nach oben

Wireless Personal Communications

Erschienen in:

13.04.2018

Are RNGs Achilles’ Heel of RFID Security and Privacy Protocols?

verfasst von: Atakan Arslan, Süleyman Kardaş, Sultan Aldırmaz Çolak, Sarp Ertürk

Erschienen in: Wireless Personal Communications | Ausgabe 4/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Security and privacy concerns have been growing with the increased utilisation of RFID technology in our daily lives. To mitigate these issues, numerous privacy-friendly authentication protocols have been published in the last decade. Random number generators (RNGs) are necessarily used in RFID tags to provide security and privacy. However, low-end RNGs can be the weakest point in a protocol scheme and using them might undesirably cause severe security and privacy problems. On the other hand, having a secure RNG with large entropy might be a trade-off between security and cost for low-cost RFID tags. Furthermore, RNGs used in low-cost RFID tags might not work properly in time. Therefore, we claim that the vulnerability of using an RNG deeply influences the security and privacy level of the RFID system. To the best of our knowledge, this concern has not been considered in the RFID literature. Motivated by this need, in this study, we first revisit Vaudenay’s privacy model which combines the early models and presents a new mature privacy model with different adversary classes. Then, we extend the model by introducing RANDOMEYE privacy, which allows analyzing the security of RNGs in RFID protocols. We further apply our extended model to two existing RFID schemes.

Vorheriger Artikel A Connectivity-Based Multi-Lane Routing Optimization Algorithm in Vehicular Communication

Nächster Artikel Novel Data Fusion Algorithm Based on Event-Driven and Dempster–Shafer Evidence Theory

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

PC1: Windows 7, 32 bit Catalyst 14.9 1\(\times\) AMD hd7970 1000 MHz core clock oclHashcat v1.35.

PC2: Windows 7, 64 bit ForceWare 347.52 1\(\times\) NVidia gtx580 stock core clock oclHashcat v1.35.

PC3: Ubuntu 14.04, 64 bit ForceWare 346.29 8\(\times\) NVidia Titan Xstock core clockoclHashcat v1.36.

PC4: Ubuntu 14.04, 64 bit Catalyst 14.9 8\(\times\) AMD R9 290X stock core clock oclHashcat v1.35.

Want, R., Schilit, B. N., & Jenson, S. (2015). Enabling the internet of things. IEEE Computer, 48(1), 28–35.CrossRef

Bilal , Z. (2015). Addressing security and privacy issues in low-cost RFID systems. Ph.D. thesis, Royal Holloway, University of London, London, UK.

Armknecht, F., Hamann, M., & Mikhalev, V. (2014). Lightweight authentication protocols on ultra-constrained RFIDs—myths and facts. In N. Saxena & A. R. Sadeghi (Eds.), Radio frequency identification: Security and privacy issues (pp. 1–18). Cham: Springer

Ghaeini, H.R., & Tippenhauer, N.O. (2016). HAMIDS: Hierarchical monitoring intrusion detection system for industrial control systems. In Proceedings of the 2nd ACM workshop on cyber-physical systems security and privacy, CPS-SPC ’16 (pp. 103–111). New York, NY, USA.

Juels, A. (2004). Minimalist cryptography for low-cost RFID tags. In C. Blundo & S. Cimato (Eds.), International conference on security in communication networks—SCN 2004, volume 3352 of of lecture notes in computer science (pp. 149–164). Amalfi, Italy, Springer.

Avoine, G., Bingöl, M. A., Carpent, X., & Kardaş, S. (2013). Deploying OSK on low-resource mobile devices (pp. 3–18). Berlin: Springer.

Kardas, S., Celik, S., Bingöl, M.A., & Albert, L. (2013). A new security and privacy framework for RFID in cloud computing. In IEEE 5th international conference on cloud computing technology and science, CloudCom 2013, Bristol, United Kingdom (Vol. 1, pp. 171–176)

Avoine, G. (2017). RFID lounge. http://www.avoine.net/rfid/. Accessed March 2.

Bilal, Z., Martin, K., & Saeed, Q. (2014). Multiple attacks on authentication protocols for low-cost RFID tags. Applied Mathematics and Information Sciences, 9(2), 561–569.

10.

Radványi, T., Biró, C., Király, S., Szigetváry, P., & Takács, P. (2015). Survey of attacking and defending in the RFID system. Annales Mathematicae et Informaticae, 44, 151–164.MathSciNetMATH

11.

Alavi, S. M., Baghery, K., & Abdolmaleki, B. (2014). Security and privacy flaws in a recent authentication protocol for EPC C1 G2 RFID tags. Advances in Computer Science: An International Journal, 3(5), 44–52.

12.

Avoine, G. (2005). Cryptography in radio frequency identification and fair exchange protocols. Ph.D. thesis, EPFL, Lausanne, Switzerland.

13.

Juels, A., & Weis, S. (2007). Defining strong privacy for RFID. In International conference on pervasive computing and communications—PerCom (pp. 342–347). New York City, New York, USA, IEEE, IEEE Computer Society.

14.

Vaudenay, S. (2007). On privacy models for RFID. In K. Kurosawa (Ed.), Advances in cryptology ASIACRYPT 2007, volume 4833 of of lecture notes in computer science (pp. 68–87). Berlin: Springer.

15.

Avoine, G. (2005). Adversary model for radio frequency identification. Technical report, Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC).

16.

Avoine, G., Coisel, I., & Martin, T. (2010). Time measurement threatens privacy-friendly RFID authentication protocols. In S.B. Ors Yalcin (Ed.), Workshop on RFID security—RFIDSec’10, volume 6370 of lecture notes in computer science (pp. 138–157) Istanbul, Turkey, Springer.

17.

Ha, J., Moon, S., Zhou, J., & Ha, J. (2008). A new formal proof model for RFID location privacy. Proceding of the 13th European symposium on research in computer security–ESORICS 2008, volume 6123 of lecture notes in computer science (pp. 267–281). Malaga, Spain, Springer.

18.

Lai, J., Deng, R.H., & Li, Y. (2010). Revisiting unpredictability-based RFID privacy models. In Proceedings of the 8th international conference on applied cryptography and network security—ACNS 2010, volume 6123 of lecture notes in computer science (pp. 475–492). Beijing, China, Springer.

19.

Akgün, M., & Çaǧlayan, M. (2011). Extending An RFID security and privacy model by considering forward untraceability. In J. Cuellar, J. Lopez, G. Barthe & A. Pretschner (Eds.), Security and trust management (pp. 239–254). Berlin: Springer.CrossRef

20.

Kardaş, S., Çelik, S., Bingöl, M. A., Kiraz, M. S., Demirci, H., & Levi, A. (2014). \(k\)-strong privacy for radio frequency identification authentication protocols based on physically unclonable functions. Wireless Communications and Mobile Computing, 15, 1–17. https://doi.org/10.1002/wcm.2482.

21.

Hermans, J., Peeters, R., & Preneel, B. (2014). Proper RFID privacy: Model and protocols. IEEE Transactions on Mobile Computing, 13(12), 2888–2902.CrossRef

22.

Peinado, A., Munilla, J., & Fúster-Sabater, A. (2013). EPCGen2 pseudorandom number generators: analysis of J3Gen. IACR Cryptology ePrint Archive, 2013, 825.

23.

Melia-Segu, J., Garcia-Alfaro, J., & Herrera-Joancomart, J. (2011). A practical implementation attack on weak pseudorandom number generator designs for EPC Gen2 tags. Wireless Personal Communications, 59(1), 27–42.CrossRef

24.

Garcia, F. D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R. W., et al. (2008). Dismantling MIFARE classic. In S. Jajodia & J. Lopez (Eds.), Computer security—ESORICS 2008, volume 5283 of lecture notes in computer science (pp. 97–114). Berlin: Springer.

25.

Bayon, P., Bossuet, L., Aubert, A., Fischer, V., Poucheret, F., Robisson, B., et al. (2012). Contactless electromagnetic active attack on ring oscillator based true random number generator. In W. Schindler & S. Huss (Eds.), Constructive side-channel analysis and secure design, volume 7275 of lecture notes in computer science (pp. 151–166). Berlin: Springer.

26.

Avoine, G., Dysli, E., & Oechslin, P. (2005). Reducing time complexity in RFID systems. In B. Preneel & S. Tavares (Eds.), Selected areas in cryptography–SAC 2005, volume 3897 of lecture notes in computer science (pp. 291–306). Kingston, Canada, Springer.

27.

Lim, C. H., & Kwon, T. (2006). Strong and robust RFID authentication enabling perfect ownership transfer. In P. Ning, S. Qing, & N. Li (Eds.), International conference on information and communications security—ICICS’06, volume 4307 of lecture notes in computer science (pp. 1–20). Raleigh, North Carolina, USA, Springer.

28.

Van Le, T., Burmester, M., & de Medeiros, B. (2007). Universally composable and forward-secure RFID authentication and authenticated key exchange. In F. Bao & S. Miller (Eds.), ACM symposium on information, computer and communications security—ASIACCS 2007 (pp. 242–252). Singapore, Republic of Singapore, ACM, ACM Press.

29.

van Deursen, T., & Radomirović, S. (2012). Insider attacks and privacy of RFID protocols. In Proceedings of the 8th European conference on public key infrastructures, services, and applications (pp. 91–105). Springer.

30.

Song, B., & Mitchell, J.C. (2008). RFID authentication protocol for low-cost tags. In V.D. Gligor, J.-P. Hubaux, & R. Poovendran (Eds.), Proceedings of the 1st ACM conference on wireless network security—WiSec’08 (pp. 140–147). Alexandria, Virginia, USA, ACM, ACM Press.

31.

Akgün, M., & Çaǧlayan, M. (2015). Providing destructive privacy and scalability in RFID systems using PUFs. Ad Hoc Networks, 32, 32–42.CrossRef

32.

Lauter, K. (2004). The advantages of elliptic curve cryptography for wireless security. IEEE Wireless Communications, 11(1), 62–67.CrossRef

33.

Yih-Chun, H., & Perrig, A. (2004). A survey of secure wireless ad hoc routing. IEEE Security Privacy, 2(3), 28–39.CrossRef

34.

Altop, D. K., Bingöl, M. A., Levi, A., & Savaş, E. (2017). DKEM: Secure and efficient distributed key establishment protocol for wireless mesh networks. Ad Hoc Networks, 54(C), 53–68.CrossRef

35.

Chien, H.-Y. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340.CrossRef

36.

Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A. (2006). LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In Workshop on RFID security—RFIDSec’06 (pp. 12–14). Graz, Austria, Ecrypt.

37.

Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In J. Ma, H. Jin, L. T. Yang, & J. J. P. Tsai (Eds.), International conference on ubiquitous intelligence and computing—UIC’06, volume 4159 of lecture notes in computer science (pp. 912–923). China, Wuhan and Three Gorges, Springer.

38.

Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M. & Ribagorda, A. (2006). Emap: An efficient mutual-authentication protocol for low-cost rfid tags. In OTM confederated international conferences” On the move to meaningful internet systems” (Vol. 4277, pp. 352–361). Springer.

39.

Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2008). Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In K.-I. Chung, K. Sohn, & M. Yung (Eds.), Workshop on information security applications—WISA’08, volume 5379 of lecture notes in computer science (pp. 56–68). Jeju Island, Korea, Springer.

40.

EPC Global, (2014). UHF air interface protocol standard Generation2/Version2. http://www.gs1.org/gsmp/kc/epcglobal/uhfc1g2. Accessed March 2, 2017.

41.

Peris-Lopez, P., Lim, T. L., & Li, T. (2008). Providing stronger authentication at a low-cost to RFID tags operating under the EPCglobal framework. In C.-Z. Xu & M. Guo (Eds.), Embedded and ubiquitous computing—Volume 02—EUC’08 (pp. 159–166). Shanghaim, China, IEEE, IEEE Computer Society.

42.

Chien, H.-Y., & Chen, C.-H. (2007). Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards. Computer Standars & Interfaces, 29(2), 254–259.CrossRef

43.

Avoine, G., Bingöl, M. A., Carpent, X., & Yalcin, S. B. O. (2012). Privacy-friendly authentication in RFID systems: On sub-linear protocols based on symmetric-key cryptography. IEEE Transactions on Mobile Computing, 12(10), 2037–2049. https://doi.org/10.1109/TMC.2012.174.CrossRef

44.

Menezes, A. J., Vanstone, S. A., & Van Oorschot, P. C. (1996). Handbook of applied cryptography (1st edn.). Boca Raton: CRC Press, Inc.CrossRefMATH

45.

Schindler, W., & Killmann, W. (2003). Evaluation criteria for true (physical) random number generators used in cryptographic applications. In Revised papers from the 4th international workshop on cryptographic hardware and embedded systems, CHES ’02 (pp. 431–449). London, UK, Springer.

46.

Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2009). LAMED—A PRNG for EPC Class-1 Generation-2 RFID specification. Computer Standards and Interfaces, 31(1), 88–97.CrossRef

47.

Melia-Segu, J., Garcia-Alfaro, J., & Herrera-Joancomart, J. (2013). J3Gen: A PRNG for low-cost passive RFID. Sensors, 13(3), 3816–3830.CrossRef

48.

Garcia-Alfaro, J., Herrera-Joancomart, J., & Segu, J. M. (2015). Remarks on Peinado et al.’s analysis of J3Gen. Sensors, 15(3), 6217–6220.CrossRef

49.

Che, W., Deng, H., Tan, W., & Wang, J. (2008). A random number generator for application in RFID tags. In P. H. Cole & D. C. Ranasinghe (Eds.), Networked RFID systems and lightweight cryptography (pp. 279–287). Berlin: Springer.CrossRef

50.

ISO/IEC Standard 18000 RFID Air Interface Standard. (2014). http://www.hightechaid.com/standards/18000.htm. Accessed March 2, 2017.

51.

Sarma, S., Weis, S., & Engels, D. (2002). RFID systems and security and privacy implications. In B. Kaliski, Ç. Kaya ço, & C. Paar (Eds.), Cryptographic hardware and embedded systems—CHES 2002, volume 2523 of lecture notes in computer science (pp. 454–469). Redwood Shores, California, USA, Springer.

52.

Barak, B., Shaltiel, R., & Tromer, E. (2003). True random number generators secure in a changing environment (pp. 166–180). Berlin: Springer.MATH

53.

hashcat. (2015). Performance. http://hashcat.net/oclhashcat/. Accessed August 30, 2015.

Titel: Are RNGs Achilles’ Heel of RFID Security and Privacy Protocols?
verfasst von: Atakan Arslan
Süleyman Kardaş
Sultan Aldırmaz Çolak
Sarp Ertürk
Publikationsdatum: 13.04.2018
Verlag: Springer US
Erschienen in: Wireless Personal Communications / Ausgabe 4/2018
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-018-5643-3

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Internationaler Motorenkongress/© [M] ATZlive | Chisnikov / Fotolia.com, Search Icon, Banner Hanser, Gardiner von Trapp/© Alpega Group, Benny Hahn/© ZEP GmbH, Customer Experience/© © oatawa / Getty Images / iStock, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade, chassis.tech plus 2023/© [M] ATZlive / TÜV SÜD PRODUCT SERVICE GMBH

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2018

Precoding for Non-orthogonal Multiple Access with User Equipment Pairing

Shortest Path Evaluation in Wireless Network Using Fuzzy Logic

A Performance Enhancement and High Speed Spectrum Sliced Free Space Optical System

Cluster-Head Restricted Energy Efficient Protocol (CREEP) for Routing in Heterogeneous Wireless Sensor Networks

Channel Assinment Using Tabu Search in Wireless Mesh Networks

Energy Efficient Clustering Scheme (EECS) for Wireless Sensor Network with Mobile Sink

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.