Your search keyword '"authentication protocols"' showing total 2 results

1. Addressing security and privacy issues in low-cost RFID systems

Author

Bilal, Zeeshan

Subjects

621.841, RFID, lightweight cryptography, authentication protocols, ultra-lightweight mutual authentication protocols, EPC tags, ownership transfer protocols

Abstract

Radio Frequency Identification (RFID) systems are being used in numerous applications such as transportation ticketing, animal tracking, supply chain management, medical records, electronic passports and identity cards. These systems consist of three main components, namely: server, reader and tag. A tag is a small microchip with antenna attached to an item which needs identification. A reader scans a tag(s) and collects the identification information. This information is then passed on to a server by the reader for further operations. Providing security and preserving privacy of these systems come with a cost. In sensitive applications such as e-passports, the embedded tags are resourceful enough to accommodate standard cryptographic functionality. These resourceful tags are high-cost. However in the most widely deployed RFID systems, such as in supply chain management of daily consumer goods, it is not feasible to use such high-cost tags. Therefore the tags used in these applications are low-cost tags which are constrained in their resources. Since these tags cannot afford the luxury of conventional cryptographic primitives, low-cost RFID systems are prone to both passive as well as active adversaries. Some of the typical threats related to an RFID system include tag cloning, impersonation, replay, relay, de-synchronization, DoS, content privacy leakage, tracing and tracking attacks, etc. Therefore it is imperative to think out of the box to provide security and privacy to these low-cost RFID systems. This thesis makes six contributions in this regard. In the first and second contribution, very basic low-cost tags are considered. These tags are very constrained with respect to their resources. To secure such tags, researchers have proposed ultra-lightweight mutual authentication protocols (UMAPs). First we demonstrate multiple attacks in detail on two of such UMAPs. Then we carry out analysis of existing UMAPs and highlight weaknesses. We also propose a new UMAP which overcomes the weaknesses of existing discussed schemes. The next three contributions focus on the most widely used application of RFID systems, supply chain management. This application generally uses a standard EPC-global Class-1 Gen-2 (EPCC1G2). We contribute by first proposing a scheme which provides security and privacy to tagged items throughout a supply chain cycle with online as well as offline readers. Then we focus our work on the counterfeit problem in supply chain management, which causes huge losses to businesses. We propose a hierarchical anti-counterfeit mechanism to counter the problem of counterfeiting during the supply chain cycle. Finally we devise a framework to provide an anti-counterfeiting feature to individual customers who cannot afford the luxury of standard readers and access to a back-end database server. Lastly we discuss the problem of ownership transfer in RFID systems. Since tags travel to different geographic locations, there is a need of ownership transfer, where an owner is an entity which can interact with the tag using a shared secret key. A simple ownership transfer involves transfer of a shared secret key from old owner to new owner. This raises concerns where an old owner would retain a copy of the key and can still interact with the tag even after its ownership is revoked. Similarly, if the key is not changed before transfer, a new owner can trace past transactions of an old owner. We propose a secure ownership transfer scheme which meets certain requirements. We further elaborate on additional properties required to achieve a robust ownership transfer process.

Published

2015

2. Weak and strong authentication in computer networks

Author

Choi, Taehwan

Subjects

Authentication, Authentication protocols, Server authentication, Client authentication, Integrity, HTTP, HTTPS, Password protocol, TLS, Anonymous authentication, Sensor networks, Keying protocol

Abstract

In this dissertation, we design and analyze five authentication protocols that answer to the a firmative the following fi ve questions associated with the authentication functions in computer networks. 1. The transport protocol HTTP is intended to be lightweight. In particular, the execution of applications on top of HTTP is intended to be relatively inexpensive and to take full advantage of the middle boxes in the Internet. To achieve this goal, HTTP does not provide any security guarantees, including any authentication of a server by its clients. This situation raises the following question. Is it possible to design a version of HTTP that is still lightweight and yet provides some security guarantees including the authentication of servers by their clients? 2. The authentication protocol in HTTPS, called TLS, allows a client to authenti- cate the server with which it is communicating. Unfortunately, this protocol is known to be vulnerable to human mistakes and Phishing attacks and Pharm- ing attacks. Is it possible to design a version of TLS that can successfully defend against human mistakes and Phishing attacks and Pharming attacks? 3. In both HTTP and HTTPS, a server can authenticate a client, with which it is communicating, using a standard password protocol. However, standard password protocols are vulnerable to the mistake of a client that uses the same password with multiple servers and to Phishing and Pharming attacks. Is it possible to design a password protocol that is resilient to client mistakes (of using the same password with multiple servers) and to Phishing and Pharming attacks? 4. Each sensor in a sensor network needs to store n - 1 symmetric keys for secure communication if the sensor network has n sensor nodes. The storage is constrained in the sensor network and the earlier approaches succeeded to reduce the number of keys, but failed to achieve secure communications in the face of eavesdropping, impersonation, and collusion. Is it possible to design a secure keying protocol for sensor networks, which is e fficient in terms of computation and storage? 5. Most authentication protocols, where one user authenticates a second user, are based on the assumption that the second user has an "identity", i.e. has a name that is (1) fi xed for a relatively long time, (2) unique, and (3) ap- proved by a central authority. Unfortunately, the adoption of user identities in a network does create some security holes in that network, most notably anonymity loss, identity theft, and misplaced trust. This situation raises the following question. Is it possible to design an authentication protocol where the protocol users have no identities?

Published

2012