An Efficient Serverless RFID Search Protocol Resistant to Reuse of Tag Lists Sang-Rae Lee, Young-Gon Jung, Ki-hun Jang, Hyo-Je Jo, Heung-Youl Youm, 1

Department of Information Security Engineering, Soonchunhayng University, 646, Eupnae-ri, Shinchang-myeon, Asan-si, Chungcheongnam-do, 336-745, Korea {isr3104, ygjung, canonst12, kino, hyyoum } @ sch.ac.kr

Abstract. In case real-time data transfer is not available between a RFID tag reader and a back-end server, the tag reader should have capability to search a particular tag without the help of the back-end server [1-5]. While recent researches are focused on the mobile reader-based tag search protocols to provide protection of security and privacy for the tag reader and the tags, there has been little work that deals with a problem of the mobile reader’s reuse of tag lists that obtained from the previous session. In this paper, we propose a low-cost dynamic Identifier-based tag search protocol with enhanced security that is resistant to reuse of tag lists in the mobile reader-based RFID environment. Keywords: RFID security, serverless tag search protocol, reuse of tag list

1

Introduction

In the ubiquitous society, Radio Frequency Identification (RFID) tag will be attached to most products and objects including person. The capabilities for the reader to read the data in the RFID tag located several meters away make RFID tag an attractive replacement for barcodes. The Radio Frequency Identification (RFID) system generally uses a central database server which stores a tag-related data. However, there have been security and privacy concerns over the widely deployment of RFID tags. Most recent work [7-10] has been focused on solving security and privacy concerns by using the central database server. In the central database model, to obtain data from a tag, the reader first queries to the tag and then forwards the tag reply to the server. The reader does not learn any useful information from the tag reply. After the database server has authenticated the reader verifying that the tag reply is genuine, the database server returns the tag information back to the reader. While the central This research was supported by the MKE(The Ministry of Knowledge Economy), Korea, under the ITRC(Information Technology Research Center) support program supervised by the NIPA(National IT Industry Promotion Agency)” (NIPA-2011C1090-1131-0005).

database server model provides some degree of the protection of security and privacy, it requires a real-time communication link between the reader and the tag. However, in case the reader is unable to communicate with central database server due to some reasons, it is unable to obtain the tag data. To avoid this difficulty, recent work in [1-5] addressed the serverless authentication and search protocols for the tag. In the central server model, the central server informs the reader that the tag is genuine or not, that is, a particular tag exists within the database. However, the serverless model, the mobile reader that is independent with database authenticates the tag and search a particular tag. Recent work in [1-4] addresses tag search protocols in the mobile reader-based context, which attempts to solve protection of security and privacy concerns between the reader and the tag. However, there is a problem of the mobile reader’s reuse of tag lists that obtained from the previous session. We propose an efficient serverless tag search protocol resistant to reuse of tag list by the mobile reader. Our scheme uses tag lists which are used for the reader to access the tags and dynamic identifier to avoid the reuse of tag lists by the reader. Since it is based on a dynamic identifier of a tag, it requires a synchronization mechanism in the tag search protocol. Our proposed search protocol provides protection of privacy, tracking of tag, cloning, eavesdropping and Denial of service (DoS) attack. Additionally, it also provides protection against any possible reuse of tag list provides an alternative novel method for asynchronous communication for the dynamic identifier. The remainder of the paper is organized as follows. In clause 2, we present related work. In the clause 3, we propose an efficient serverless tag search protocol. In clause 4, some security analysis is discussed and comparison of the proposed tag search protocol is presented. Finally, in clause 5, we conclude with some remarks.

2

Related work

Most RFID authentication and search protocols proposed recently [7-10] use a centralized database to store the tag- data which is used to authenticate and search the tag by the reader. On the other hand, several work [1-4] addressed serverless authentication and search protocols. The rest of this clause will address the prominent serverless tag search protocol. The serverless tag search protocols are grouped into two types: a static ID-based tag search protocol and a dynamic ID-based tag search protocol as follows. In the static ID-based search protocol, after a RFID search protocol is completed, the identity of the tag is not changed. However, in the dynamic ID-based search protocol, the identity of the tag is changed. Therefore, synchronization is very important. 2.1

Static ID-based Tag Search Protocol

Tan et al. [1] was the first to propose tag authentication and search protocols without a need for a centralized database server. They provided the authentication protocol between the RFID reader and the RFID tag without the server, which also provides

protection of privacy, tracking, eavesdropping, physical attack and Denial of service (DoS). Chun et al. [3] proposes a tag search protocol using AES-128[5] to protect against privacy, eavesdropping and tracking as the reader and tag may contain the/a cryptography module. 2.2 Dynamic ID-based Tag Search Protocol Ashamed et al. [2] proposed a dynamic-ID based RFID tag search protocol using hash functions which provides protection of tracking, cloning and eavesdropping. Lim et al.[4] proposed a dynamic ID-based RFID tag search protocol using AES-128[5] to protect against privacy leakage, eavesdropping and tracking as the reader and tag may contain a same cryptography module. It should update the ID of the particular tag and the tag list of the reader for every authentication session. However, it could be unsynchronized when the attacker impersonates the particular reader before the genuine RFID reader found the particular tag by using query replying attack.

3

Proposed efficient tag search protocol

3.1 XOR-based Tag List and List of Keys We use an XOR-based Tag-List, the basis of XOR chain which is used in uTESLA [6], and a list of keys for tag which requires a moderate amount of computation compared with hash computations, a characteristic feature of XOR computations. The notation described in Table 1 is used in the remainder of this paper. Table 1. Notation Notation

Meaning

KT IDT XIdR H() rR rT

Key for RFID tags ID for RFID tag Dynamic ID for RFID reader hash function Random Number generated by a reader Random Number generated by a tag

Figure 1 illustrates the structure of a list of keys and a tag list for our tag search protocol.

Fig. 1. XOR-based Secure Tag-List A tag list and a list of keys for tag is basically the chained values based on XOR computations and a secret key for a tag, where the back-end server stores information about the authorized readers and the tags, and generates the tag lists and a list of keys which is used to authenticate and search a tag by using information stored in the reader and the tag. Only a tag list and a list of keys for tag are changed, it is impossible for adversaries to reuse the tag list stored for the adversary in the existing reader, even when an adversary compromises the reader. We assume that the tag list and the list of keys for a tag are transmitted to the mobile reader from the trusted third party via a secure channel, for example, using SSL or TLS. 3.2 A Low-cost secure Tag Search Protocol

Fig. 2. A Low-cost Tag Search Protocol The proposed tag search protocol is a dynamic ID-based tag search protocol where the identifier of a reader and list of keys for tag is changed dynamically after a search protocol is completed using a list of keys for tag. A proposed tag search protocol is shown in Figure 2. We assume that the reader receives the tag list, a list of keys and dynamic XIdR from the trusted third party or a back-end server prior to conducting a tag search protocol. We also assume that the reader maintains dynamic ID of reader and a tag list, XIdR and LIST, respectively. The reader does not save a list of keys for tag.

The reader generates rR and calculate the verification key, H(IdT||KT) from the list of keys and the identifier of a tag. The reader uses XOR operation to compute the query request in the step ②, which will be broadcasted to the all tags in the step ③. The desired tag uses IdT, KT the received value in the step ③to compute rR. The tag computes h(rR1|| rR2) and checks if it matches with the computed one. If it matches, tag generates rT and h(rR1||rT). Otherwise, random value is transmitted with the the predefined probability λ. To determine λ, we first assume that S is the number of RFID tags that can hear a single broadcast query. We select a probability of γ such that at least one tag that does not reply to create noise. We can estimate λ by solving 1−(1−λ)S ≥ γ [1]. The reader computes h(rR1||rT) and check if it matches with the computed one, it assume that the desired tag exists in the transmission range.

4

Comparison of the proposed protocol

4.1 Security analysis of the proposed search protocol We analyze our search protocol depicted in Fig. 2 against certain types of attacks. Threat 1 : Eavesdropping Attack The attacker is able to observe or monitor all interactions between the reader and the tag. The attacker wishes to use the data to launch three attacks such as privacy leakage, tracking of tag and cloning a tag by creating a fake tag using the data obtained by eavesdropping [1]. Please note that the proposed protocol uses different random numbers generated by the reader and tag, respectively and an attacker eavesdropping on the communications observes different queries and different responses each times. Therefore, the proposed protocol prevents against using the interaction to launch privacy leakage attack or tracking attacks. Additionally, the attacker is unable to use the eavesdropped information to generate a cloning tag, since the attacker is unable to obtain the key of tag. Threat 2 : Privacy The privacy could pose a serious problem if the attacker is able to distinguish a tag by eavesdropping or by having a fake reader query to tags. Therefore, the privacy of the owner of the tag, the location, the list of belongings or the life style, could be considered one of the serious issues in the RFID system. Under this type of attack, it is generally assumed that the attacker has a list of targeted RFID tags. The attacker then queries every tag in a particular area to decide the most valuable to steal [1]. Since a tag generates different responses for every search, the attacker is unable to identify which tag is on his list. This protects the privacy of the tag. Threat 3 : Tracking

Under this type of attack, the attacker tries to trace tag over time. The attacker may have a chance to distinguish a particular tag from other tags over time by repeatedly querying with a value that yields a consistent replay. Then the attacker could be to trace the movements of tag over time. This consistent reply serves as a signature of Tag [1]. Likewise, the attacker is unable to distinguish a particular tag, making it impossible for a tag being tracked. Threat 4 : Cloning Under this type of attack or "skimming", the attacker first queries Tag and obtains a response as a rule. The attacker places the response on a fake tag. The attacker attempts to pass on his or her fake tag as legitimate by fake tags that contain the responses of real tags. The attacker succeeds if the reader believes the fake RFID tag to be the genuine RFID tag[1]. The attacker is unable to obtain key of a tag from the eavesdropped information to generate the cloning tag. This protects the cloning tag. 4.2 Comparison of the proposed protocol In this clause, the comparison of the proposed search protocol with the existing search protocol in terms of computational complexity required. In Table 2, we use Tag to denote a amount of computation required at a tag, Server-RQ to denote an amount of computations required for generating a query at the reader, Server-NT to denote an amount of computation for generating response by the reader, R to denote an amount of computation for generating random number by using a pseudo-random function, X to denote an exclusive logical operation, H by a hash operation, E to denote an encryption operation, and D to denote decryption operation. Table 2 shows that the proposed protocol is more efficient than the existing search protocols and resistant to reuse of tag list Table 2 Comparison of the proposed scheme with existing protocols

Proposed Protocol

[1]

[2]

[3]

[4]

Tag

3X+R+2H

2P+2M

D+2E+R+X

2D+2E+H+ R

X+R+3H

Server-RQ

H+R+X

R

E+R

E+R

3X+2R+H

Server-RP

H+X

R+M

D+X

D

H

5

Conclusion

We propose an efficient serverless RFID tag search protocol applicable to mobile wireless readers (for example, tablet PC) in a mobile environment. We use a list of key computed based on the XOR-chain to prevent reuse of tag lists by the readers. We have shown that the proposed protocol meets all the security requirements including the prevention of reuse of tag lists. Additionally, we have shown that the proposed tag search protocol performs better than the existing search protocol in terms of computational complexity, resulting in the proposed protocol being efficient.

References [1] C.C.Tan, B.Sheng, and Q.Li, “Secure and Serverless RFID Authentication and Search Protocols,” IEEE Transactions on Wireless Communications, vol.7, no.3, pp.1400-1407, Apr. 2008. [2] S.I.Ahamed, F.Rahman, e.Hoque, F.Kawsar, and T.Nakajima, “S3PR:Secure Serverless Search Protocols for RFID,” Information Security and Assurance(ISA), pp.187-192, Apr. 2008. [3] J.Y.Chun, J.Y.Hwang, and D.H.Lee, “RFID Tag Search Protocol Preserving Privacy of Reader Holders,” Journal of Korea Institute of Information Security & Cryptology, vol.19, no.5, pp.59-69, Oct. 2009. [4] J.H.Lim, H.K.Oh, and S.J.Kim, “A Secure RFID Search Protocol Protecting Mobile Reader"s1 Privacy Without On-line Server,” Journal of Korea Institute of Information Security & Cryptology, vol.20, no.2, pp.73-90, Apr. 2010. [5] M.Feldhofer and J.Wolkerstorfer, “Strong crypto for RFID tags-A comparison of low-power hardware implementations,” IEEE International Symposium on Circuits and Systems (ISCAS), pp. 1839-1842, May 2007 [6] Donggang Liu, Peng Ning, “Multilevel μTESLA: Broadcast authentication for distributed sensor networks,” ACM Transactions on Embedded Computing Systems (TECS), Volume 3 Issue 4, November 2004 [7] T. Dimitriou, “A lightweight RFID protocol to protect against traceability and cloning attacks,” SecureComm,, 2005. [8] S.-M. Lee, Y. J. Hwang, D. H. Lee, and J. I. L. Lim, “Efficient authentication for low-cost RFID systems,” ICCSA, 2005. [9] M. Ohkubo, K. Suzuki, and S. Kinoshita, “Cryptographic approach to “privacyfriendly” tags,” RFID Privacy Workshop, 2003. [10] G. Tsudik, “YA-TRAP: Yet another trivial RFID authentication protocol,” PerCom, 2006.

An Efficient Serverless RFID Search Protocol Resistant ...

database server has authenticated the reader verifying that the tag reply is genuine, the database .... This consistent reply serves as a signature of. Tag [1].
Download PDF
125KB Sizes 0 Downloads 250 Views
Report

Recommend Documents

Serverless Search and Authentication Protocols for RFID
The adversary can then make duplicate tags to fool other readers. Our protocol ..... To determine the value of m, we first define a collision space as CS = 2l−m.
Secure and Serverless RFID Authentication and Search ...
RFID search, and suggest several solutions. ... exchange random numbers, nr and nt, at the start of the query. ...... tology ePrint Archive, Report 2006/227.
Secure and Serverless RFID Authentication and Search ...
{cct,shengbo,liqun}@cs.wm.edu. Department of .... reader forwards this metaID to the backend server .... ply back to a backend server to obtain the tag data.
Cloud-Based Iterative RFID Tag Search Protocol Using ...
1 School of Software Engineering, Tongji University, Shanghai, China. {lincolnmi1108,dqzhang,kefan}@tongji.edu. ... based service to rapidly conduct the searching process. Extensive experimental ..... During the simulation process, we assume that the
An Efficient Fully Deniable Key Exchange Protocol
is a receiver of message F low1, we say that Pi acts as a responder in this instance. ..... test session key and win the test session. However, we show that ...
7.4 - Search Protocol Reference
8. Search Request Examples (POST command). 9. Search Parameters. 10 ..... Limits search results to documents in the specified domain, host or web ..... anchor text in links to the pages contain the words “best,” “museums,” and “sydney.
Efficient DES Key Search
operation for a small penalty in running time. The issues of development ... cost of the machine and the time required to find a DES key. There are no plans to ...
An Efficient Reliable Multicast Protocol for 802.11 ...
Email: {varun, ruan}@cs.iastate.edu ... protocol, Batch Mode Multicast MAC in terms of delivered ... transmission, the sender (the AP) senses the medium for.
An Efficient and Fair Reliable Multicast Protocol for ...
802.11n is the latest standard and can potentially deliver up to 600Mbps ...... This idea serves as a basic framework for introducing fairness into parallel unicast and ..... http : //www.tutorial − reports.com/wireless/wlanwifi/introductionwifi.ph
An Energy Efficient Multi-channel MAC Protocol for ... - IEEE Xplore
Department of Computer Engineering, Kyung Hee University, 449-701, ... Department of Electronics and Communications Engineering, Kwangwoon University, ...
7.0 - Search Protocol Reference
Google Search Appliance: Search Protocol Reference. Request Format. 10 ... Limits search results to documents in the specified domain, host or web ..... anchor text in links to the pages contain the words “best,” “museums,” and “sydney.
7.2 - Search Protocol Reference
...... data on the Internet connection, the /click information is visible. .... Google recommends that the search results page displays a message on the last page similar ...
An efficient hybrid algorithm based on harmony search ...
different methods of structural optimization have been introduced which can be ... There are several papers utilizing heuristic methods in structural optimization field, but ... Corresponding author: Tel: +98-21-44202710; fax: +98-21-77240398.
An Efficient Pseudocodeword Search Algorithm for ...
next step. The iterations converge rapidly to a pseudocodeword neighboring the zero codeword ..... ever our working conjecture is that the right-hand side (RHS).
Energy-Efficient Protocol for Cooperative Networks - CiteSeerX
Apr 15, 2011 - model a cooperative transmission link in wireless networks as a transmitter cluster ... savings can be achieved for a grid topology, while for random node placement our ...... Comput., Pacific Grove, CA, Oct. 2006, pp. 814–818.
QuickYield: An Efficient Global-Search Based ...
3. , and Lei He. 1. 1. University of California, Los Angeles, Los Angeles, US ... ABSTRACT. With technology scaling down to 90nm and below, many yield-driven.
Efficient Continuous Scanning in RFID Systems
collected. We use a variable p to keep track of the probability that an unknown tag will not be identified after the current round (line 5). Obviously, p becomes smaller as the reader runs more rounds of queries. The process terminates when p
Efficient Tag Identification in Mobile RFID Systems
State Key Laboratory of Novel Software Technology,. Department of Computer .... which contains the uplink frequency and data encoding, the Q parameter ...... [18] S. R. Jeffery, M. Garofalakis, and M. J. Franklin, “Adaptive cleaning for rfid data .
Efficient Tag Identification in Mobile RFID Systems - Semantic Scholar
model, we propose efficient solutions to identify moving RFID tags, according to the .... the amount of energy reflected by an object is dependent on the reflective area ...... an alternative scheme to estimate the number of tags. Our methodology ...
Efficient Median Estimation for RFID Systems
We aim to develop an efficient algorithm to estimate the median of a large number of sensor-RFID tags, in-network, at the RFID reader. To the best of our knowledge, this paper presents the first efficient median estimation algorithm for sensor-RFID t
Efficient Ranking in Sponsored Search
Sponsored search is today considered one of the most effective marketing vehicles available ... search market. ...... pooling in multilevel (hierarchical) models.
Efficient Ranking in Sponsored Search
V (γ) = E[µ2b2] + E[µ1b1 − µ2b2]1{t1>t2(b2/b1)1/γ }, ... t1 < t2. Under condition (3) we see from (8) that the expectation term in (5) ..... Internet advertising and the ...
Efficient Search Engine Measurements - Technion - Electrical ...
Jul 18, 2010 - can be used by search engine users and clients to gauge the quality of the service they get and by researchers to compare search engines. ...... used Wikipedia and the ODP [14] directory for this purpose). We can run the estimator with
EFFICIENT SPEAKER SEARCH OVER LARGE ...
Audio, Speech, and Language Processing, vol. 17, no. 4, pp. 848–853, May ... Int. Conf. on Acoustics, Signal and Speech Proc., 2011. [6] R. Kuhn, J.-C. Junqua, ...