پروتکل دوگانه با برای تگ های RFID کم هزینه
Abstract
1- Introduction
2- Preliminaries
3- Related works
4- Our protocol UMAPSS
5- Security analysis
6- Analysis on attack models
7- Formal security analysis
8- Performance evaluation
9- Conclusion
Acknowledgements
References
Abstract
RFID tags have become ubiquitous and cheaper to implement. It is often imperative to design ultralightweight authentication protocols for such tags. Many existing protocols still rely on triangular functions, which have been shown to have security and privacy vulnerabilities. This work proposes UMAPSS, an ultralightweight mutual-authentication protocol based on Shamir’s (2,n) secret sharing. It includes mechanisms for double verification, session control, mutual authentication, and dynamic update to enhance security and provide a robust privacy protection. The protocol relies only on two simple bitwise operations, namely addition modulo 2m and a circular shift Rot(x, y), on the tag’s end. It avoids other, unbalanced, triangular operations. A security analysis shows that the protocol has excellent privacy properties while offering a robust defense against a broad range of typical attacks. It satisfies common security and the lowcost requirements for RFID tags. It is competitive against existing protocol, scoring favourably in terms of computational cost, storage requirement, and communication overhead.
Introduction
Radio Frequency Identification (RFID) brought automatic object identification by electromagnetic wave into sensor technology, requiring no physical contact, which was revolutionary. As costs steadily drop, RFID systems are increasingly deployed in varied environments, raising numerous security and privacy concerns. Many works have pointed out that RFID is vulnerable to practical malicious attacks (see [1] and [2]) and security threats (see [3] and [4]). These include eavesdropping, message interception and modification, blocking, jamming, counterfeiting, spoofing, traffic analysis, man in the middle (MITM), traceability, and desynchronization attacks. Effective authentication protocols to improve robustness, reliability, and security against 10 major attacks, both passive and active, are crucial. Based on memory type, power consumption, and price, RFID tags are either high-cost or low-cost. In 2007, Chien proposed a tag classification based on computational cost and supported on-tag operations [5]. High-cost tags fall into either full-fledged or simple class. The low-cost tags are either in the lightweight or ultralightweight class. Low-cost RFID tags have between 5000 to 10000 logic gates with only 250 to 3000 of them to use for security functions. It remains very challenging to deploy conventional cryptographic protocols on tags, especially the ultralightweight ones. Their typical authentication protocol uses only simple bitwise operations such as XOR, OR, AND, and rotation.