesdropping: In the process of the proposed scheme the information has been encoded by hash function which makes the adversary to get the original value impossible because of the one-way characteristic. The attackers can t know the detailed content of the information even they espionage the outputs; In the process of (4), the server forwards the tag detail in encrypted form to the reader so the attackers also cannot know the real information. Denial of Service Attack: The proposed protocol needs synchronization between the server and the tag. The tag refreshes its secrets after taking confirmation from the server. An adversary can prevent the reader or the tag from receiving a message. If the adversary performs this attack on the last flow of the protocol, he can prevent the tag from taking confirmation. This breaks the synchronization between the tag and the server because the server refreshes the tag secrets but the tag does not. However, in the protocol, the server makes itself synchronize with the tag in such a situation because it stores old and new values of the tag secrets. Tag Cloning: Tag cloning means that, the data on a valid tag is scanned and copied by a malicious RFID reader and the copied data is embedded onto a fake tag. Authentication of RFID reader prevents this cloning attack. In the protocol, a tag never generates genuine replies unless it verifies the reader first. This verification thwarts the cloning attack. Forward Security: The forward-security property means that even if the adversary obtains the current secret key, he still cannot derive the keys used for past time periods. To ensure this, a forward-secure message authentication scheme which involves key-evolving is used. For each valid read operation, a tag uses the current key K i for creation and verification of authentication tags. At the end of each valid read operation, K i is updated by a one-way hash function H and previous K i is deleted. An attacker breaking in gets the current key. But given the current key it is still not possible to derive any of the previous keys. Privacy Attacks: In privacy attacks an adversary wants to learn the contents of the tag and queries the tags. In each session, the tag uses a hash function to generate H (ID t K i ) and responds the reader with the hash code. Only valid server can access the information associated with the tag, so it can only extract the correct information ID t from the message. Thus, the protocol provides information privacy for the tag. Replay Attack: The attackers can obtain outputs of the tag, and transmit the eavesdropped messages to the reader. But he cannot impersonate the legitimate tag since the outputs are different on every session. Therefore, the scheme is secure and against the impersonation and replay attack. 7. Implementation In this section, focus is on the security module implementation cost for the RFID tag because the passive RFID tag is hardware constrained device so that the implementation of the complex encryption schemes such as public key encryption or the symmetric key encryption is currently very rough task. Although the complex encryption scheme equipped tag could be implemented, the tag would cost more. Therefore, the implementation cost should be considered very carefully before implementing the security module into the Active or Passive tag. Excluding the basic need for RFID tag fabrication such as antenna, IC and memory area, only 1,000 ~ 3,500 gates can be assigned for security module implementation. To verify whether the proposed scheme can be implemented practically, experiment is made on the total number of gates for the proposed scheme. It has been designed in such a way that the data and pseudonym may be implemented in parallel. Therefore, 128 XOR modules are needed and the register which stores the 128 bit-length temporal data for implementation of the nonce or the ID of tag is also needed. However, these basic needs can be reduced by reducing the bit-length of data which the implementation module takes for input. For example, if we design the implementation module which takes 64 bit-length data as the input then the number of XOR module for 102 Journal of Digital Information Management Volume 9 Number 3 June 2011

5 the data padding and register size for the temporal input/output data storage can be reduced almost by half. In the proposed work, this module can be implemented within 5,208 gates if it is assumed that the implementation module is designed to take 32 bit-length data as input data. The total gates of the work are even smaller than those of the AES module or MD-4. Through experiment, especially in security and performance viewpoint, it is found that the work has the advantage of composition of hash and exclusive-or than just applying the hash function or the exclusive-or. The proposed method is implemented and tested on a RFID reader prototype model. Wireless mode of communication is used in between the RFID reader and mobile phone to make it act as a Mobile RFID reader. The objective of the experiment is to validate various aspects introduced in the proposed method and display the results. The screenshots of the implemented proposed method is shown in the figures below. Figure 6. Mobile Reader querying the tags Figure 3. Complete Setup Figure 7. Server returns details to Mobile Reader Figure 4. Result Output on Laptop To test the effectiveness and security of the proposed system, testing is conducted from various aspects. On hardware, a reader is selected and on software, programs are designed to conduct testing from various aspects such as accessing, decryption, modifying tag data, damaging and copying tag. Testing result could be concluded as following: The access of tag data through authentic or copied Reader is possible, but it is difficult to analyze the tag information out successfully. In other words, even unauthentic user could read out tag data, but they couldn t decrypt the information. Unauthentic user might modify tag data through specific ways, but such tag could not pass the validation of system. Once tag is damaged or copied, it could not pass the validation of system. 8. Efficiency Analysis Figure 5. Mobile Reader Login Besides security, care is also taken about how efficient a RFID system operates. The efficiency of a RFID system is measured by computation load on a tag, communication load, and computation load on the back-end server. Journal of Digital Information Management Volume 9 Number 3 June

6 Computation load on a tag This is measured by how many hash operations are needed on a tag for a complete interrogation. The proposed scheme involves two hash operations in total which are used for computing H (ID t K i ) and updating the secret key respectively. Communication Load Five messages are needed for a complete interrogation. Computation load on the server The proposed scheme can precompute the hash values before querying the tag and reader. During interrogation, the back-end server only needs to search the database. If appropriate searching algorithm is adopted, the server could find a matching value with complexity of O (1). In batch mode, the complexity is O (n). The following table compares the proposed scheme with previous work on efficiency. Computation load of the back- end sever is compared for batch mode. According to TABLE 2, it can be seen that the computation load of tags and communication load in the proposed scheme is mediate. However, the computation load on the server of the proposed method is the lowest among all these protocols. Since the number of tags may be large, the computation load on the back-end server is critical to the practical deployment of a RFID system. Proposed [18] [11] [4] [5] Hash operation Communication Load Computation Load on O(n) O(n 2 ) O(n 2 ) O(n) O(n) Server 9. Conclusion Table 2. Comparison of Protocols on Efficiency Authentication protocols for RFID tag/reader are important both for secure implementations as well as for allaying consumer s concerns with regard to their privacy and security in Mobile RFID environment. Having gained interest from researchers and industry alike over the past few years, this field is still very much in its infancy. Given the importance of security and privacy vulnerabilities faced by most such authentication protocols, it is of paramount importance to proactively stay current on possible new threats to security/privacy. Thus, this paper proposes an efficient Mobile RFID authentication protocol in insecure communication channels, which utilizes only hash functions, XOR calculations, and a pseudorandom generator. Many existing RFID authentication technologies have been designed taking into consideration the assumption that only the communication between a tag and a reader is insecure. However, the proposed protocol has been designed taking into consideration the possibility that not only the communication between a tag and a reader but also that between a reader and a database is insecure. If mobile RFIDs are to be used in every field of industry in the future, the risks involved in their use may also be applied not only to communications between a tag and a reader but also to that between a reader and a database, as they are both wireless channels. Therefore, if the proposed protocol would be improved to become safer and more efficient in the future, it will provide its users with a safer and more secure service. Also, the research on the light weight should be followed with the other researches to get more competitive in RFID cost. In a ubiquitous environment, the environment in which users can use low-cost devices to access many kinds of services should be built as soon as possible Also, the more researches must be carried out not only for the convenience of such tools but also to protect the privacy of users. References [1] Han, M., Paik, I., Lee, B., Hong, J. (2006). A Framework for Seamless Information Retrieval between an EPC Network and a Mobile RFID Network, In: Proceedings of the 6th IEEE International Conference on Computer and Information Technology, Sept. 2006, p [2] Garfinkel, S. L., Juels, A.,and Pappu, R. (2005). RFID Privacy: An Overview of Problems and Proposed Solutions, IEEE Security & Privacy. [3] Telecommunication Technology Association (2006). A code system of mobile RFID and the structure of tag data, Dec. [4] Ohkubo, M., Suzki, K., Kinoshita,S (2003). Cryptographic approach to privacy friendly tags, In: RFID Privacy Workshop. [5] Avoine, G., Dysli, E., Oechslin, P (2005). Reducing time complexity in RFID systems, The 12th Annual Workshop on Selected Areas in Cryptography (SAC). [6] Henrici, A.D., Mauller, P (2004). Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers, Proceedings of PerSec 04 at IEEE PerCom, p [7] Yang, J., Park, J., Lee, H., Ren, K., Kim, K (2005). Mutual authentication protocol for low-cost RFID, Handout of the Encrypt Workshop on RFID and Lightweight Cryptography. [8] Yang, J., Ren, K., Kim, K. (2005). Security and privacy on authentication protocol for low-cost radio, In: The 2005 Symposium on Cryptography and Information Security. [9] Rhee, K., Kwak, J., Kim, S., Won, D(2005), Challengeresponse based RFID authentication protocol for distributed database environment, In: International Conference on Security in Pervasive Computing SPC 2005,pp [10] Molnar, D., Wagner, D. (2004). Privacy and security in library RFID: issues, practices, and architectures, Conference on Computer and Communications Security CCS 04, 2004, p [11] Juels, A. (2005). Strengthening EPC tag against cloning, In: Proceedings of the 4th ACM Workshop on Wireless Security. [12] Duc, D.N., Park, J., Lee, H., Kim, K (2006). Enhancing security of EPCglobal GEN-2 RFID tag against traceability and cloning, In: The 2006 Symposium on Cryptography and Information Security. [13] Dimitriou, T. (2005). A lightweight RFID protocol to protect against traceability and cloning attacks, Conference on Security and Privacy for Emerging Areas in Communication Networks SecureComm. Athens, Greece: IEEE, September [14] Tsudik, G. (2006). YA-TRAP: Yet another trivial RFID authentication protocol, In: International Conference on Pervasive Computing and Communications PerCom 2006, IEEE. Pisa, Italy: IEEE Computer Society Press, March [15] Collins, J. (2004). Marks Spencer expands RFID retail trial, RFID journal, February, p [16] Inoue, S. Yasuura, H. (2003). RFID privacy using user controllable uniqueness, In: RFID Privacy Workshop, MIT, Massachusetts, USA, November 2003, p Journal of Digital Information Management Volume 9 Number 3 June 2011

7 [17] Karjoth, G., Moskowitz, P (2005). Disabling RFID tags with visible confirmation: Clipped tags are silenced, Workshop on Privacy in the Electronic Society (WPES), p [18] Good, N., Han, J., Miles, E., Molnar, DMulligan, D., Quilter, L., Urban, J., Wagner, D (2004). Radio frequency identification and privacy with information goods, In: Workshop on Privacy in the Electronic Society WPES, ACM Press, p [19] Juels, A. (2004). Minimalist cryptography for low-cost RFID tags, In: Proceedings of the 4th International Conference on Security in Communication Networks, Springer-Verlag, vol. 3352, p [20] Juels, A., Pappu, R (2003). Squealing Euros: Privacy protection in RFID enabled banknotes. Financial Cryptography, Springer-Verlag, V. 2742, p [21] Ateniese, G., Camenisch, J., de Madeiros, B. (2005). Uuntraceable RFID tags via insubvertible encryption, Proceedings of the 12th ACM Conference on Computer and Communication Security, p [22] Luo, Zongwei., Chan, Terry., Li, Jenny S. (2005). A Lightweight Mutual Authentication Protocol for RFID Networks, Proceedings of the ICEBE, October 2005, p [23] Floerkemeier, C., Schneider, R., Langheinrich, M (2004). Scanning with a purpose - supporting the fair information principles in RFID protocols, In: Proceedings of the 2nd International Symposium on Ubiquitous Computing Systems, p [24] Rieback, M., Crispo,. B., Tanenbaum, B. (2005). RFID Guardian: A battery powered mobile device for RFID Privacy management, In: Proceedings of the Australasian Conference on Information Security and Privacy ACISP, Springer-Verlag, V. 3574, p [25] Juels, A., Syverson, P., Bailey, D (2005). High-power proxies for enhancing RFID privacy and utility, Privacy Enhancing Technologies (PET), p [26] Lee, Yong Ki., Verbauwhede, Ingrid (2005).bSecure and Low-cost RFID Authentication Protocols, In: Proceedings of the 2nd IEEE International Workshop on Adaptive Wireless Networks, November [27] Juels, A., Rivest, R.L., Szydlo, M (2003). The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy, In: Proceedings of the 10th ACM conference on Computer and communications security. [28] Lee, Y.C., Hsieh, Y.C.,You, P.S., Chen, T.C (2008). An Improvement on RFID Authentication Protocol with Privacy Protection, In: Proceedings of the 3rd International Conference on Convergence and Hybrid Information Technology, South Korea: Busan, V.2, p [29] Shang-ping Wang, Qiao-mei Ma, Ya-ling Zhang and Yousheng Li (2010). HMAC-Based RFID Authentication Protocol, In: Proceedings of the 2nd International Symposium on Information Engineering and Electronic Commerce, China, pp.1-4. [30] He Lei, Lu Xin-mei, Jin Song-he and Cai Zeng-yu (2010). A One-way Hash based Low-cost Authentication Protocol with Forward Security in RFID System, In: Proceedings of the 2nd International Asia Conference on Informatics in Control, Automation and Robotics, China, p [31] Yeh, K.H., Lo, N.W (2010). Improvement of Two Lightweight RFID Authentication Protocols, Information Assurance and Security Letters 1, p [32] He Lei, Gan Yong, Cai Zeng-yu and Li Na-na (2010). An Improved Lightweight RFID Protocol Using Substring, In: Proceedings of the 5th International Conference on Wireless Communications, Networking and Mobile Computing, China. [33] Chang, Allen Y., Tsai, Dwen-Ren., Tsai, Chang-Lung., Lin, Yong-Jiang (2009). An Improved Certificate Mechanism for Transactions Using Radio Frequency Identification Enabled Mobile Phone, In: Proceedings of the 43rd Annual International Conference on Security Technology, Taiwan, p [34] Sun, H.M., Ting, W.C., Wang, K.H (2011). On the Security of Chien s Ultra lightweight RFID Authentication Protocol, IEEE Transactions on Dependable and Secure Computing, p Authors Biographies M. Sandhya obtained her B.E. (Computer Science & Engineering) in 1998 and M.E. (Computer Science & Engineering) in She is pursuing her Ph.D. (Computer Science & Engineering) in Anna University, Chennai, India. She has 14 years of Academic experience. She has authored a book on Artificial Intelligence. She has presented 7 papers in International Conferences and Journals. She is a review member of reputed journals such as European Journal on Information Systems (Macmillan Publishers) and International Journal of Information Technology & Management (InderScience Publishers).She is also a review Committee member of IEEE International Conference on Machine Language & Computing and Conference on Network Security & Applications (CNSA 2011).She is currently working as Assistant Professor (Senior Grade), Computer Science & Engineering Department in B.S.Abdur Rahman University, (formerly B.S.A.Crescent Engineering College), Chennai, India. Her area of interest encompasses Artificial Intelligence, Automata Theory, RFID, Security in Databases, Network Security etc. Dr. T.R. Rangaswamy obtained his Diploma in Electrical Engineering in 1968, B.E. in Electrical & Electronics Engineering in 1977 (GCT, Coimbatore) and M.E. in Applied Electronics in 1985 (CIT, Coimbatore). He obtained his Ph.D. from Anna University Chennai in He has 22 years of experience in Commissioning, Operation and Maintenance of thermal power stations in National & Multinational organizations. He has also 16 years of academic experience. He has co-authored a book on ENGINEERING BASICS (Electrical, Electronics & Computer Engineering). He has published 85 papers in National, and International Conferences and Journals. He is currently working as Professor in Information Technology and Dean (Academic Affairs) in B.S.A. University, (formerly B.S.A.Crescent Engineering College), Chennai, India. His area of interest encompasses neural networks, fuzzy logic, artificial intelligence, adaptive, predictive and expert systems, Network Security etc. Journal of Digital Information Management Volume 9 Number 3 June

Back-end Server Reader Tag

Back-end Server Reader Tag A Privacy-preserving Lightweight Authentication Protocol for Low-Cost RFID Tags Shucheng Yu, Kui Ren, and Wenjing Lou Department of ECE, Worcester Polytechnic Institute, MA 01609 {yscheng, wjlou}@wpi.edu

More information

A Study on the Security of RFID with Enhancing Privacy Protection

A Study on the Security of RFID with Enhancing Privacy Protection A Study on the Security of RFID with Enhancing Privacy Protection *Henry Ker-Chang Chang, *Li-Chih Yen and *Wen-Chi Huang *Professor and *Graduate Students Graduate Institute of Information Management

More information

Tackling Security and Privacy Issues in Radio Frequency Identification Devices

Tackling Security and Privacy Issues in Radio Frequency Identification Devices Tackling Security and Privacy Issues in Radio Frequency Identification Devices Dirk Henrici and Paul Müller University of Kaiserslautern, Department of Computer Science, PO Box 3049 67653 Kaiserslautern,

More information

A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags

A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags Sarah Abughazalah, Konstantinos Markantonakis, and Keith Mayes Smart Card Centre-Information Security Group (SCC-ISG) Royal Holloway,

More information

On the Security of RFID

On the Security of RFID On the Security of RFID Hung-Min Sun Information Security Lab. Department of Computer Science National Tsing Hua University slide 1 What is RFID? Radio-Frequency Identification Tag Reference http://glossary.ippaper.com

More information

A Survey of RFID Authentication Protocols Based on Hash-Chain Method

A Survey of RFID Authentication Protocols Based on Hash-Chain Method Third 2008 International Conference on Convergence and Hybrid Information Technology A Survey of RFID Authentication Protocols Based on Hash-Chain Method Irfan Syamsuddin a, Tharam Dillon b, Elizabeth

More information

RFID Security: Threats, solutions and open challenges

RFID Security: Threats, solutions and open challenges RFID Security: Threats, solutions and open challenges Bruno Crispo Vrije Universiteit Amsterdam crispo@cs.vu.nl 1 Table of Content RFID technology and applications Security Issues Privacy Proposed (partial)

More information

Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags

Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags Seyed Mohammad Alavi 1, Karim Baghery 2 and Behzad Abdolmaleki 3 1 Imam Hossein Comprehensive University Tehran, Iran

More information

Privacy and Security in library RFID Issues, Practices and Architecture

Privacy and Security in library RFID Issues, Practices and Architecture Privacy and Security in library RFID Issues, Practices and Architecture David Molnar and David Wagner University of California, Berkeley CCS '04 October 2004 Overview Motivation RFID Background Library

More information

A Secure RFID Ticket System For Public Transport

A Secure RFID Ticket System For Public Transport A Secure RFID Ticket System For Public Transport Kun Peng and Feng Bao Institute for Infocomm Research, Singapore Abstract. A secure RFID ticket system for public transport is proposed in this paper. It

More information

Security Analysis and Complexity Comparison of Some Recent Lightweight RFID Protocols

Security Analysis and Complexity Comparison of Some Recent Lightweight RFID Protocols Security Analysis and Complexity Comparison of Some Recent Lightweight RFID Protocols Ehsan Vahedi, Rabab K. Ward and Ian F. Blake Department of Electrical and Computer Engineering The University of British

More information

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER Mrs. P.Venkateswari Assistant Professor / CSE Erode Sengunthar Engineering College, Thudupathi ABSTRACT Nowadays Communication

More information

Strengthen RFID Tags Security Using New Data Structure

Strengthen RFID Tags Security Using New Data Structure International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University

More information

PAP: A Privacy and Authentication Protocol for Passive RFID Tags

PAP: A Privacy and Authentication Protocol for Passive RFID Tags PAP: A Privacy and Authentication Protocol for Passive RFID s Alex X. Liu LeRoy A. Bailey Department of Computer Science and Engineering Michigan State University East Lansing, MI 48824-1266, U.S.A. {alexliu,

More information

Scalable RFID Security Protocols supporting Tag Ownership Transfer

Scalable RFID Security Protocols supporting Tag Ownership Transfer Scalable RFID Security Protocols supporting Tag Ownership Transfer Boyeon Song a,1, Chris J. Mitchell a,1 a Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK

More information

Proxy Framework for Enhanced RFID Security and Privacy

Proxy Framework for Enhanced RFID Security and Privacy Proxy Framework for Enhanced RFID Security and Privacy Tassos Dimitriou Athens Information Technology Markopoulo Ave., 19002, Peania Athens, Greece tdim@ait.edu.gr Abstract Radio Frequency IDentification

More information

RFID Security and Privacy: Threats and Countermeasures

RFID Security and Privacy: Threats and Countermeasures RFID Security and Privacy: Threats and Countermeasures Marco Spruit Wouter Wester Technical Report UU-CS- 2013-001 January 2013 Department of Information and Computing Sciences Utrecht University, Utrecht,

More information

A Research on Issues Related to RFID Security and Privacy

A Research on Issues Related to RFID Security and Privacy A Research on Issues Related to RFID Security and Privacy Jongki Kim1, Chao Yang2, Jinhwan Jeon3 1 Division of Business Administration, College of Business, Pusan National University 30, GeumJeong-Gu,

More information

4. Open issues in RFID security

4. Open issues in RFID security 4. Open issues in RFID security Lot of research efforts has been put on RFID security issues during recent years. A survey conducted by CapGemini showed that consumers see RFID more intrusive than several

More information

Security, Privacy, Authentication in RFID and Applications of Smart E-Travel

Security, Privacy, Authentication in RFID and Applications of Smart E-Travel Security, Privacy, Authentication in RFID and Applications of Smart E-Travel Mouza Ahmad Bani Shemaili, Chan Yeob Yeun, Mohamed Jamal Zemerly Computer Engineering Department, Khalifa University for Science,

More information

Enabling the secure use of RFID

Enabling the secure use of RFID Enabling the secure use of RFID BLACK ME/FOTOLIA.com Enhancing security of radio frequency identification to connect safely to the Internet of Things UHF radio frequency identification (RFID) promises

More information

RFID Security and Privacy: A Research Survey. Vincent Naessens Studiedag Rabbit project

RFID Security and Privacy: A Research Survey. Vincent Naessens Studiedag Rabbit project RFID Security and Privacy: A Research Survey Vincent Naessens Studiedag Rabbit project RFID Security and Privacy: A Research Survey 1. Introduction 2. Security and privacy problems 3. Basic RFID tags 4.

More information

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System ArchanaThange Post Graduate Student, DKGOI s COE, Swami Chincholi, Maharashtra, India archanathange7575@gmail.com,

More information

SECURITY FLOWS AND IMPROVEMENT OF A RECENT ULTRA LIGHT-WEIGHT RFID PROTOCOL

SECURITY FLOWS AND IMPROVEMENT OF A RECENT ULTRA LIGHT-WEIGHT RFID PROTOCOL SECURITY FLOWS AND IMPROVEMENT OF A RECENT ULTRA LIGHT-WEIGHT RFID PROTOCOL Mehrdad Kianersi and Mahmoud Gardeshi 1 Department of Information Technology and Communication, I.H.University, Tehran, Iran

More information

The Study on RFID Security Method for Entrance Guard System

The Study on RFID Security Method for Entrance Guard System The Study on RFID Security Method for Entrance Guard System Y.C. Hung 1, C.W. Tsai 2, C.H. Hong 3 1 Andrew@mail.ncyu.edu.tw 2 s0930316@mail.ncyu.edu.tw 3 chhong@csie.ncyu.edu.tw Abstract: The RFID technology

More information

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions July, 2006 Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked

More information

Various Attacks and their Countermeasure on all Layers of RFID System

Various Attacks and their Countermeasure on all Layers of RFID System Various Attacks and their Countermeasure on all Layers of RFID System Gursewak Singh, Rajveer Kaur, Himanshu Sharma Abstract RFID (radio frequency identification) system is one of the most widely used

More information

Security and privacy in RFID

Security and privacy in RFID Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar 8 November 2007 Outline 1 RFID Primer 2 Passive RFID tags 3 Issues on Security and Privacy 4 Basic Tags 5 Symmetric-key Tags 6 Conclusion

More information

Security Issues in RFID. Kai Wang Research Institute of Information Technology, Tsinghua University, Beijing, China wang-kai09@mails.tsinghua.edu.

Security Issues in RFID. Kai Wang Research Institute of Information Technology, Tsinghua University, Beijing, China wang-kai09@mails.tsinghua.edu. Security Issues in RFID Kai Wang Research Institute of Information Technology, Tsinghua University, Beijing, China wang-kai09@mails.tsinghua.edu.cn Abstract RFID (Radio Frequency IDentification) are one

More information

Secure and Serverless RFID Authentication and Search Protocols

Secure and Serverless RFID Authentication and Search Protocols Secure and Serverless RFID Authentication and Search Protocols Chiu C. Tan, Bo Sheng, and Qun Li {cct,shengbo,liqun}@cs.wm.edu Department of Computer Science College of William and Mary Abstract With the

More information

THE SECURITY AND PRIVACY ISSUES OF RFID SYSTEM

THE SECURITY AND PRIVACY ISSUES OF RFID SYSTEM THE SECURITY AND PRIVACY ISSUES OF RFID SYSTEM Iuon Chang Lin Department of Management Information Systems, National Chung Hsing University, Taiwan, Department of Photonics and Communication Engineering,

More information

An Overview of Approaches to Privacy Protection in RFID

An Overview of Approaches to Privacy Protection in RFID An Overview of Approaches to Privacy Protection in RFID Jimmy Kjällman Helsinki University of Technology Jimmy.Kjallman@tkk.fi Abstract Radio Frequency Identification (RFID) is a common term for technologies

More information

ANTI-COUNTERFEITING OF FASHION BRANDS USING RFID TECHNOLOGY Patrick C.L. Hui, Kirk H.M. Wong, and Allan C.K. Chan

ANTI-COUNTERFEITING OF FASHION BRANDS USING RFID TECHNOLOGY Patrick C.L. Hui, Kirk H.M. Wong, and Allan C.K. Chan ANTI-COUNTERFEITING OF FASHION BRANDS USING RFID TECHNOLOGY Patrick C.L. Hui, Kirk H.M. Wong, and Allan C.K. Chan ABSTRACT Anti-counterfeiting comes to the attention of fashion brand owners concerned as

More information

86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014

86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014 86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014 Dual server-based secure data-storage system for cloud storage Woong Go ISAA Lab, Department of Information Security Engineering,

More information

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257 Wireless Sensor Network Security Seth A. Hellbusch CMPE 257 Wireless Sensor Networks (WSN) 2 The main characteristics of a WSN include: Power consumption constrains for nodes using batteries or energy

More information

RFID Security. April 10, 2006. Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

RFID Security. April 10, 2006. Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark April 10, 2006 Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark 1 Outline What is RFID RFID usage Security threats Threat examples Protection Schemes for

More information

RFID Authentication Protocol for Low-cost Tags

RFID Authentication Protocol for Low-cost Tags RFID Authentication Protocol for Low-cost Tags Boyeon Song Information Security Group Royal Holloway, University of London Egham, Surrey, TW20 0EX, UK b.song@rhul.ac.uk Chris J Mitchell Information Security

More information

RFID SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region

RFID SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region RFID SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT K.karthika 1, M. Daya kanimozhi Rani 2 1 K.karthika, Assistant professor, Department of IT, Adhiyamaan College of Engineering, Hosur

More information

Security and Privacy in RFID

Security and Privacy in RFID Security and Privacy in RFID Sirkka-Liisa Vehkaoja Oulu University of Applied Sciences, t8vesi00@students.oamk.fi Abstract Security and privacy in RFID and mobile RFID services and user-side communication

More information

RFID based Bill Generation and Payment through Mobile

RFID based Bill Generation and Payment through Mobile RFID based Bill Generation and Payment through Mobile 1 Swati R.Zope, 2 Prof. Maruti Limkar 1 EXTC Department, Mumbai University Terna college of Engineering,India Abstract Emerging electronic commerce

More information

Single Sign-On Secure Authentication Password Mechanism

Single Sign-On Secure Authentication Password Mechanism Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,

More information

Protecting the privacy of passive RFID tags

Protecting the privacy of passive RFID tags 1 Protecting the privacy of passive RFID tags Email: Nimish Vartak, Anand Patwardhan, Anupam Joshi, Tim Finin, Paul Nagy* Department of Computer Science and Electrical Engineering University of Maryland,

More information

Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics

Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics Younsung Choi College of Information and Communication Engineering, Sungkyunkwan University,

More information

Privacy Threats in RFID Group Proof Schemes

Privacy Threats in RFID Group Proof Schemes Privacy Threats in RFID Group Proof Schemes HyoungMin Ham, JooSeok Song Abstract RFID tag is a small and inexpensive microchip which is capable of transmitting unique identifier through wireless network

More information

An Overview of RFID Security and Privacy threats

An Overview of RFID Security and Privacy threats An Overview of RFID Security and Privacy threats Maxim Kharlamov mkha130@ec.auckland.ac.nz The University of Auckland October 2007 Abstract Radio Frequency Identification (RFID) technology is quickly deploying

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Security Requirements for RFID Computing Systems

Security Requirements for RFID Computing Systems International Journal of Network Security, Vol.6, No.2, PP.214 226, Mar. 2008 214 Security Requirements for RFID Computing Systems Xiaolan Zhang 1 and Brian King 2 (Corresponding author: Xiaolan Zhang)

More information

Cryptography and Network Security Sixth Edition by William Stallings

Cryptography and Network Security Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 1 Overview The combination of space, time, and strength that must be considered as the basic elements of this theory of defense

More information

Radio Frequency Identification (RFID) Presenter: Dusan Stevanovic April 3, 2007

Radio Frequency Identification (RFID) Presenter: Dusan Stevanovic April 3, 2007 Radio Frequency Identification (RFID) Presenter: Dusan Stevanovic April 3, 2007 Introduction RFID are systems that transmit identity (in the form of a unique serial number) of an object or person wirelessly,

More information

DELEGATING LOG MANAGEMENT TO THE CLOUD USING SECURE LOGGING

DELEGATING LOG MANAGEMENT TO THE CLOUD USING SECURE LOGGING Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IJCSMC, Vol. 3, Issue.

More information

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:

More information

Implementation of a PC Security System using RF Transmitter-Receivers

Implementation of a PC Security System using RF Transmitter-Receivers Smart Computing Review, vol. 2, no. 4, August 2012 269 Smart Computing Review Implementation of a PC Security System using RF Transmitter-Receivers Il-Ho Park Technology Research Center, RetailTech LTD.

More information

Secure Anonymous RFID Authentication Protocols

Secure Anonymous RFID Authentication Protocols Secure Anonymous RFID Authentication Protocols Christy Chatmon Computer & Information Sciences Florida A & M University Tallahassee, Florida 32307-5100 cchatmon@cis.famu.edu Tri van Le and Mike Burmester

More information

Authentication Protocols Using Hoover-Kausik s Software Token *

Authentication Protocols Using Hoover-Kausik s Software Token * JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 691-699 (2006) Short Paper Authentication Protocols Using Hoover-Kausik s Software Token * WEI-CHI KU AND HUI-LUNG LEE + Department of Computer Science

More information

A Brief Survey on RFID Privacy and Security

A Brief Survey on RFID Privacy and Security A Brief Survey on RFID Privacy and Security J. Aragones-Vilella, A. Martínez-Ballesté and A. Solanas CRISES Reserch Group UNESCO Chair in Data Privacy Dept. of Computer Engineering and Mathematics, Rovira

More information

RFID and GSM Based ATM Money Transfer Prototype System

RFID and GSM Based ATM Money Transfer Prototype System RFID and GSM Based ATM Money Transfer Prototype System G Vinay Kumar 1, R.Raju 2, Santhosh Kumar 3 PG Student, Embedded System, Dept. of ECE, MLRS, India 1 Project Coordinator, Embedded System, Dept. of

More information

IMPROVISED SECURITY PROTOCOL USING NEAR FIELD COMMUNICATION IN SMART CARDS

IMPROVISED SECURITY PROTOCOL USING NEAR FIELD COMMUNICATION IN SMART CARDS IMPROVISED SECURITY PROTOCOL USING NEAR FIELD COMMUNICATION IN SMART CARDS Mythily V.K 1, Jesvin Veancy B 2 1 Student, ME. Embedded System Technologies, Easwari Engineering College, Ramapuram, Anna University,

More information

DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION

DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION Hasna.R 1, S.Sangeetha 2 1 PG Scholar, Dhanalakshmi Srinivasan College of Engineering, Coimbatore. 2 Assistant Professor, Dhanalakshmi Srinivasan

More information

Device-based Secure Data Management Scheme in a Smart Home

Device-based Secure Data Management Scheme in a Smart Home Int'l Conf. Security and Management SAM'15 231 Device-based Secure Data Management Scheme in a Smart Home Ho-Seok Ryu 1, and Jin Kwak 2 1 ISAA Lab., Department of Computer Engineering, Ajou University,

More information

RFID Systems: A Survey on Security Threats and Proposed Solutions

RFID Systems: A Survey on Security Threats and Proposed Solutions RFID Systems: A Survey on Security Threats and Proposed Solutions Pedro Peris-Lopez, Julio Cesar Hernandez-Castro, Juan M. Estevez-Tapiador, and Arturo Ribagorda Computer Science Department, Carlos III

More information

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography ROMANIAN JOURNAL OF INFORMATION SCIENCE AND TECHNOLOGY Volume 16, Number 4, 2013, 324 335 An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

More information

Security and User Privacy for Mobile-RFID Applications in Public Zone

Security and User Privacy for Mobile-RFID Applications in Public Zone Security and User Privacy for Mobile-RFID Applications in Public Zone Divyan M. Konidala, Hyunrok Lee, Dang Nguyen Duc, Kwangjo Kim Information and Communications University (ICU), International Research

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS Abstract: The Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential

More information

Information Security

Information Security Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked

More information

Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards

Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the

More information

Lightweight Encryption Protocol for Passive RFID System using SIMON

Lightweight Encryption Protocol for Passive RFID System using SIMON Lightweight Encryption Protocol for Passive RFID System using SIMON Vidur Nayyar, Prajna Setty Graduate students Electrical and Computer Engineering (nayyar.vidur, prajna.setty)@rutgers.edu Rutgers,The

More information

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶 Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course

More information

Privacy Enhanced Active RFID Tag

Privacy Enhanced Active RFID Tag Privacy Enhanced Active RFID Tag Shingo Kinoshita, Miyako Ohkubo, Fumitaka Hoshino, Gembu Morohashi, Osamu Shionoiri, and Atsushi Kanai NTT Information Sharing Platform Laboratories, NTT Corporation 1-1

More information

RFID System: Design Parameters and Security Issues

RFID System: Design Parameters and Security Issues World Applied Sciences Journal 23 (2): 236-244, 2013 ISSN 1818-4952 IDOSI Publications, 2013 DOI: 10.5829/idosi.wasj.2013.23.02.171 RFID System: Design Parameters and Security Issues 1 1 2 Meena Nawaz,

More information

Research Article Cloud-Based RFID Mutual Authentication Protocol without Leaking Location Privacy to the Cloud

Research Article Cloud-Based RFID Mutual Authentication Protocol without Leaking Location Privacy to the Cloud International Journal of Distributed Sensor Networks Article ID 937198 Research Article Cloud-Based RFID Mutual Authentication Protocol without Leaking Location Privacy to the Cloud Qingkuan Dong, Jiaqing

More information

A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA

A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA Mr.Mahesh S.Giri Department of Computer Science & Engineering Technocrats Institute of Technology Bhopal, India

More information

Privacy versus Scalability in Radio Frequency Identification Systems

Privacy versus Scalability in Radio Frequency Identification Systems Privacy versus Scalability in Radio Frequency Identification Systems August 6, 2010 Basel Alomair and Radha Poovendran Network Security Lab University of Washington-Seattle {alomair,rp3}@uw.edu Abstract

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

A Framework for RFID Systems Security for Human Identification Based on Three-Tier Categorization Model

A Framework for RFID Systems Security for Human Identification Based on Three-Tier Categorization Model A Framework for RFID Systems Security for Human Identification Based on Three-Tier Categorization Model Mu awya Naser, Mohammad Al Majaly, Muhammad Rafie, Rahmat Budiarto Computer Science school Univrsiti

More information

Secret Sharing based on XOR for Efficient Data Recovery in Cloud

Secret Sharing based on XOR for Efficient Data Recovery in Cloud Secret Sharing based on XOR for Efficient Data Recovery in Cloud Computing Environment Su-Hyun Kim, Im-Yeong Lee, First Author Division of Computer Software Engineering, Soonchunhyang University, kimsh@sch.ac.kr

More information

Problems of Security in Ad Hoc Sensor Network

Problems of Security in Ad Hoc Sensor Network Problems of Security in Ad Hoc Sensor Network Petr Hanáček * hanacek@fit.vutbr.cz Abstract: The paper deals with a problem of secure communication between autonomous agents that form an ad hoc sensor wireless

More information

A Layered Signcryption Model for Secure Cloud System Communication

A Layered Signcryption Model for Secure Cloud System Communication Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 6, June 2015, pg.1086

More information

Public Auditing for Shared Data in the Cloud by Using AES

Public Auditing for Shared Data in the Cloud by Using AES Public Auditing for Shared Data in the Cloud by Using AES 1 Syagamreddy Subbareddy, 2 P.Tejaswi, 3 D.Krishna 1 M.Tech(CSE) Pursuing, 2 Associate Professor, 3 Associate Professor,HOD, 1,2,3 Dept. of Computer

More information

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption Partitioning Data and Domain Integrity Checking for Storage - Improving Cloud Storage Security Using Data Partitioning Technique Santosh Jogade *, Ravi Sharma, Prof. Rajani Kadam Department Of Computer

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

Low-Cost RFID Authentication Protocol for Anti-Counterfeiting and Privacy Protection

Low-Cost RFID Authentication Protocol for Anti-Counterfeiting and Privacy Protection Low-Cost RFID Authentication Protocol for Anti-Counterfeiting and Privacy Protection YUNG-CHIN CHEN 1,*, WEI-LIN WANG 1, AND MIN-SHIANG HWANG 2 1 Department of Computer and Communication Engineering, Asia

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

More information

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card C. Koner, Member, IACSIT, C. T. Bhunia, Sr. Member, IEEE and U. Maulik, Sr. Member, IEEE

More information

Selective dependable storage services for providing security in cloud computing

Selective dependable storage services for providing security in cloud computing Selective dependable storage services for providing security in cloud computing Gade Lakshmi Thirupatamma*1, M.Jayaram*2, R.Pitchaiah*3 M.Tech Scholar, Dept of CSE, UCET, Medikondur, Dist: Guntur, AP,

More information

Privacy and Security Aspects of RFID Tags

Privacy and Security Aspects of RFID Tags Privacy and Security Aspects of RFID Tags Dong-Her Shih Department of Information Management, National Yunlin University of Science and Technology, 123, Section 3, University Road, Douliu, Yunlin, Taiwan

More information

Secrecy Maintaining Public Inspecting For Secure Cloud Storage

Secrecy Maintaining Public Inspecting For Secure Cloud Storage Secrecy Maintaining Public Inspecting For Secure Cloud Storage K.Sangamithra 1, S.Tamilselvan 2 M.E, M.P.Nachimuthu.M.Jaganathan Engineering College, Tamilnadu, India 1 Asst. Professor, M.P.Nachimuthu.M.Jaganathan

More information

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD Volume 1, Issue 7, PP:, JAN JUL 2015. SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD B ANNAPURNA 1*, G RAVI 2*, 1. II-M.Tech Student, MRCET 2. Assoc. Prof, Dept.

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan

Security/Privacy Models for Internet of things: What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan 1 Internet of Things (IoT) CASAGRAS defined that: A global

More information

A New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography

A New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography A New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography Chao-Wen Chan and Chih-Hao Lin Graduate School of Computer Science and Information Technology, National Taichung Institute

More information

A Road Map on Security Deliverables for Mobile Cloud Application

A Road Map on Security Deliverables for Mobile Cloud Application A Road Map on Security Deliverables for Mobile Cloud Application D.Pratiba 1, Manjunath A.E 2, Dr.N.K.Srinath 3, Dr.G.Shobha 4, Dr.Siddaraja 5 Asst. Professor, Department of Computer Science and Engineering,

More information

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75 Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.

More information

N TH THIRD PARTY AUDITING FOR DATA INTEGRITY IN CLOUD. R.K.Ramesh 1, P.Vinoth Kumar 2 and R.Jegadeesan 3 ABSTRACT

N TH THIRD PARTY AUDITING FOR DATA INTEGRITY IN CLOUD. R.K.Ramesh 1, P.Vinoth Kumar 2 and R.Jegadeesan 3 ABSTRACT N TH THIRD PARTY AUDITING FOR DATA INTEGRITY IN CLOUD R.K.Ramesh 1, P.Vinoth Kumar 2 and R.Jegadeesan 3 1 M.Tech Student, Department of Computer Science and Engineering, S.R.M. University Chennai 2 Asst.Professor,

More information

RF ID Security and Privacy

RF ID Security and Privacy RF ID Security and Privacy EJ Jung 11/15/10 What is RFID?! Radio-Frequency Identification Tag Antenna Chip How Does RFID Work? 02.3DFEX4.78AF51 EasyToll card #816 Radio signal (contactless) Range: from

More information

Wireless Sensor Networks Chapter 14: Security in WSNs

Wireless Sensor Networks Chapter 14: Security in WSNs Wireless Sensor Networks Chapter 14: Security in WSNs António Grilo Courtesy: see reading list Goals of this chapter To give an understanding of the security vulnerabilities of Wireless Sensor Networks

More information

The next generation of knowledge and expertise Wireless Security Basics

The next generation of knowledge and expertise Wireless Security Basics The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com

More information

CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME

CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME Mohammed Aijaz Ahmed 1, D. Rajya Lakshmi 2 and Sayed Abdul Sattar 3 1 Department of Computer Science and

More information