IoT Security
S. Saderi Oskuiee; F. Moazami; G. Oudi Ghadim
Abstract
Background and Objectives: Radio Frequency Identification (RFID) systems use radio frequency waves to exchange information between a legitimate sender and a receiver. One of the important features of RFID systems is to find and track a specific tag among a large number of tags. Numerous works have been ...
Read More
Background and Objectives: Radio Frequency Identification (RFID) systems use radio frequency waves to exchange information between a legitimate sender and a receiver. One of the important features of RFID systems is to find and track a specific tag among a large number of tags. Numerous works have been done about authentication and ownership protocols, but the number of researches done in the tag searching area is much less. Although security is a paramount factor in search protocols, but these days designers are looking for a secure search protocol that is also low cost. One way to have a low cost search protocol is that to be compatible with EPC C1G2 standard, which is an electronic product code class 1 generation 2 that works in the 860-960 MHz frequency range.Methods: Most recently, Sundaresan et al. have proposed an RFID tag search protocol based on quadratic residues and 128 bit pseudo random number generators and XOR operation that can be easily implemented on passive tags and is compatible with EPC C1G2 standard. We show that this protocol is not immune against tag tracing, and try to improve the protocol in a way that traceability attack will not be applicable and the protocol stays low cost and EPC compatible.Results: Since the problem in Sundaresan et al.'s search protocol is due to the tag not being able to recognize the used queries from the new ones, we improved the protocol using a counter within the queries, so the tag will realize that the query is used or not. Then we analyze the security of the improved protocol and prove its formal and informal security against known attacks.Conclusion: In this paper, we firstly analyze the security of Sundaresan et al.'s search protocol and show that the search protocol is vulnerable to traceability attack with two different scenarios. Then we propose an improved search protocol that is secure against tracing the tags. Following that, we analyze the security of the improved search protocol.
IoT Security
M. Eslamnezhad Namin; M. Hosseinzadeh; N. Bagheri; A. Khademzadeh
Abstract
Background and Objectives: Search protocols are among the main applications of RFID systems. Since a search protocol should be able to locate a certain tag among many tags, not only it should be secure against RFID threats but also it should be affordable. Methods: In this article, an RFID-based search ...
Read More
Background and Objectives: Search protocols are among the main applications of RFID systems. Since a search protocol should be able to locate a certain tag among many tags, not only it should be secure against RFID threats but also it should be affordable. Methods: In this article, an RFID-based search protocol will be presented. We use an encryption technique that is referred to as authenticated encryption in order to boost the security level, which can provide confidentiality and integrity, simultaneously. Results: Furthermore, since the proposed protocol belongs to the lightweight protocols category, it is appropriate for applications that require many tags and costs must be low. In terms of the security, the analysis results give a satisfactory security level and it is robust against different RFID threats like replay, traceability and impersonation attacks. Using Ouafi-Phan model, BAN and AVISPA, we also checked the security correctness of the suggested protocol. Conclusion: In this paper, we presented a scalable lightweight RFID search protocol. We employed an encryption technique called Authenticated Encryption (A.E.) to improve the security level of the suggested protocol.======================================================================================================Copyrights©2018 The author(s). This is an open access article distributed under the terms of the Creative Commons Attribution (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, as long as the original authors and source are cited. No permission is required from the authors or the publishers.======================================================================================================
