Mutual authentication with malware protection for a RFID system

Radio Frequency Identification (RFID) system is a remote identification technology which is taking the place of barcodes to become electronic tags of an object. However, its radio transmission nature is making it vulnerable in terms of security. Recently, research proposed that an RFID tag can contain malicious code which might spread viruses, worms and other exploits to middleware and back-end systems. This paper is proposing a framework which will provide protection from malware and ensure the data privacy of a tag. The framework will use a sanitization technique with a mutual authentication in the reader level. This will ensure that any malicious code in the tag is identified. If the tag is infected by malicious code it will stop execution of the code in the RFIF system. Here shared unique parameters are used for authentication. It will be capable of protecting an RFID system from denial of service (DOS) attack, forward security and rogue reader better than existing protocols. The framework is introducing a layer concept on a smart reader to reduce coupling between different tasks. Using this framework, the RFID system will be protected from malware and also the privacy of the tag will be ensured.

Security analysis and enhancement of one-way hash based low-cost authentication protocol (OHLCAP)

Choi et al. recently proposed an efficient RFID authentication protocol for a ubiquitous computing environment, OHLCAP(One-Way Hash based Low-Cost Authentication Protocol). However, this paper reveals that the protocol has several security weaknesses : 1) traceability based on the leakage of counter information, 2) vulnerability to an impersonation attack by maliciously updating a random number, and 3) traceability based on a physically-attacked tag. Finally, a security enhanced group-based authentication protocol is presented.

Enhanced RFID mutual authentication scheme based on shared secret information

RFID is a revolutionary remote technology which has many useful implications. Large scale implementation of RFID is seeking 100% information privacy and untraceability, for users and organizations, which is suitable for low cost RFID tag (Class1). To protect users and organization we are proposing an enhanced RFID mutual authentication scheme. In this protocol we use authentication based on shared unique parameters as a method to protect privacy. This protocol will be capable of handling forward and backward security, rouge reader better than existing protocols. In our new scheme we involved RFID reader’s hardware ID in addition to other shared secret information which uses hash to protect users and industries privacy. Moreover, we used LAMED as our PRNG (Pseudorandom Number Generator) which is faster and take less computational power.

A secure tag ownership transfer scheme in a closed loop RFID system

In this paper we propose a novel secure tag ownership transfer scheme for closed loop RFID systems. An important property of our method is that the ownership transfer is guaranteed to be atomic and the scheme is protected against desynchronisation leading to permanent DoS. Further, it is suited to the computational constraints of EPC Class-1 Gen-2 passive RFID tags as they only use the CRC and PRNG functions that passive RFID tags are capable of. We provide a detailed security analysis to show that our scheme satisfies the required security properties of tag anonymity, tag location privacy, forward secrecy, forward untraceability while being resistant to replay, desynchronisation and server impersonation attacks. Performance comparisons show that our scheme is practical and can be implemented on passive low-cost RFID tags.

Security risks/vulnerability in a RFID system and possible defenses

Remote technologies are changing our way of life. The radio frequency identification (RFJD) system is a new technology which uses the open air to transmit information. This information transmission needs to be protected to provide user safety and privacy. Business will look for a 5ystem that hasfraud resilience to prevent the misuse of information to take dishonest advantage. The business and the user need to be assured that the transmitted information has no content which is capable of undertaking malicious activities. Public awareness of RFID security will help users and organizations to understand the need for security protection. Publishing a security guideline from the regulating body and monitoring implementation of that guideline in RFID 5ystems will ensure that businesses and users are protected. This chapter explains the importance of security in a RFID system and will outline the protective measures. It also points out the research direction of RFID 5ystems.

On the Security of Two RFID Mutual Authentication Protocols

In this paper, the security of two recent RFID mutual authentication protocols are investigated. The first protocol is a scheme proposed by Huang et al. [7] and the second one by Huang, Lin and Li [6]. We show that these two protocols have several weaknesses. In Huang et al.’s scheme, an adversary can determine the 32-bit secret password with a probability of 2−2 , and in Huang-Lin-Li scheme, a passive adversary can recognize a target tag with a success probability of 1−2−4 and an active adversary can determine all 32 bits of Access password with success probability of 2−4 . The computational complexity of these attacks is negligible.

An error free passive UHF RFID system using a new form of wireless signal distribution

A wide area and error free ultra high frequency (UHF) radio frequency identification (RFID) interrogation system based on the use of multiple antennas used in cooperation to provide high quality ubiquitous coverage, is presented. The system uses an intelligent distributed antenna system (DAS) whereby two or more spatially separated transmit and receive antenna pairs are used to allow greatly improved multiple tag identification performance over wide areas. The system is shown to increase the read accuracy of 115 passive UHF RFID tags to 100% from <60% over a 10m × 8m open plan office area. The returned signal strength of the tag backscatter signals is also increased by an average of 10dB and 17dB over an area of 10m 8m and 10m × 4m respectively. Furthermore, it is shown that the DAS RFID system has improved immunity to tag orientation. Finally, the new system is also shown to increase the tag read speed/rate of a population of tags compared with a conventional RFID system. © 2012 IEEE.

Wide Area Passive UHF RFID System using Antenna Diversity Combined with Phase and Frequency Hopping

This paper presents a long range and effectively error-free ultra high frequency (UHF) radio frequency identification (RFID) interrogation system. The system is based on a novel technique whereby two or more spatially separated transmit and receive antennas are used to enable greatly enhanced tag detection performance over longer distances using antenna diversity combined with frequency and phase hopping. The novel technique is first theoretically modelled using a Rician fading channel. It is shown that conventional RFID systems suffer from multi-path fading resulting in nulls in radio environments. We, for the first time, demonstrate that the nulls can be moved around by varying the phase and frequency of the interrogation signals in a multi-antenna system. As a result, much enhanced coverage can be achieved. A proof of principle prototype RFID system is built based on an Impinj R2000 transceiver. The demonstrator system shows that the new approach improves the tag detection accuracy from <50% to 100% and the tag backscatter signal strength by 10dB over a 20 m x 9 m area, compared with a conventional switched multi-antenna RFID system.

An Error Free Passive UHF RFID System using a New Form of Wireless Signal Distribution

A wide area and error free ultra high frequency (UHF) radio frequency identification (RFID) interrogation system based on the use of multiple antennas used in cooperation to provide high quality ubiquitous coverage, is presented. The system uses an intelligent distributed antenna system (DAS) whereby two or more spatially separated transmit and receive antenna pairs are used to allow greatly improved multiple tag identification performance over wide areas. The system is shown to increase the read accuracy of 115 passive UHF RFID tags to 100% from <60% over a 10m x 8m open plan office area. The returned signal strength of the tag backscatter signals is also increased by an average of 10dB and 17dB over an area of 10m x 8m and 10m x 4m respectively. Furthermore, it is shown that the DAS RFID system has improved immunity to tag orientation. Finally, the new system is also shown to increase the tag read speed/rate of a population of tags compared with a conventional RFID system.

Detection reliability analysis of passive DAS RFID system

Recently, it has been shown that improved wireless communication coverage can be achieved by employing distributed antenna system (DAS). The DAS RFID system is based on a novel technique whereby two or more spatially separated transmit and receive antennas are used to enable greatly enhanced tag detection performance over longer distances using antenna diversity combined with frequency and phase hopping. In this paper, we present a detection reliability evaluation of the DAS RFID in a typical lab environment. We conduct an extensive experimental analysis of passive RFID tag detection with different locations and orientations. The tag received signal strengths corresponding to various tag locations on one of the six different sides of a cube, and for different reader transmit power are collected and analyzed in this study.

A generic framework for three-factor authentication : preserving security and privacy in distributed systems

As part of the security within distributed systems, various services and resources need protection from unauthorized use. Remote authentication is the most commonly used method to determine the identity of a remote client. This paper investigates a systematic approach for authenticating clients by three factors, namely password, smart card, and biometrics. A generic and secure framework is proposed to upgrade two-factor authentication to three-factor authentication. The conversion not only significantly improves the information assurance at low cost but also protects client privacy in distributed systems. In addition, our framework retains several practice-friendly properties of the underlying two-factor authentication, which we believe is of independent interest.