scholarly journals Cryptanalysis of ultralightweight mutual authentication protocol for radio frequency identification enabled Internet of Things networks

2018 ◽  
Vol 14 (8) ◽  
pp. 155014771879512 ◽  
Author(s):  
Madiha Khalid ◽  
Umar Mujahid ◽  
Muhammad Najam-ul-Islam

Internet of Things is one of the most important components of modern technological systems. It allows the real time synchronization and connectivity of devices with each other and with the rest of the world. The radio frequency identification system is used as node identification mechanism in the Internet of Thing networks. Since Internet of Things involve wireless channel for communication that is open for all types of malicious adversaries, therefore many security protocols have been proposed to ensure encryption over wireless channel. To reduce the overall cost of radio frequency identification enabled Internet of Thing network security, the researchers use simple bitwise logical operations such as XOR, AND, OR, and Rot and have proposed many ultralightweight mutual authentication protocols. However, almost all the previously proposed protocols were later found to be vulnerable against several attack models. Recently, a new ultralightweight mutual authentication protocol has been proposed which involves only XOR and Rotation functions in its design and claimed to be robust against all possible attack models. In this article, we have performed cryptanalysis of this recently proposed ultralightweight mutual authentication protocol and found many pitfalls and vulnerabilities in the protocol design. We have exploited weak structure of the protocol messages and proposed three attacks against the said protocol: one desynchronization and two full disclosure attacks.

Sensors ◽  
2019 ◽  
Vol 19 (13) ◽  
pp. 2957 ◽  
Author(s):  
Feng Zhu ◽  
Peng Li ◽  
He Xu ◽  
Ruchuan Wang

Radio frequency identification is one of the key techniques for Internet of Things, which has been widely adopted in many applications for identification. However, there exist various security and privacy issues in radio frequency identification (RFID) systems. Particularly, one of the most serious threats is to clone tags for the goal of counterfeiting goods, which causes great loss and danger to customers. To solve these issues, lots of authentication protocols are proposed based on physical unclonable functions that can ensure an anti-counterfeiting feature. However, most of the existing schemes require secret parameters to be stored in tags, which are vulnerable to physical attacks that can further lead to the breach of forward secrecy. Furthermore, as far as we know, none of the existing schemes are able to solve the security and privacy problems with good scalability. Since many existing schemes rely on exhaustive searches of the backend server to validate a tag and they are not scalable for applications with a large scale database. Hence, in this paper, we propose a lightweight RFID mutual authentication protocol with physically unclonable functions (PUFs). The performance analysis shows that our proposed scheme can ensure security and privacy efficiently in a scalable way.


2017 ◽  
Vol 10 (3) ◽  
pp. 179
Author(s):  
Adarsh Kumar ◽  
Krishna Gopal ◽  
Alok Aggarwal

Internet of Things (IoT) is a pervasive environment to interconnect the things like: smart objects, devices etc. in a structure like internet. Things can be interconnected in IoT if these are uniquely addressable and identifiable. Radio Frequency Identification (RFID) is one the important radio frequency based addressing scheme in IoT. Major security challenge in resource constraint RFID networks is how to achieve traditional CIA security i.e. Confidentiality, Integrity and Authentication. Computational and communication costs for Lightweight Mutual Authentication Protocol (LMAP), RFID mutual Authentication Protocol with Permutation (RAPP) and kazahaya authentication protocols are analyzed. These authentication protocols are modeled to analyze the delays using lightweight modeling language. Delay analysis is performed using alloy model over LMAP, RAPP and kazahaya authentication protocols where one datacenter (DC) is connected to different number of readers (1,5 or 10) with connectivity to 1, 5 or 25 tags associated with reader and its results show that for LMAP delay varies from 30-156 msec, for RAPP from 31-188 while for kazahaya from 61-374 msec. Further, performance of RFID authentication protocols is analyzed for group construction through more than one DC (1,5 or 10) with different number of readers (10, 50 or 100) and tags associated with these readers (50, 500, 1000) and results show that DC based binary tree topology with LMAP authentication protocol is having a minimum delay for 50 or 100 readers. Other authentication protocols fail to give authentication results because of large delays in the network. Thus, RAPP and Kazahaya are not suitable for scenarios where there is large amount of increase in number of tags or readers.


Author(s):  
Yubao Hou ◽  
Hua Liang ◽  
Juan liu

In the traditional RFID (Radio Frequency IDentification) system, a secure wired channel communication is used between the reader and the server. The newly produced mobile RFID system is different from the traditional RFID system, the communication between the reader and the server is based on a wireless channel, and the authentication protocol is suitable for traditional RFID systems, but it cannot be used in mobile RFID systems. To solve this problem, a mutual authentication protocol MSB (Most Significant Bit) for super lightweight mobile radio frequency identification system is proposed based on bit replacement operation. MSB is a bitwise operation to encrypt information and reduce the computational load of communication entities. Label, readers, and servers authenticate first and then communicate, MSB may be used to resistant to common attacks. The security analysis of the protocol shows that the protocol has high security properties, the performance analysis of the protocol shows that the protocol has the characteristics of low computational complexity, the formal analysis of the protocol based on GNY logic Gong et al. (1990) provides a rigorous reasoning proof process for the protocol.


2017 ◽  
Vol 27 (02) ◽  
pp. 1850033 ◽  
Author(s):  
Umar Mujahid ◽  
M. Najam-ul-Islam ◽  
Madiha Khalid

Internet of Things (IoTs) are becoming one of the integral parts of our lives, as all of the modern devices including pervasive systems use internet for its connectivity with the rest of the world. The Radio Frequency IDentification (RFID) provides unique identification and nonline of sight capabilities, therefore plays a very important role in development of IoTs. However, the RFID systems incorporate wireless channel for communication, therefore have some allied risks to the system from threat agents. In order to prevent the system from malicious activities in a cost effective way, numerous Ultralightweight Mutual Authentication Protocols (UMAPs) have been proposed since last decade. These UMAPs mainly involve simple bitwise logical operators such as XOR, AND, OR, etc., in their designs and can be implemented with extremely low cost RFID tags. However, most of the UMAP designers didn’t provide the proper hardware approximations of their UMAPs and presented only theoretical results which mostly mislead the reader. In this paper, we have addressed this problem by reporting our experiences with FPGA and ASIC-based implementation of UMAP named psuedo Kasami code-based Mutual Authentication Protocol (KMAP[Formula: see text]. Further, we have also improved the structure of the KMAP protocol to overcome the previously highlighted attack model. The hardware implementation results show that KMAP[Formula: see text] successfully conform to EPC-C1G2 tags and can be implemented using less than 4[Formula: see text]K GE (for 32-bit word length).


2013 ◽  
Vol 336-338 ◽  
pp. 1913-1919
Author(s):  
Xiao Hong Zhang ◽  
Hui Qin Wang ◽  
He Bo

The reliability of Radio Frequency Identification (RFID) mechanism is disturbed by illegal tracking and information intercepted.The paper proposed a new active RFID authentication protocol based on the dynamic tag ID and encryption key,which transforms the tag ID using chaotic transformation during authentication and communication between the reader and tags,and realizes mutual authentication of the reader and tags.Through the analysis of security, the protocol not only can ensure the integrity, fresh and confidentiality of data, but also can effectively prevent illegal tracking labels and replay attack.


2013 ◽  
Vol 846-847 ◽  
pp. 1519-1523
Author(s):  
Nan Zhang ◽  
Jian Hua Zhang ◽  
Jun Yang

While radio frequency identification (RFID) is evolving as a major technology enabler for identifying and tracking goods and assets around the world, its security issues are also increasingly exposed. A Hash-based RFID mutual authentication protocol was put forward. The key was joined into the hash algorithm, and chaos sequences were used to update the key. The protocol enhances the security of the RFID system with low cost. Experiments show that the chaos system has the character of initial value sensitivity, which can be used to distribute and update the secret key. Safety analysis show that the mutual authentication protocol can solve security issues including eavesdropping, illegal access, masquerade, spoofing attack, position tracking.


2018 ◽  
Vol 14 (1) ◽  
pp. 155014771875496
Author(s):  
Qingkuan Dong ◽  
Mengmeng Chen ◽  
Lulu Li ◽  
Kai Fan

With the development of the Internet of things and cloud storage, a large number of objects access to the Internet through radio frequency identification technology, cloud-based radio frequency identification system attracts more attention because it can reduce the costs of system maintenance by renting the cloud storage service on demand. Especially, it is very suitable for the small- and medium-sized enterprises. However, the security and privacy issues of the cloud-based radio frequency identification system are more serious than traditional radio frequency identification systems. The link between the reader and the cloud is no longer secure, and the cloud service provider is not trusted. Both the location privacy of the reader and the data privacy of the radio frequency identification system are not able to be exposed to the cloud service provider. In this article, a cloud-based radio frequency identification authentication protocol is proposed. It considers not only the mutual authentication between the reader and the tag, but also the security of data transmission between the reader and the cloud database. In particular, in order to solve the reader’s location privacy problem, the proposed scheme introduces MIPv6 network framework without adding additional infrastructure. The experimental verification with AVISPA tool shows that the protocol satisfies the mutual authentication property. Compared with other cloud-based schemes, the proposed protocol has obvious advantages in deployment cost, scalability, real-time authentication, and the tag’s computational complexity.


Sign in / Sign up

Export Citation Format

Share Document