nach oben

Electronic Commerce Research

Erschienen in:

01.03.2015

ECC-based untraceable authentication for large-scale active-tag RFID systems

verfasst von: Yalin Chen, Jue-Sam Chou

Erschienen in: Electronic Commerce Research | Ausgabe 1/2015

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Radio frequency identification tag authentication protocols are generally classified as non-full-fledged and full-fledged, according to the resource usage of the tags. The non-full-fledged protocols typically suffer de-synchronization, impersonation and tracking attacks, and usually lack scalability. The full-fledged protocols, supporting cryptographic functions, are designed to overcome these weaknesses. This paper examines several elliptic-curve-cryptography (ECC)-based full-fledged protocols. We found that some still have security and privacy issues, and others generate excessive communication costs between the tag and the back-end server. Motivated by these observations, we construct two novel protocols, PI and PII. PI is designed for secure environments and is suitable for applications, including E-Passport and toll payment in vehicular ad-hoc networks. PII is for hostile environments and can be applied in pseudonymous payment and anti-counterfeiting services. After analysis, we conclude that PII can resist many attacks, outperform previous ECC-based proposals in communication efficiency, and provide mutual authentication function and scalability.

Vorheriger Artikel All-or-nothing approach to protect a distance bounding protocol against terrorist fraud attack for low-cost devices

Nächster Artikel Securing coalitional game for distributed cooperative spectrum sensing in multi-channel cognitive radio networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Abid, M., & Afifi, H. (2008). Secure E-passport protocol using elliptic curve Diffie–Hellman key agreement protocol. In International Conference on Information Assurance and Security (pp. 99–102).

Abid, M., Kanade, S., Petrovska-Delacrétaz, D., Dorizzi, B., & Afifi, H. (2010). Iris based authentication mechanism for E-passports. In International Workshop on Security and Communication Networks (IWSCN’10) (pp. 1–5).

Ahamed, S. I., Rahman, F., & Hoque, M. E. (2008). ERAP: ECC based RFID authentication protocol. In IEEE International Workshop on Future Trends of Distributed Computing Systems (pp. 219–225).

Alomair, B., Clark, A., Cuellar, J., & Poovendran, R. (2012). Scalable RFID systems: A privacy-preserving protocol with constant-time identification. IEEE Transactions on Parallel and Distributed Systems, 23(8), 1536–1550.CrossRef

Avoine, G., & Oechslin, P. (2005). A scalable and provably secure hash based RFID protocol. In IEEE Pervasive Computing and Communication Security (PerSec’05) (pp. 110–114).

Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., & Verbauwhede, I. (2007). Public-key cryptography for RFID-tags. In IEEE International Conference on Pervasive Computing and Communications Workshops (Per’07) (pp. 217–222).

Bianchi, G. (2011). Revisiting an RFID identification-free batch authentication approach. IEEE Communication Letters, 15(6), 632–634.CrossRef

Bogdanov, A., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., & Seurin, Y. (2008). Hash functions and RFID tags: Mind the gap. In CHES 2008. LNCS. (pp. 283–299).

Buccafurri, F., & Lax, G. (2011). Implementing disposable credit card numbers by mobile phones. Electronic Commerce Research, 11(3), 271–296.CrossRef

10.

Burmester, M., & Medeiros, B. (2008). The security of EPC Gen2 compliant RFID protocols. In International Conference on Applied Cryptography and Network Security (ACNS’08) (pp. 490–506).

11.

Cao, T., Bertino, E., & Lei, H. (2009). Security analysis of the SASI protocol. IEEE Transactions on Dependable and Secure Computing, 6(1), 73–77.CrossRef

12.

Cheon, J. H., Hong, J., & Tsudik, G. (2012). Reducing RFID reader load with the meet-in-the-middle strategy. Journal of Communications and Networks, 14(1), 10–14.CrossRef

13.

Chen, Y., Chou, J. S., & Sun, H. M. (2008). A novel mutual authentication scheme based on quadratic residues for RFID systems. Computer Networks, 51(12), 2373–2380.CrossRef

14.

Chien, H. Y. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340.CrossRef

15.

Chien, H. Y., & Chen, C. H. (2007). Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards. Computer Standards & Interfaces, 9(2), 254–259.CrossRef

16.

Chou, J. S., Chen, Y., Wu, C. L., & Lin, C. F. (2011). An efficient RFID mutual authentication scheme based on ECC. Cryptology ePrint Archive: Report 2011/418.

17.

D’Arco, P., & Santis, A. D. (2011). On ultralightweight RFID authentication protocols. IEEE Transactions on Dependable and Secure Computing, 8(4), 548–563.CrossRef

18.

Deng, R.H., Li, Y., Yung, M., & Zhao, Y. (2010). A new framework for RFID privacy. Computer Security—ESORICS, LNCS# 6345 (pp. 1–18).

19.

Eurich, M., Oertel, N., & Boutellier, R. (2010). The impact of perceived privacy risks on organizations’ willingness to share item-level event data across the supply chain. Electronic Commerce Research, 10(3–4), 423–440.CrossRef

20.

Fan, J., Batina, L., & Verbauwhede, I. (2009). Light-weight implementation options for curve-based cryptography: HECC is also ready for RFID. In International conference for Internet Technology and Secured Transactions (pp. 1–6).

21.

Fürbass, F. (2006). ECC signature generation device for RFID tags.

22.

Fürbass, F. & Wolkerstorfer, J. (2007). ECC processor with low die size for RFID applications. In IEEE International Symposium on Circuit and Systems (ISCAS’07) (pp. 1835–1838).

23.

Girault, M. (1991). Self-certified public keys. In Eurocrypt ‘91, LNCS# 547 (pp. 490–497).

24.

Godor, G., Giczi, N., & Imre, S. (2010). Elliptic curve cryptography based mutual authentication protocol for low computational capacity RFID systems-performance analysis by simulations. In IEEE International Symposium on Wireless Pervasive Computing (ISWPC) (pp. 331–336).

25.

Habibi, M. H., Aref, M. R., & Ma, D. (2011). Addressing flaws in RFID authentication protocols. In INDOCRYPT 2011, LNCS#7107, (pp. 216–235).

26.

Han, D., & Kwon, D. (2009). Vulnerability of an RFID authentication protocol conforming to EPC Class 1 Generation 2 Standards. Computer Standards & Interfaces, 31(4), 648–652.CrossRef

27.

Huang, Y. J., Lin, W. C., & Li, H. L. (2012). Efficient implementation of RFID mutual authentication protocol. IEEE Transactions on Industrial Electronics, 59(12), 4784–4791.CrossRef

28.

Isaac, J. T., Zeadally, S., & Sierra, J. C. (2010). Implementation and performance evaluation of a payment protocol for vehicular ad hoc networks. Electronic Commerce Research, 10(2), 209–233.CrossRef

29.

Isaac, J. T., Zeadally, S., & Sierra, J. C. (2012). A lightweight secure mobile payment protocol for vehicular ad-hoc networks (VNETs). Electronic Commerce Research, 12(1), 97–123.CrossRef

30.

Jeng, A. B., & Chen, L. Y. (2009). How to enhance the security of E-passport. In Proceedings of International Conference on Machine Learning and Cybernetics (pp. 2922–2926).

31.

Juels, A., Molnar, D., & Wagner, D. (2005). Security and privacy issues in E-passports. In IEEE International Conference on Security and Privacy for Emerging Areas in Communications Networks (pp. 1–12).

32.

Juels, A., & Weis, S. (2006). Defining strong privacy for RFID. Cryptology ePrint Archive, Report 2006/137.

33.

Kapoor, G., & Piramuthu, S. (2010). Vulnerabilities in some recently proposed RFID ownership transfer protocols. IEEE Communication Letters, 14(3), 260–262.CrossRef

34.

Kapoor, G., & Piramuthu, S. (2012). Single RFID tag ownership transfer protocols. IEEE Transactions on Systems, Man, and Cybernetics-Part C, 42(2), 164–173.CrossRef

35.

Kaya, S. V., Savas, E., Levi, A., & Ercetin, O. (2009). Public key cryptography based privacy preserving multi-context RFID infrastructure. Ad Hoc Networks, 7(1), 136–151.CrossRef

36.

Kim, H. W., Lim, S. Y., & Lee, H. J. (2006). Symmetric encryption in RFID authentication protocol for strong location privacy and forward-security. In International Conference on hybrid information technology (ICHIT’06) (pp. 718–723).

37.

Kinoshita, S., Ohkubo, M., Hoshino, F., Morohashi, G., Shionoiri, O., & Kanai, A. (2005). Privacy enhanced active RFID tag. Proceedings of Environments: International Workshop on Exploiting Context Histories in Smart (pp. 1–5).

38.

Ko, W. T., Chiou, S. V., Lu, E. H., & Chang, H. K. (2011). An improvement of privacy-preserving ECC-based grouping proof for RFID. In Cross Strait Quad-Regional Radio Science and Wireless Technology Conference (pp. 1062–1064).

39.

Kumar, S. & Paar, C. (2006). Are standards compliant elliptic curve cryptosystems feasible on RFID? In Workshop on RFID Security (pp. 1–19).

40.

Lee, Y. K., & Batina, L. (2010). Low-cost untraceable authentication protocols for RFID. In ACM conference on Wireless Network Security (WiSec’10) (pp. 55–64).

41.

Lee, Y. K., Batina, L., Singelee, D., Preneel, B., & Verbauwhede, I. (2010). Anti-counterfeiting untraceability and other security challenges for RFID systems—Public-key-based protocols and hardware. Information security and cryptography, Part 5 (pp. 237–257).

42.

Lee, Y.K., Batina, L., & Verbauwhede, I. (2008). EC-RAC (ECDLP Based Randomized Access Control): Provably secure RFID authentication protocol. In IEEE International Conference on RFID (pp. 97–104).

43.

Lee, Y. K., Batina, L., & Verbauwhede, I. (2009). Untraceable RFID authentication protocols: Revision of EC-RAC. In IEEE International Conference on RFID (pp. 178–185).

44.

Lehtonen, M. O., Michahelles, F. M., & Fleisch, E. F. (2007). Trust and security in RFID-based product authentication systems. IEEE System Journal, 1(2), 129–144.CrossRef

45.

Lim, C. H., & Kwon, T. (2006). Strong and robust RFID authentication enabling perfect ownership transfer. In ICICS’06, LNCS#4307 (pp. 1–20).

46.

Liu, H., & Ning, H. (2011). Zero-knowledge authentication protocol based on alternative mode in RFID systems. IEEE Sensors Journal, 11(12), 3235–3245.CrossRef

47.

Liu, H., Ning, H., Zhang, Y., He, D., Xiong, Q., & Yang, L. T. (2012). Grouping-proofs based authentication protocol for distributed RFID systems. IEEE Transactions on Parallel and Distributed Systems, 24(7), 1321–1330.CrossRef

48.

Luo, P., Wang, X., Feng, J., & Xu, Y. (2008). Low-power hardware implementation of ECC processor suitable for low-cost RFID tags. In International conference on solid-state and integrated-circuit technology (pp. 1681–1684).

49.

Maimut, D., & Ouai, K. (2012). Lightweight cryptography for RFID tags. IEEE Security & Privacy, 10(2), 76–79.CrossRef

50.

Mao, W. (2003). Modern cryptography—Theory and practice. New Jersey: Prentice Hall.

51.

Nathan, B. T., Meenakumari, R., & Usha, S. (2011). Formation of elliptic curve using finger print for network security. In International Conference on Process Automation, Control and Computing (PACC) (pp. 1–5).

52.

Ning, H., Liu, H., Mao, J., & Zhang, Y. (2011). Scalable and distributed key array authentication protocol in radio frequency identification-based sensor systems. IET Communications, 5(12), 1755–1768.CrossRef

53.

O’Neill, M., & Robshaw, M. J. B. (2010). Low-cost digital signature architecture suitable for radio frequency identification tags. IET Computers & Digital Techniques, 4(1), 14–26.CrossRef

54.

Ouafi, K., & Phan, R. C.-W. (2008). Traceable privacy of recent provably-secure RFID protocols. In International Conference Applied Cryptography and Network Security (ACNS), LNCS#5037 (pp. 479–489).

55.

Oyarhossein, S., & Mohammadi, S. (2009). Cryptography and authentication processing framework on RFID active tags for carpet products. In International Conference on Communications Technology and Applications, (ICCTA’09) (pp. 26–31).

56.

Peeters, R., Singelée, D., & Preneel, B. (2012). Toward more secure and reliable access control. Pervasive Computing, 11(3), 76–83.CrossRef

57.

Pendl, C., Pelnar, M., & Hutter, M. (2012). Elliptic curve cryptography on the WISP UHF RFID tag. RFID Security and Privacy, LNCS#7055 (pp. 32–47).

58.

Peris-Lopez, P., Hernandez-Castro, J. C., Tapiador, J. M. E., & Ribagorda, A. (2009). Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. Information Security Applications, LNCE#5379 (pp. 56–68).

59.

Phan, R. C.-W. (2009). Cryptanalysis of a new ultralightweight RFID authentication protocol—SASI. IEEE Transactions on Dependable and Secure Computing, 6(4), 316–320.CrossRef

60.

Piramuthu, S. (2008). Lightweight cryptographic authentication in passive RFID-tagged systems. IEEE Transactions on Systems, Man, and Cybernetics-Part C, 38(3), 360–376.CrossRef

61.

Piramuthu, S. (2011). RFID mutual authentication protocols. Decision Support Systems, 50(2), 387–393.CrossRef

62.

Poupard, G., & Stern, J. (1998). Security analysis of a practical ‘On the Fly’ authentication and signature generation. In Eurocrypt’98, LNCS#1403 (pp. 422–436).

63.

Rennhard, M., Rafeli, S., Mathy, L., Plattner, B., & Hutxhison, D. (2004). Towards pseudonymous e-commerce. Electronic Commerce Research, 4(1–2), 83–111.CrossRef

64.

Rizomiliotis, P., Rekleitis, E., & Gritzalis, S. (2009). Security analysis of the Song–Mitchell authentication protocol for low-cost RFID tags. IEEE Communication Letters, 13(4), 274–276.CrossRef

65.

Roberti, M. (2007). A 5-cent breakthrougha. In International Workshop on RFID Technology - Concepts, Applications, Challenges (IWRT’07).

66.

Sadeghi, A. R., Visconti, I., & Wachsmann, C. (2010). Enhancing RFID security and privacy by physically unclonable functions. Information security and cryptography, Part 5 (pp. 281–305).

67.

Seo, Y., Lee, H., & Kim, K. (2006). A scalable and untraceable authentication protocol for RFID. In International Conference on Emerging Directions in Embedded and Ubiquitous Computing (EUC’06) (pp. 252–261).

68.

Song, B., Hwang, J. Y., & Shim, K. A. (2011). Security improvement of an RFID security protocol of ISO/IEC WD 29167–6. IEEE Communication Letters, 15(12), 1375–1377.CrossRef

69.

Song, B., & Mitchell, C. J. (2011). Scalable RFID security protocols supporting tag ownership transfer. Computer Communications, 34(1), 556–566.CrossRef

70.

Stinson, D. R. (1995). Cryptography—Theory and practice. Boca Raton: CRC Press Inc.

71.

Sun, H. M., & Ting, W. C. (2009). A Gen2-based RFID authentication protocol for security and privacy. IEEE Transactions on Mobile Computing, 8(8), 1052–1062.CrossRef

72.

Sun, H. M., Ting, W. C., & Wang, K. H. (2011). On the security of Chien’s ultralightweight RFID authentication protocol. IEEE Transactions on Dependable and Secure Computing, 8(2), 315–317.CrossRef

73.

Tagra, D., Rahman, M., & Sampalli, S. (2010). Technique for preventing DoS attacks on RFID systems. Software, Telecommunications and Computer Networks, 23(25), 6–10.

74.

Tan, C. C., Sheng, B., & Li, Q. (2008). Secure and serverless RFID authentication and search protocols. IEEE Transactions on Wireless Communications, 7(4), 1400–1407.CrossRef

75.

Tan, C. C., Sheng, B., & Li, Q. (2010). Efficient techniques for monitoring missing RFID tags. IEEE Transactions on Wireless Communications, 9(6), 1882–1889.CrossRef

76.

Tian, Y., Chen, G., & Li, J. (2012). A new ultralightweight RFID authentication protocol with permutation. IEEE Communication Letters, 6(5), 702–705.CrossRef

77.

Tuyls, P., & Batina, L. (2006). RFID-tags for anti-counterfeiting. Topics in cryptology—CT-RSA, LNCE#3850 (pp. 115–131).

78.

Vaudenay, S. (2007). On privacy models for RFID. Advances in cryptology, LNCS#4822 (pp. 68–87).

79.

Vaudenay, S. (2007). E-passport threats. IEEE Security and Privacy, 5(6), 61–64.CrossRef

80.

Wang, B., & Ma, M. (2012). A server independent authentication scheme for RFID systems. IEEE Transactions on Industrial Informatics, 8(3), 689–696.CrossRef

81.

Wei, C. H., Hwang, M. S., & Chin, A. Y. (2011). A mutual authentication protocol for RFID. IT Professional, 13(2), 20–24.CrossRef

82.

Yamada, I., Shiotsu, S., Itasaki, A., Inano, S., Yasaki, K. & Takenaka, M. (2005). Secure active RFID tag system. In International Workshop on UbiComp Privacy (pp. 1–5).

83.

Yeh, K. H., & Lo, N. W. (2010). Improvement of two lightweight RFID authentication protocols. Information Assurance and Security Letters, 1, 6–11.

84.

Yeh, T. C., Wang, Y. J., Kuo, T. C., & Wang, S. S. (2010). Securing RFID systems conforming to EPC Class 1 Generation 2 standard. Expert Systems with Applications, 37(2), 7678–7683.CrossRef

85.

Zuo, Y. (2012). Survivability experiment and attack characterization for RFID. IEEE Transactions on Dependable and Secure Computing, 9(2), 289–302.CrossRef

Titel: ECC-based untraceable authentication for large-scale active-tag RFID systems
verfasst von: Yalin Chen
Jue-Sam Chou
Publikationsdatum: 01.03.2015
Verlag: Springer US
Erschienen in: Electronic Commerce Research / Ausgabe 1/2015
Print ISSN: 1389-5753
Elektronische ISSN: 1572-9362
DOI: https://doi.org/10.1007/s10660-014-9165-0

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 1/2015

Securing coalitional game for distributed cooperative spectrum sensing in multi-channel cognitive radio networks

Special issue on multimedia networking for electronic commerce systems

How variable bitrate video formats can help P2P streaming boost its reliability and scale

Editorial: special issue on advances in security and privacy for future mobile communications

e-souvenir appification: QoS web based media delivery for museum apps

All-or-nothing approach to protect a distance bounding protocol against terrorist fraud attack for low-cost devices