A strong lightweight authentication protocol for low-cost RFID systems

RFID is an important technology that can be used to create the ubiquitous society. But an RFID system uses open radio frequency signal to transfer information and this leads to pose many serious threats to its privacy and security. In general, the computing and storage resources in an RFID tag are very limited and this makes it difficult to solve its secure and private problems, especially for low-cost RFID tags. In order to ensure the security and privacy of low-cost RFID systems we propose a lightweight authentication protocol based on Hash function. This protocol can ensure forward security and prevent information leakage, location tracing, eavesdropping, replay attack and spoofing. This protocol completes the strong authentication of the reader to the tag by twice authenticating and it only transfers part information of the encrypted tag’s identifier for each session so it is difficult for an adversary to intercept the whole identifier of a tag. This protocol is simple and it takes less computing and storage resources, it is very suitable to some low-cost RFID systems.

Cryptanalysis of Tav-128 Hash Function

Many RFID protocols use cryptographic hash functions for their security. The resource constrained nature of RFID systems forces the use of light weight cryptographic algorithms. Tav-128 is one such 128-bit light weight hash function proposed by Peris-Lopez et al. for a low-cost RFID tag authentication protocol. Apart from some statistical tests for randomness by the designers themselves, Tav-128 has not undergone any other thorough security analysis. Based on these tests, the designers claimed that Tav-128 does not posses any trivial weaknesses. In this article, we carry out the first third party security analysis of Tav-128 and show that this hash function is neither collision resistant nor second preimage resistant. Firstly, we show a practical collision attack on Tav-128 having a complexity of 237 calls to the compression function and produce message pairs of arbitrary length which produce the same hash value under this hash function. We then show a second preimage attack on Tav-128 which succeeds with a complexity of 262 calls to the compression function. Finally, we study the constituent functions of Tav-128 and show that the concatenation of nonlinear functions A and B produces a 64-bit permutation from 32-bit messages. This could be a useful light weight primitive for future RFID protocols.

A two-step mutual authentication protocol based on randomized hash-lock for small RFID networks

RFID has been widely used in today's commercial and supply chain industry, due to the significant advantages it offers and the relatively low production cost. However, this ubiquitous technology has inherent problems in security and privacy. This calls for the development of simple, efficient and cost effective mechanisms against a variety of security threats. This paper proposes a two-step authentication protocol based on the randomized hash-lock scheme proposed by S. Weis in 2003. By introducing additional measures during the authentication process, this new protocol proves to enhance the security of RFID significantly, and protects the passive tags from almost all major attacks, including tag cloning, replay, full-disclosure, tracking, and eavesdropping. Furthermore, no significant changes to the tags is required to implement this protocol, and the low complexity level of the randomized hash-lock algorithm is retained.

On the Security of Two RFID Mutual Authentication Protocols

In this paper, the security of two recent RFID mutual authentication protocols are investigated. The first protocol is a scheme proposed by Huang et al. [7] and the second one by Huang, Lin and Li [6]. We show that these two protocols have several weaknesses. In Huang et al.’s scheme, an adversary can determine the 32-bit secret password with a probability of 2−2 , and in Huang-Lin-Li scheme, a passive adversary can recognize a target tag with a success probability of 1−2−4 and an active adversary can determine all 32 bits of Access password with success probability of 2−4 . The computational complexity of these attacks is negligible.

Tag based collaborative filtering for recommender systems

Collaborative tagging can help users organize, share and retrieve information in an easy and quick way. For the collaborative tagging information implies user’s important personal preference information, it can be used to recommend personalized items to users. This paper proposes a novel tag-based collaborative filtering approach for recommending personalized items to users of online communities that are equipped with tagging facilities. Based on the distinctive three dimensional relationships among users, tags and items, a new similarity measure method is proposed to generate the neighborhood of users with similar tagging behavior instead of similar implicit ratings. The promising experiment result shows that by using the tagging information the proposed approach outperforms the standard user and item based collaborative filtering approaches.

Collaborative filtering recommender systems using tag information

Recommender Systems is one of the effective tools to deal with information overload issue. Similar with the explicit rating and other implicit rating behaviours such as purchase behaviour, click streams, and browsing history etc., the tagging information implies user’s important personal interests and preferences information, which can be used to recommend personalized items to users. This paper is to explore how to utilize tagging information to do personalized recommendations. Based on the distinctive three dimensional relationships among users, tags and items, a new user profiling and similarity measure method is proposed. The experiments suggest that the proposed approach is better than the traditional collaborative filtering recommender systems using only rating data.

HapMap tag-SNP analysis confirms a role for COMT in schizophrenia risk and reveals a novel association

Catechol-O-methyl transferase (COMT) encodes an enzyme involved in the metabolism of dopamine and maps to a commonly deleted region that increases schizophrenia risk. A non-synonymous polymorphism (rs4680) in COMT has been previously found to be associated with schizophrenia and results in altered activity levels of COMT. Using a haplotype block-based gene-tagging approach we conducted an association study of seven COMT single nucleotide polymorphisms (SNPs) in 160 patients with a DSM-IV diagnosis of schizophrenia and 250 controls in an Australian population. Two polymorphisms including rs4680 and rs165774 were found to be significantly associated with schizophrenia. The rs4680 results in a Val/Met substitution but the strongest association was shown by the novel SNP, rs165774, which may still be functional even though it is located in intron five. Individuals with schizophrenia were more than twice as likely to carry the GG genotype compared to the AA genotype for both the rs165774 and rs4680 SNPs. This association was slightly improved when males were analysed separately possibly indicating a degree of sexual dimorphism. Our results confirm that COMT is a good candidate for schizophrenia risk, by replicating the association with rs4680 and identifying a novel SNP association.

Analysis of HapMap tag-SNPs in dysbindin (DTNBP1) reveals evidence of consistent association with schizophrenia

Dystrobrevin binding protein 1 (DTNBP1), or dysbindin, is thought to be critical in regulating the glutamatergic system. While the dopamine pathway is known to be important in the aetiology of schizophrenia, it seems likely that glutamatergic dysfunction can lead to the development of schizophrenia. DTNBP1 is widely expressed in brain, levels are reduced in brains of schizophrenia patients and a DTNBP1 polymorphism has been associated with reduced brain expression. Despite numerous genetic studies no DTNBP1 polymorphism has been strongly implicated in schizophrenia aetiology. Using a haplotype block-based gene-tagging approach we genotyped 13 SNPs in DTNBP1 to investigate possible associations with DTNBP1 and schizophrenia. Four polymorphisms were found to be significantly associated with schizophrenia. The strongest association was found with an A/C SNP in intron 7 (rs9370822). Homozygotes for the C allele of rs9370822 were more than two and a half times as likely to have schizophrenia compared to controls. The other polymorphisms showed much weaker association and are less likely to be biologically significant. These results suggest that DTNBP1 is a good candidate for schizophrenia risk and rs9370822 is either functionally important or in disequilibrium with a functional SNP, although our observations should be viewed with caution until they are independently replicated.

Security analysis and enhancement of one-way hash based low-cost authentication protocol (OHLCAP)

Choi et al. recently proposed an efficient RFID authentication protocol for a ubiquitous computing environment, OHLCAP(One-Way Hash based Low-Cost Authentication Protocol). However, this paper reveals that the protocol has several security weaknesses : 1) traceability based on the leakage of counter information, 2) vulnerability to an impersonation attack by maliciously updating a random number, and 3) traceability based on a physically-attacked tag. Finally, a security enhanced group-based authentication protocol is presented.

Website customization : exploring a tag-based approach in the Australian banking context

Website customization can help to better fulfill the needs and wants of individual customers. It is an important aspect of customer satisfaction of online banking, especially among the younger generation. This dimension, however, is poorly addressed particularly in the Australian context. The proposed research aims to fulfill this gap by exploring the use of a popular Web 2.0 technology known as tags or user assigned metadata to facilitate customization at the interaction level. A prototype is proposed to demonstrate the various interaction-based customization types, evaluated through a series of experiments to assess the impact on customer satisfaction. The expected research outcome is a set of guidelines akin to interaction design patterns for aiding the design and implementation of the proposed tag-based approach.

Online banking customization via tag-based interaction

In this paper, we describe ongoing work on online banking customization with a particular focus on interaction. The scope of the study is confined to the Australian banking context where the lack of customization is evident. This paper puts forward the notion of using tags to facilitate personalized interactions in online banking. We argue that tags can afford simple and intuitive interactions unique to every individual in both online and mobile environments. Firstly, through a review of related literature, we frame our work in the customization domain. Secondly, we define a range of taggable resources in online banking. Thirdly, we describe our preliminary prototype implementation with respect to interaction customization types. Lastly, we conclude with a discussion on future work.

Learning domain ontology for tag recommendation

Recently, user tagging systems have grown in popularity on the web. The tagging process is quite simple for ordinary users, which contributes to its popularity. However, free vocabulary has lack of standardization and semantic ambiguity. It is possible to capture the semantics from user tagging and represent those in a form of ontology, but the application of the learned ontology for recommendation making has not been that flourishing. In this paper we discuss our approach to learn domain ontology from user tagging information and apply the extracted tag ontology in a pilot tag recommendation experiment. The initial result shows that by using the tag ontology to re-rank the recommended tags, the accuracy of the tag recommendation can be improved.

Constructing tag ontology from folksonomy based on WordNet

With the emergence of Web 2.0, Web users can classify Web items of their interest by using tags. Tags reflect users’ understanding to the items collected in each tag. Exploring user tagging behavior provides a promising way to understand users’ information needs. However, free and relatively uncontrolled vocabulary has its drawback in terms of lack of standardization and semantic ambiguity. Moreover, the relationships among tags have not been explored even there exist rich relationships among tags which could provide valuable information for us to better understand users. In this paper, we propose a novel approach to construct tag ontology based on the widely used general ontology WordNet to capture the semantics and the structural relationships of tags. Ambiguity of tags is a challenging problem to deal with in order to construct high quality tag ontology. We propose strategies to find the semantic meanings of tags and a strategy to disambiguate the semantics of tags based on the opinion of WordNet lexicographers. In order to evaluate the usefulness of the constructed tag ontology, in this paper we apply the extracted tag ontology in a tag recommendation experiment. We believe this is the first application of tag ontology for recommendation making. The initial result shows that by using the tag ontology to re-rank the recommended tags, the accuracy of the tag recommendation can be improved.