Sharif Digital Repository

Since low-cost RFID systems are applied in ubiquitous varied applications, privacy and security of their users became a great concern. Therefore, the various authentication protocols have been proposed. In this paper, we inspect the three new-found RFID authentication protocols based on quadratic residue property via one of the well-organized formal RFID privacy models instead of intuitive analysis. We formally prove that modular squaring is the suitable technique to guarantee RFID authentication protocols against backward traceability. Then, the flaws are alleviated to resist traceability attacks  

In some applications of the Internet of Things (IoT), for privacy preserving and authentication of entities, it is necessary to use ultra-lightweight cryptographic algorithms. In this paper, we propose a new ultra-lightweight authentication protocol between RFID components, in which only simple operations are used. In this protocol, the server has access to the data gathered by the tag in the same authentication phase through the reader interface, instead of sharing a secret key. The proposed protocol is secure against several attacks, such as replay attacks, denial of service, offline guessing attacks, modification attacks, full disclosure attacks and impersonation attacks, in addition to... 

Many applications, such as e-passport, e-health, credit cards, and personal devices that utilize Radio frequency Identification (RFID) devices for authentication require strict security and privacy. However, RFID tags suffer from some inherent weaknesses due to restricted hardware capabilities and are vulnerable to eavesdropping, interception, or modification. The synchronization and untraceability characteristics are the major determinants of RFID authentication protocols. They are strongly related to privacy of tags and availability, respectively. In this paper, we analyze a new lightweight RFID authentication protocol, Song and Mitchell, in terms of privacy and security. We prove that not... 

The development of RFID systems in sensitive applications like e-passport, e-health, credit cards, and personal devices, makes it necessary to consider the related security and privacy issues in great detail. Among other security characteristic of an RFID authentication protocol, untraceability and synchronization are the most important attributes. The former is strongly related to the privacy of tags and their holders, while the latter has a significant role in the security and availability parameters. In this paper, we investigate three RFID authentication protocols proposed by Duc and Kim, Song and Mitchell, and Cho, Yeo and Kim in terms of privacy and security. We analyze the protocol... 

Radio Frequency Identification (RFID) technology is being deployed at our daily life. Although RFID systems provide useful services to users, they can also threat the privacy and security of the end-users. In order to provide privacy and security for RFID users, different RFID authentication protocols have been proposed. In this study, we investigate the privacy of two recently proposed RFID authentication protocols. It is shown that these protocols have some privacy problems that cannot provide user privacy. Then, in order to enhance the privacy of these protocols, two improvements of analyzed protocols are proposed that provide RFID users privacy  

Due to their impressive advantages, Radio Frequency IDentification (RFID) systems are ubiquitously found in various novel applications. These applications are usually in need of quick and accurate authentication or identification. In many cases, it has been shown that if such systems are not properly designed, an adversary can cause security and privacy concerns for end-users. In order to deal with these concerns, impressive endeavors have been made which have resulted in various RFID authentications being proposed. In this study, we analyze three lightweight RFID authentication protocols proposed in Wireless Personal Communications (2014), Computers & Security (2015) and Wireless Networks... 

Due to their impressive advantages, Radio Frequency IDentification (RFID) systems are ubiquitously found in various novel applications. These applications are usually in need of quick and accurate authentication or identification. In many cases, it has been shown that if such systems are not properly designed, an adversary can cause security and privacy concerns for end-users. In order to deal with these concerns, impressive endeavors have been made which have resulted in various RFID authentications being proposed. In this study, we analyze three lightweight RFID authentication protocols proposed in Wireless Personal Communications (2014), Computers & Security (2015) and Wireless Networks... 

A great number of authentication protocols used in several applications such as payment systems are inherently vulnerable against relay attacks. Distance bounding protocols provide practical solutions against such attacks; some of which are lightweight and implementable on cheap RFID tags. In recent years, numerous lightweight distance bounding protocols have been proposed; however, a few of them appeared to be resistant against the existing attacks up to the present. One of most well-known protocols in this field is the SKI protocol which has a security proof based on a non-standard strong assumption named Circular Keying. In this paper, we demonstrate that without this strong and... 

Following the fact that there are some efficient implementations of ECC-based RFID authentication protocols on RFID tags, a new family of RFID authentication protocols known as EC-RAC family has been introduced. However, it has been shown that all the versions of EC-RAC protocols are exposed to privacy and/or security threats. In this paper we analyzed a version of the EC-RAC RFID authentication protocol as well as a version of Schnorr protocol which were presented in a recent work and are claimed to have the demanding requirements. We demonstrated an impersonation attack on the claimed improved EC-RAC, and consequently showed that it would not satisfy the tag authentication property. Also,... 

Radio frequency identification (RFID) technology is a prominent technology which has been used in most authentication and identification applications. Above all, recently RFID systems have got more attention as an interesting candidate to implement in the internet of things systems. Although RFID systems provide useful and interest services to users, they can also threat the security and the privacy of the end-users. In order to provide the security and the privacy of RFID users, different authentication protocols have been proposed. In this study, we analyze the privacy of three RFID authentication protocols that proposed recently. For our privacy analysis, we use a formal RFID privacy... 

Nowadays low-cost RFID systems have moved from obscurity into mainstream applications which cause growing security and privacy concernsThe lightweight cryptographic primitives and authentication protocols are indispensable requirements for these devices to grow pervasiveIn recent years, there has been an increasing interest in intuitive analysis of RFID protocolsThis concept has recently been challenged by formal privacy modelsThis paper investigates how to analyse and solve privacy problems in formal modelFirst, we highlight some vague drawbacks especially in forward and backward traceability analysis and extend it in the simulation-based privacy model familyThen, the privacy weaknesses of... 

Ubiquitousness of Radio Frequency Identification (RFID) systems with inherent weaknesses has been a cause of concern about their privacy and security. Therefore, secure protocols are essentially necessary for the RFID tags to guarantee privacy and authentication among them and the reader. This paper inspects privacy in the RFID systems. First, we survey four new-found RFID authentication protocols, and then, their weaknesses in formal privacy model are analyzed. Although the authors of the schemes claimed that their protocols completely resist privacy attacks, we formally prove that all of them suffer from the family of traceability attacks. Furthermore, not only are the four improved... 

RAPP (RFID Authentication Protocol with Permutation) is a recently proposed and efficient ultralightweight authentication protocol. Although it maintains the structure of the other existing ultralightweight protocols, the operation used in it is totally different due to the use of new introduced data dependent permutations and avoidance of modular arithmetic operations and biased logical operations such as AND and OR. The designers of RAPP claimed that this protocol resists against desynchronization attacks since the last messages of the protocol is sent by the reader and not by the tag. This letter challenges this assumption and shows that RAPP is vulnerable against desynchronization... 

Radio Frequency Identification (RFID) is an easy to use technology for quick and low-cost identification and authentication. Since RFID systems have found in various parts of our daily lives, security awareness about these systems has become one of the prominent topics for researchers. In this study, we investigate two RFID security schemes which both are under Electronic Product Code (EPC) standard. It is shown that both the analyzed protocols have some drawbacks and are vulnerable to several security attacks including secret parameters reveal, impersonation, reader forward secrecy and also one of them does not provide date integrity. In addition, in order to overcome all the discovered... 

Recently, Radio Frequency Identification (RFID) and Near Field Communication systems are found in various user-friendly services that all of us deal with in our daily lives. As these systems are ubiquitously deployed in different authentication and identification applications, inferring information about our behavior will be possible by monitoring our use of them. In order to provide privacy and security requirements of RFID users in novel authentication applications, lots of security schemes have been proposed which have tried to provide secure and untraceable communication for end-users. In this paper, we investigate the privacy of three RFID security schemes which have been proposed... 

Recently, different RFID authentication protocols conforming to EPC Class 1 Generation 2 (EPC C1 G2) standard have been proposed. In 2013, Xiao et al. have proposed an improved mutual authentication protocol which claimed to eliminate the weaknesses of Yoon's protocol that has been proposed in 2012. In this paper, we study the security and the privacy of Xiao et al.'s protocol. It is shown that their protocol suffers from secret parameters reveal, tag impersonation attack, backward and forward traceability attacks. Then, in order to enhance the security and the privacy of this protocol, a modified version is proposed. In order to evaluate our proposed protocol, its security and privacy are...