Are RNGs Achilles’ Heel of RFID Security and Privacy Protocols? (original) (raw)

References

  1. Want, R., Schilit, B. N., & Jenson, S. (2015). Enabling the internet of things. IEEE Computer, 48(1), 28–35.
    Article Google Scholar
  2. Bilal , Z. (2015). Addressing security and privacy issues in low-cost RFID systems. Ph.D. thesis, Royal Holloway, University of London, London, UK.
  3. Armknecht, F., Hamann, M., & Mikhalev, V. (2014). Lightweight authentication protocols on ultra-constrained RFIDs—myths and facts. In N. Saxena & A. R. Sadeghi (Eds.), Radio frequency identification: Security and privacy issues (pp. 1–18). Cham: Springer
    Google Scholar
  4. Ghaeini, H.R., & Tippenhauer, N.O. (2016). HAMIDS: Hierarchical monitoring intrusion detection system for industrial control systems. In Proceedings of the 2nd ACM workshop on cyber-physical systems security and privacy, CPS-SPC ’16 (pp. 103–111). New York, NY, USA.
  5. Juels, A. (2004). Minimalist cryptography for low-cost RFID tags. In C. Blundo & S. Cimato (Eds.), International conference on security in communication networks—SCN 2004, volume 3352 of of lecture notes in computer science (pp. 149–164). Amalfi, Italy, Springer.
  6. Avoine, G., Bingöl, M. A., Carpent, X., & Kardaş, S. (2013). Deploying OSK on low-resource mobile devices (pp. 3–18). Berlin: Springer.
    Google Scholar
  7. Kardas, S., Celik, S., Bingöl, M.A., & Albert, L. (2013). A new security and privacy framework for RFID in cloud computing. In IEEE 5th international conference on cloud computing technology and science, CloudCom 2013, Bristol, United Kingdom (Vol. 1, pp. 171–176)
  8. Avoine, G. (2017). RFID lounge. http://www.avoine.net/rfid/. Accessed March 2.
  9. Bilal, Z., Martin, K., & Saeed, Q. (2014). Multiple attacks on authentication protocols for low-cost RFID tags. Applied Mathematics and Information Sciences, 9(2), 561–569.
    Google Scholar
  10. Radványi, T., Biró, C., Király, S., Szigetváry, P., & Takács, P. (2015). Survey of attacking and defending in the RFID system. Annales Mathematicae et Informaticae, 44, 151–164.
    MathSciNet MATH Google Scholar
  11. Alavi, S. M., Baghery, K., & Abdolmaleki, B. (2014). Security and privacy flaws in a recent authentication protocol for EPC C1 G2 RFID tags. Advances in Computer Science: An International Journal, 3(5), 44–52.
    Google Scholar
  12. Avoine, G. (2005). Cryptography in radio frequency identification and fair exchange protocols. Ph.D. thesis, EPFL, Lausanne, Switzerland.
  13. Juels, A., & Weis, S. (2007). Defining strong privacy for RFID. In International conference on pervasive computing and communications—PerCom (pp. 342–347). New York City, New York, USA, IEEE, IEEE Computer Society.
  14. Vaudenay, S. (2007). On privacy models for RFID. In K. Kurosawa (Ed.), Advances in cryptology ASIACRYPT 2007, volume 4833 of of lecture notes in computer science (pp. 68–87). Berlin: Springer.
    Google Scholar
  15. Avoine, G. (2005). Adversary model for radio frequency identification. Technical report, Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC).
  16. Avoine, G., Coisel, I., & Martin, T. (2010). Time measurement threatens privacy-friendly RFID authentication protocols. In S.B. Ors Yalcin (Ed.), Workshop on RFID security—RFIDSec’10, volume 6370 of lecture notes in computer science (pp. 138–157) Istanbul, Turkey, Springer.
  17. Ha, J., Moon, S., Zhou, J., & Ha, J. (2008). A new formal proof model for RFID location privacy. Proceding of the 13th European symposium on research in computer security–ESORICS 2008, volume 6123 of lecture notes in computer science (pp. 267–281). Malaga, Spain, Springer.
  18. Lai, J., Deng, R.H., & Li, Y. (2010). Revisiting unpredictability-based RFID privacy models. In Proceedings of the 8th international conference on applied cryptography and network security—ACNS 2010, volume 6123 of lecture notes in computer science (pp. 475–492). Beijing, China, Springer.
  19. Akgün, M., & Çaǧlayan, M. (2011). Extending An RFID security and privacy model by considering forward untraceability. In J. Cuellar, J. Lopez, G. Barthe & A. Pretschner (Eds.), Security and trust management (pp. 239–254). Berlin: Springer.
    Chapter Google Scholar
  20. Kardaş, S., Çelik, S., Bingöl, M. A., Kiraz, M. S., Demirci, H., & Levi, A. (2014). \(k\)-strong privacy for radio frequency identification authentication protocols based on physically unclonable functions. Wireless Communications and Mobile Computing, 15, 1–17. https://doi.org/10.1002/wcm.2482.
    Google Scholar
  21. Hermans, J., Peeters, R., & Preneel, B. (2014). Proper RFID privacy: Model and protocols. IEEE Transactions on Mobile Computing, 13(12), 2888–2902.
    Article Google Scholar
  22. Peinado, A., Munilla, J., & Fúster-Sabater, A. (2013). EPCGen2 pseudorandom number generators: analysis of J3Gen. IACR Cryptology ePrint Archive, 2013, 825.
    Google Scholar
  23. Melia-Segu, J., Garcia-Alfaro, J., & Herrera-Joancomart, J. (2011). A practical implementation attack on weak pseudorandom number generator designs for EPC Gen2 tags. Wireless Personal Communications, 59(1), 27–42.
    Article Google Scholar
  24. Garcia, F. D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R. W., et al. (2008). Dismantling MIFARE classic. In S. Jajodia & J. Lopez (Eds.), Computer security—ESORICS 2008, volume 5283 of lecture notes in computer science (pp. 97–114). Berlin: Springer.
    Google Scholar
  25. Bayon, P., Bossuet, L., Aubert, A., Fischer, V., Poucheret, F., Robisson, B., et al. (2012). Contactless electromagnetic active attack on ring oscillator based true random number generator. In W. Schindler & S. Huss (Eds.), Constructive side-channel analysis and secure design, volume 7275 of lecture notes in computer science (pp. 151–166). Berlin: Springer.
    Google Scholar
  26. Avoine, G., Dysli, E., & Oechslin, P. (2005). Reducing time complexity in RFID systems. In B. Preneel & S. Tavares (Eds.), Selected areas in cryptography–SAC 2005, volume 3897 of lecture notes in computer science (pp. 291–306). Kingston, Canada, Springer.
  27. Lim, C. H., & Kwon, T. (2006). Strong and robust RFID authentication enabling perfect ownership transfer. In P. Ning, S. Qing, & N. Li (Eds.), International conference on information and communications security—ICICS’06, volume 4307 of lecture notes in computer science (pp. 1–20). Raleigh, North Carolina, USA, Springer.
  28. Van Le, T., Burmester, M., & de Medeiros, B. (2007). Universally composable and forward-secure RFID authentication and authenticated key exchange. In F. Bao & S. Miller (Eds.), ACM symposium on information, computer and communications security—ASIACCS 2007 (pp. 242–252). Singapore, Republic of Singapore, ACM, ACM Press.
  29. van Deursen, T., & Radomirović, S. (2012). Insider attacks and privacy of RFID protocols. In Proceedings of the 8th European conference on public key infrastructures, services, and applications (pp. 91–105). Springer.
  30. Song, B., & Mitchell, J.C. (2008). RFID authentication protocol for low-cost tags. In V.D. Gligor, J.-P. Hubaux, & R. Poovendran (Eds.), Proceedings of the 1st ACM conference on wireless network security—WiSec’08 (pp. 140–147). Alexandria, Virginia, USA, ACM, ACM Press.
  31. Akgün, M., & Çaǧlayan, M. (2015). Providing destructive privacy and scalability in RFID systems using PUFs. Ad Hoc Networks, 32, 32–42.
    Article Google Scholar
  32. Lauter, K. (2004). The advantages of elliptic curve cryptography for wireless security. IEEE Wireless Communications, 11(1), 62–67.
    Article Google Scholar
  33. Yih-Chun, H., & Perrig, A. (2004). A survey of secure wireless ad hoc routing. IEEE Security Privacy, 2(3), 28–39.
    Article Google Scholar
  34. Altop, D. K., Bingöl, M. A., Levi, A., & Savaş, E. (2017). DKEM: Secure and efficient distributed key establishment protocol for wireless mesh networks. Ad Hoc Networks, 54(C), 53–68.
    Article Google Scholar
  35. Chien, H.-Y. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340.
    Article Google Scholar
  36. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A. (2006). LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In Workshop on RFID security—RFIDSec’06 (pp. 12–14). Graz, Austria, Ecrypt.
  37. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In J. Ma, H. Jin, L. T. Yang, & J. J. P. Tsai (Eds.), International conference on ubiquitous intelligence and computing—UIC’06, volume 4159 of lecture notes in computer science (pp. 912–923). China, Wuhan and Three Gorges, Springer.
  38. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M. & Ribagorda, A. (2006). Emap: An efficient mutual-authentication protocol for low-cost rfid tags. In OTM confederated international conferences” On the move to meaningful internet systems” (Vol. 4277, pp. 352–361). Springer.
  39. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2008). Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In K.-I. Chung, K. Sohn, & M. Yung (Eds.), Workshop on information security applications—WISA’08, volume 5379 of lecture notes in computer science (pp. 56–68). Jeju Island, Korea, Springer.
  40. EPC Global, (2014). UHF air interface protocol standard Generation2/Version2. http://www.gs1.org/gsmp/kc/epcglobal/uhfc1g2. Accessed March 2, 2017.
  41. Peris-Lopez, P., Lim, T. L., & Li, T. (2008). Providing stronger authentication at a low-cost to RFID tags operating under the EPCglobal framework. In C.-Z. Xu & M. Guo (Eds.), Embedded and ubiquitous computing—Volume 02—EUC’08 (pp. 159–166). Shanghaim, China, IEEE, IEEE Computer Society.
  42. Chien, H.-Y., & Chen, C.-H. (2007). Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards. Computer Standars & Interfaces, 29(2), 254–259.
    Article Google Scholar
  43. Avoine, G., Bingöl, M. A., Carpent, X., & Yalcin, S. B. O. (2012). Privacy-friendly authentication in RFID systems: On sub-linear protocols based on symmetric-key cryptography. IEEE Transactions on Mobile Computing, 12(10), 2037–2049. https://doi.org/10.1109/TMC.2012.174.
    Article Google Scholar
  44. Menezes, A. J., Vanstone, S. A., & Van Oorschot, P. C. (1996). Handbook of applied cryptography (1st edn.). Boca Raton: CRC Press, Inc.
    Book MATH Google Scholar
  45. Schindler, W., & Killmann, W. (2003). Evaluation criteria for true (physical) random number generators used in cryptographic applications. In Revised papers from the 4th international workshop on cryptographic hardware and embedded systems, CHES ’02 (pp. 431–449). London, UK, Springer.
  46. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2009). LAMED—A PRNG for EPC Class-1 Generation-2 RFID specification. Computer Standards and Interfaces, 31(1), 88–97.
    Article Google Scholar
  47. Melia-Segu, J., Garcia-Alfaro, J., & Herrera-Joancomart, J. (2013). J3Gen: A PRNG for low-cost passive RFID. Sensors, 13(3), 3816–3830.
    Article Google Scholar
  48. Garcia-Alfaro, J., Herrera-Joancomart, J., & Segu, J. M. (2015). Remarks on Peinado et al.’s analysis of J3Gen. Sensors, 15(3), 6217–6220.
    Article Google Scholar
  49. Che, W., Deng, H., Tan, W., & Wang, J. (2008). A random number generator for application in RFID tags. In P. H. Cole & D. C. Ranasinghe (Eds.), Networked RFID systems and lightweight cryptography (pp. 279–287). Berlin: Springer.
    Chapter Google Scholar
  50. ISO/IEC Standard 18000 RFID Air Interface Standard. (2014). http://www.hightechaid.com/standards/18000.htm. Accessed March 2, 2017.
  51. Sarma, S., Weis, S., & Engels, D. (2002). RFID systems and security and privacy implications. In B. Kaliski, Ç. Kaya ço, & C. Paar (Eds.), Cryptographic hardware and embedded systems—CHES 2002, volume 2523 of lecture notes in computer science (pp. 454–469). Redwood Shores, California, USA, Springer.
  52. Barak, B., Shaltiel, R., & Tromer, E. (2003). True random number generators secure in a changing environment (pp. 166–180). Berlin: Springer.
    MATH Google Scholar
  53. hashcat. (2015). Performance. http://hashcat.net/oclhashcat/. Accessed August 30, 2015.

Download references