Visible to the public Biblio

Filters: Keyword is radiofrequency identification  [Clear All Filters]
Chu, G., Lisitsa, A..  2018.  Penetration Testing for Internet of Things and Its Automation. 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :1479–1484.

The Internet of Things (IoT) is an emerging technology, an extension of the traditional Internet which make everything is connected each other based on Radio Frequency Identification (RFID), Sensor, GPS or Machine to Machine technologies, etc. The security issues surrounding IoT have been of detrimental impact to its development and has consequently attracted research interest. However, there are very few approaches which assess the security of IoT from the perspective of an attacker. Penetration testing is widely used to evaluate traditional internet or systems security to date and it normally spends numerous cost and time. In this paper, we analyze the security problems of IoT and propose a penetration testing approach and its automation based on belief-desire-intention (BDI) model to evaluate the security of the IoT.

Clark, G., Doran, M., Glisson, W..  2018.  A Malicious Attack on the Machine Learning Policy of a Robotic System. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :516-521.

The field of robotics has matured using artificial intelligence and machine learning such that intelligent robots are being developed in the form of autonomous vehicles. The anticipated widespread use of intelligent robots and their potential to do harm has raised interest in their security. This research evaluates a cyberattack on the machine learning policy of an autonomous vehicle by designing and attacking a robotic vehicle operating in a dynamic environment. The primary contribution of this research is an initial assessment of effective manipulation through an indirect attack on a robotic vehicle using the Q learning algorithm for real-time routing control. Secondly, the research highlights the effectiveness of this attack along with relevant artifact issues.

Tewari, A., Gupta, B. B..  2018.  A Robust Anonymity Preserving Authentication Protocol for IoT Devices. 2018 IEEE International Conference on Consumer Electronics (ICCE). :1–5.

In spite of being a promising technology which will make our lives a lot easier we cannot be oblivious to the fact IoT is not safe from online threat and attacks. Thus, along with the growth of IoT we also need to work on its aspects. Taking into account the limited resources that these devices have it is important that the security mechanisms should also be less complex and do not hinder the actual functionality of the device. In this paper, we propose an ECC based lightweight authentication for IoT devices which deploy RFID tags at the physical layer. ECC is a very efficient public key cryptography mechanism as it provides privacy and security with lesser computation overhead. We also present a security and performance analysis to verify the strength of our proposed approach.

Mahboubi, A., Camtepe, S., Morarji, H..  2018.  Reducing USB Attack Surface: A Lightweight Authentication and Delegation Protocol. 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE). :1–7.

A privately owned smart device connected to a corporate network using a USB connection creates a potential channel for malware infection and its subsequent spread. For example, air-gapped (a.k.a. isolated) systems are considered to be the most secure and safest places for storing critical datasets. However, unlike network communications, USB connection streams have no authentication and filtering. Consequently, intentional or unintentional piggybacking of a malware infected USB storage or a mobile device through the air-gap is sufficient to spread infection into such systems. Our findings show that the contact rate has an exceptional impact on malware spread and destabilizing free malware equilibrium. This work proposes a USB authentication and delegation protocol based on radiofrequency identification (RFID) in order to stabilize the free malware equilibrium in air-gapped networks. The proposed protocol is modelled using Coloured Petri nets (CPN) and the model is verified and validated through CPN tools.

Su, C., Santoso, B., Li, Y., Deng, R. H., Huang, X..  2017.  Universally Composable RFID Mutual Authentication. IEEE Transactions on Dependable and Secure Computing. 14:83–94.
Universally Composable (UC) framework provides the strongest security notion for designing fully trusted cryptographic protocols, and it is very challenging on applying UC security in the design of RFID mutual authentication protocols. In this paper, we formulate the necessary conditions for achieving UC secure RFID mutual authentication protocols which can be fully trusted in arbitrary environment, and indicate the inadequacy of some existing schemes under the UC framework. We define the ideal functionality for RFID mutual authentication and propose the first UC secure RFID mutual authentication protocol based on public key encryption and certain trusted third parties which can be modeled as functionalities. We prove the security of our protocol under the strongest adversary model assuming both the tags' and readers' corruptions. We also present two (public) key update protocols for the cases of multiple readers: one uses Message Authentication Code (MAC) and the other uses trusted certificates in Public Key Infrastructure (PKI). Furthermore, we address the relations between our UC framework and the zero-knowledge privacy model proposed by Deng et al. [1].
Fraj, R. Ben, Beroulle, V., Fourty, N., Meddeb, A..  2017.  A Global Approach for the Improvement of UHF RFID Safety and Security. 2017 12th International Conference on Design Technology of Integrated Systems In Nanoscale Era (DTIS). :1–2.
Radio Frequency Identification (RFID) devices are widely used in many domains such as tracking, marking and management of goods, smart houses (IoT), supply chains, etc. However, there is a big number of challenges which must still be overcome to ensure RFID security and privacy. In addition, due to the low cost and low consumption power of UHF RFID tags, communications between tags and readers are not robust. In this paper, we present our approach to evaluate at the same time the security and the safety of UHF RFID systems in order to improve them. First, this approach allows validating UHF RFID systems by simulation of the system behavior in presence of faults in a real environment. Secondly, evaluating the system robustness and the security of the used protocols, this approach will enable us to propose the development of new more reliable and secure protocols. Finally, it leads us to develop and validate new low cost and secure tag hardware architectures.
Woo, S., Ha, J., Byun, J., Kwon, K., Tolcha, Y., Kang, D., Nguyen, H. M., Kim, M., Kim, D..  2017.  Secure-EPCIS: Addressing Security Issues in EPCIS for IoT Applications. 2017 IEEE World Congress on Services (SERVICES). :40–43.
In the EPCglobal standards for RFID architecture frameworks and interfaces, the Electronic Product Code Information System (EPCIS) acts as a standard repository storing event and master data that are well suited to Supply Chain Management (SCM) applications. Oliot-EPCIS broadens its scope to a wider range of IoT applications in a scalable and flexible way to store a large amount of heterogeneous data from a variety of sources. However, this expansion poses data security challenge for IoT applications including patients' ownership of events generated in mobile healthcare services. Thus, in this paper we propose Secure-EPCIS to deal with security issues of EPCIS for IoT applications. We have analyzed the requirements for Secure-EPCIS based on real-world scenarios and designed access control model accordingly. Moreover, we have conducted extensive performance comparisons between EPCIS and Secure-EPCIS in terms of response time and throughput, and provide the solution for performance degradation problem in Secure-EPCIS.
Ristov, P., Mišković, T., Mrvica, A., Markić, Z..  2017.  Reliability, availability and security of computer systems supported by RFID technology. 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). :1459–1464.

The implementation of RFID technology in computer systems gives access to quality information on the location or object tracking in real time, thereby improving workflow and lead to safer, faster and better business decisions. This paper discusses the quantitative indicators of the quality of the computer system supported by RFID technology applied in monitoring facilities (pallets, packages and people) marked with RFID tag. Results of analysis of quantitative indicators of quality compute system supported by RFID technology are presented in tables.

Anderson, E. C., Okafor, K. C., Nkwachukwu, O., Dike, D. O..  2017.  Real time car parking system: A novel taxonomy for integrated vehicular computing. 2017 International Conference on Computing Networking and Informatics (ICCNI). :1–9.
Automation of real time car parking system (RTCPS) using mobile cloud computing (MCC) and vehicular networking (VN) has given rise to a novel concept of integrated communication-computing platforms (ICCP). The aim of ICCP is to evolve an effective means of addressing challenges such as improper parking management scheme, traffic congestion in parking lots, insecurity of vehicles (safety applications), and other Infrastructure-to-Vehicle (I2V) services for providing data dissemination and content delivery services to connected Vehicular Clients (VCs). Edge (parking lot based) Fog computing (EFC) through road side sensor based monitoring is proposed to achieve ICCP. A real-time cloud to vehicular clients (VCs) in the context of smart car parking system (SCPS) which satisfies deterministic and non-deterministic constraints is introduced. Vehicular cloud computing (VCC) and intra-Edge-Fog node architecture is presented for ICCP. This is targeted at distributed mini-sized self-energized Fog nodes/data centers, placed between distributed remote cloud and VCs. The architecture processes data-disseminated real-time services to the connected VCs. The work built a prototype testbed comprising a black box PSU, Arduino IoT Duo, GH-311RT ultrasonic distance sensor and SHARP 2Y0A21 passive infrared sensor for vehicle detection; LinkSprite 2MP UART JPEG camera module, SD card module, RFID card reader, RDS3115 metal gear servo motors, FPM384 fingerprint scanner, GSM Module and a VCC web portal. The testbed functions at the edge of the vehicular network and is connected to the served VCs through Infrastructure-to-Vehicular (I2V) TCP/IP-based single-hop mobile links. This research seeks to facilitate urban renewal strategies and highlight the significance of ICCP prototype testbed. Open challenges and future research directions are discussed for an efficient VCC model which runs on networked fog centers (NetFCs).
Ulz, T., Pieber, T., Steger, C., Lesjak, C., Bock, H., Matischek, R..  2017.  SECURECONFIG: NFC and QR-code based hybrid approach for smart sensor configuration. 2017 IEEE International Conference on RFID (RFID). :41–46.

In smart factories and smart homes, devices such as smart sensors are connected to the Internet. Independent of the context in which such a smart sensor is deployed, the possibility to change its configuration parameters in a secure way is essential. Existing solutions do provide only minimal security or do not allow to transfer arbitrary configuration data. In this paper, we present an NFC- and QR-code based configuration interface for smart sensors which improves the security and practicability of the configuration altering process while introducing as little overhead as possible. We present a protocol for configuration as well as a hardware extension including a dedicated security controller (SC) for smart sensors. For customers, no additional hardware other than a commercially available smartphone will be necessary which makes the proposed approach highly applicable for smart factory and smart home contexts alike.

Maleki, H., Rahaeimehr, R., Jin, C., Dijk, M. van.  2017.  New clone-detection approach for RFID-based supply chains. 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :122–127.

Radio-Frequency Identification (RFID) tags have been widely used as a low-cost wireless method for detection of counterfeit product injection in supply chains. In order to adequately perform authentication, current RFID monitoring schemes need to either have a persistent online connection between supply chain partners and the back-end database or have a local database on each partner site. A persistent online connection is not guaranteed and local databases on each partner site impose extra cost and security issues. We solve this problem by introducing a new scheme in which a small Non-Volatile Memory (NVM) embedded in RFID tag is used to function as a tiny “encoded local database”. In addition our scheme resists “tag tracing” so that each partner's operation remains private. Our scheme can be implemented in less than 1200 gates satisfying current RFID technology requirements.

Zhou, X., Yao, X., Li, H., Ma, J..  2017.  A bisectional multivariate quadratic equation system for RFID anti-counterfeiting. 2017 IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA). :19–23.

This paper proposes a novel scheme for RFID anti-counterfeiting by applying bisectional multivariate quadratic equations (BMQE) system into an RF tag data encryption. In the key generation process, arbitrarily choose two matrix sets (denoted as A and B) and a base Rab such that [AB] = λRABT, and generate 2n BMQ polynomials (denoted as p) over finite field Fq. Therefore, (Fq, p) is taken as a public key and (A, B, λ) as a private key. In the encryption process, the EPC code is hashed into a message digest dm. Then dm is padded to d'm which is a non-zero 2n×2n matrix over Fq. With (A, B, λ) and d'm, Sm is formed as an n-vector over F2. Unlike the existing anti-counterfeit scheme, the one we proposed is based on quantum cryptography, thus it is robust enough to resist the existing attacks and has high security.

Sun, D. Z., Xu, G. Q..  2017.  One-Round Provably Secure Yoking-Proof for RFID Applications. 2017 IEEE Trustcom/BigDataSE/ICESS. :315–322.

Under the Internet of Things (IoT), the coexistence proof of multiple RFID tagged objects becomes a very useful mechanism in many application areas such as health care, evidences in court, and stores. The yoking-proof scheme addresses this issue. However, all existing yoking-proof schemes require two or more rounds communication to generate the yoking-proof. In this paper, we investigate the design of one-round yoking-proof schemes. Our contributions are threefold: (1) to confirm the coexistence of the RFID tag pair, we propose a one-round offline yoking-proof scheme with privacy protection. (2) We define a privacy model of the yoking-proof scheme and enhance Moriyama's security model for the yoking-proof scheme. The security and the privacy of the proposed scheme are proved under our models. (3) We further extend the yoking-proof scheme for the coexistence of m RFID tags, where m\textbackslashtextgreater2. The extended scheme maintains one-round. In addition, the proposed technique has efficiency advantage, compared with previous work.

Comon, H., Koutsos, A..  2017.  Formal Computational Unlinkability Proofs of RFID Protocols. 2017 IEEE 30th Computer Security Foundations Symposium (CSF). :100–114.

We set up a framework for the formal proofs of RFID protocols in the computational model. We rely on the so-called computationally complete symbolic attacker model. Our contributions are: 1) to design (and prove sound) axioms reflecting the properties of hash functions (Collision-Resistance, PRF). 2) to formalize computational unlinkability in the model. 3) to illustrate the method, providing the first formal proofs of unlinkability of RFID protocols, in the omputational model.

Shi, Z., Chen, J., Chen, S., Ren, S..  2017.  A lightweight RFID authentication protocol with confidentiality and anonymity. 2017 IEEE 2nd Advanced Information Technology, Electronic and Automation Control Conference (IAEAC). :1631–1634.

Radio Frequency IDentification(RFID) is one of the most important sensing techniques for Internet of Things(IoT) and RFID systems have been applied to various different fields. But an RFID system usually uses open wireless radio wave to communicate and this will lead to a serious threat to its privacy and security. The current popular RFID tags are some low-cost passive tags. Their computation and storage resources are very limited. It is not feasible for them to complete some complicated cryptographic operations. So it is very difficult to protect the security and privacy of an RFID system. Lightweight authentication protocol is considered as an effective approach. Many typical authentication protocols usually use Hash functions so that they require more computation and storage resources. Based on CRC function, we propose a lightweight RFID authentication protocol, which needs less computation and storage resources than Hash functions. This protocol exploits an on-chip CRC function and a pseudorandom number generator to ensure the anonymity and freshness of communications between reader and tag. It provides forward security and confidential communication. It can prevent eavesdropping, location trace, replay attack, spoofing and DOS-attack effectively. It is very suitable to be applied to RFID systems.

Amendola, S., Occhiuzzi, C., Marrocco, G..  2017.  RFID sensing networks for critical infrastructure security: A real testbed in an energy smart grid. 2017 IEEE International Conference on RFID Technology Application (RFID-TA). :106–110.

The UHF Radiofrequency Identification technology offers nowadays a viable technological solution for the implementation of low-level environmental monitoring of connected critical infrastructures to be protected from both physical threats and cyber attacks. An RFID sensor network was developed within the H2020 SCISSOR project, by addressing the design of both hardware components, that is a new family of multi-purpose wireless boards, and of control software handling the network topology. The hierarchical system is able to the detect complex, potentially dangerous, events such as the un-authorized access to a restricted area, anomalies of the electrical equipments, or the unusual variation of environmental parameters. The first real-world test-bed has been deployed inside an operational smart-grid on the Favignana Island. Currently, the network is fully working and remotely accessible.

Nguyen, C. T., Hoang, T. T., Phan, V. X..  2017.  A simple method for anonymous tag cardinality estimation in RFID systems with false detection. 2017 4th NAFOSTED Conference on Information and Computer Science. :101–104.

This work investigates the anonymous tag cardinality estimation problem in radio frequency identification systems with frame slotted aloha-based protocol. Each tag, instead of sending its identity upon receiving the reader's request, randomly responds by only one bit in one of the time slots of the frame due to privacy and security. As a result, each slot with no response is observed as in an empty state, while the others are non-empty. Those information can be used for the tag cardinality estimation. Nevertheless, under effects of fading and noise, time slots with tags' response might be observed as empty, while those with no response might be detected as non-empty, which is known as a false detection phenomenon. The performance of conventional estimation methods is, thus, degraded because of inaccurate observations. In order to cope with this issue, we propose a new estimation algorithm using expectation-maximization method. Both the tag cardinality and a probability of false detection are iteratively estimated to maximize a likelihood function. Computer simulations will be provided to show the merit of the proposed method.

Xiaohao, S., Baolong, L..  2017.  An Investigation on Tree-Based Tags Anti-collision Algorithms in RFID. 2017 International Conference on Computer Network, Electronic and Automation (ICCNEA). :5–11.

The tree-based tags anti-collision algorithm is an important method in the anti-collision algorithms. In this paper, several typical tree algorithms are evaluated. The comparison of algorithms is summarized including time complexity, communication complexity and recognition, and the characteristics and disadvantages of each algorithm are pointed out. Finally, the improvement strategies of tree anti-collision algorithm are proposed, and the future research directions are also prospected.

Bing, Y., Baolong, L., Hua, C..  2017.  Review on RFID Identity Authentication Protocols Based on Hash Function. 2017 International Conference on Computer Network, Electronic and Automation (ICCNEA). :20–27.

Radio frequency identification (RFID) is one of the key technologies of Internet of Things, which have many security issues in an open environment. In order to solve the communication problem between RFID tags and readers, security protocols has been improved constantly as the first choice. But the form of attack is also changing constantly with the development of technology. In this paper we classify the security protocols and introduce some problems in the recent security protocols.

Alshehri, A., Sandhu, R..  2017.  Access Control Models for Virtual Object Communication in Cloud-Enabled IoT. 2017 IEEE International Conference on Information Reuse and Integration (IRI). :16–25.
The Internet of Things (IoT) is the latest evolution of the Internet, encompassing an enormous number of connected physical "things." The access-control oriented (ACO) architecture was recently proposed for cloud-enabled IoT, with virtual objects (VOs) and cloud services in the middle layers. A central aspect of ACO is to control communication among VOs. This paper develops operational and administrative access control models for this purpose, assuming topic-based publishsubscribe interaction among VOs. Operational models are developed using (i) access control lists for topics and capabilities for virtual objects and (ii) attribute-based access control, and it is argued that role-based access control is not suitable for this purpose. Administrative models for these two operational models are developed using (i) access control lists, (ii) role-based access control, and (iii) attribute-based access control. A use case illustrates the details of these access control models for VO communication, and their differences. An assessment of these models with respect to security and privacy preserving objectives of IoT is also provided.
Zheng, L., Xue, Y., Zhang, L., Zhang, R..  2017.  Mutual Authentication Protocol for RFID Based on ECC. 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). 2:320–323.

In this paper, a mutual authentication protocol based on ECC is designed for RFID systems. This protocol is described in detail and the performance of this protocol is analyzed. The results show that the protocol has many advantages, such as mutual authentication, confidentiality, anonymity, availability, forward security, scalability and so on, which can resist camouflage attacks, tracking attacks, denial of service attacks, system internal attack.

Mala, H., Adavoudi, A., Aghili, S. F..  2016.  Security analysis of the RBS block cipher. 2016 24th Iranian Conference on Electrical Engineering (ICEE). :130–132.

Radio Frequency Identification (RFID) systems are widely used today because of their low price, usability and being wireless. As RFID systems use wireless communication, they may encounter challenging security problems. Several lightweight encryption algorithms have been proposed so far to solve these problems. The RBS block cipher is one of these algorithms. In designing RBS, conventional block cipher elements such as S-box and P-box are not used. RBS is based on inserting redundant bits between altered plaintext bits using an encryption key Kenc. In this paper, considering not having a proper diffusion as the main defect of RBS, we propose a chosen ciphertext attack against this algorithm. The data complexity of this attack equals to N pairs of text and its time complexity equals to N decryptions, where N is the size of the encryption key Kenc.

Nemati, A., Feizi, S., Ahmadi, A., Haghiri, S., Ahmadi, M., Alirezaee, S..  2015.  An efficient hardware implementation of few lightweight block cipher. 2015 The International Symposium on Artificial Intelligence and Signal Processing (AISP). :273–278.

Radio-frequency identification (RFID) are becoming a part of our everyday life with a wide range of applications such as labeling products and supply chain management and etc. These smart and tiny devices have extremely constrained resources in terms of area, computational abilities, memory, and power. At the same time, security and privacy issues remain as an important problem, thus with the large deployment of low resource devices, increasing need to provide security and privacy among such devices, has arisen. Resource-efficient cryptographic incipient become basic for realizing both security and efficiency in constrained environments and embedded systems like RFID tags and sensor nodes. Among those primitives, lightweight block cipher plays a significant role as a building block for security systems. In 2014 Manoj Kumar et al proposed a new Lightweight block cipher named as FeW, which are suitable for extremely constrained environments and embedded systems. In this paper, we simulate and synthesize the FeW block cipher. Implementation results of the FeW cryptography algorithm on a FPGA are presented. The design target is efficiency of area and cost.

Yang, K., Forte, D., Tehranipoor, M..  2015.  An RFID-based technology for electronic component and system Counterfeit detection and Traceability. 2015 IEEE International Symposium on Technologies for Homeland Security (HST). :1–6.

The vulnerabilities in today's supply chain have raised serious concerns about the security and trustworthiness of electronic components and systems. Testing for device provenance, detection of counterfeit integrated circuits/systems, and traceability are challenging issues to address. In this paper, we develop a novel RFID-based system suitable for electronic component and system Counterfeit detection and System Traceability called CST. CST is composed of different types of on-chip sensors and in-system structures that provide the information needed to detect multiple counterfeit IC types (recycled, cloned, etc.), verify the authenticity of the system with some degree of confidence, and track/identify boards. Central to CST is an RFID tag employed as storage and a channel to read the information from different types of chips on the printed circuit board (PCB) in both power-off and power-on scenarios. Simulations and experimental results using Spartan 3E FPGAs demonstrate the effectiveness of this system. The efficiency of the radio frequency (RF) communication has also been verified via a PCB prototype with a printed slot antenna.

Li, Gaochao, Xu, Xiaolin, Li, Qingshan.  2015.  LADP: A lightweight authentication and delegation protocol for RFID tags. 2015 Seventh International Conference on Ubiquitous and Future Networks. :860–865.

In recent years, the issues of RFID security and privacy are a concern. To prevent the tag is cloned, physically unclonable function (PUF) has been proposed. In each PUF-enabled tag, the responses of PUF depend on the structural disorder that cannot be cloned or reproduced. Therefore, many responses need to store in the database in the initial phase of many authentication protocols. In the supply chain, the owners of the PUF-enabled Tags change frequently, many authentication and delegation protocols are proposed. In this paper, a new lightweight authentication and delegation protocol for RFID tags (LADP) is proposed. The new protocol does not require pre-stored many PUF's responses in the database. When the authentication messages are exchanged, the next response of PUF is passed to the reader secretly. In the transfer process of ownership, the new owner will not get the information of the interaction of the original owner. It can protect the privacy of the original owner. Meanwhile, the original owner cannot continue to access or track the tag. It can protect the privacy of the new owner. In terms of efficiency, the new protocol replaces the pseudorandom number generator with the randomness of PUF that suitable for use in the low-cost tags. The cost of computation and communication are reduced and superior to other protocols.