An One-way Hash Function Based Lightweight Mutual Authentication RFID Protocol

Similar documents
Y9.ET1.3 Implementation of Secure Energy Management against Cyber/physical Attacks for FREEDM System

Study on SLT calibration method of 2-port waveguide DUT

A Novel Back EMF Zero Crossing Detection of Brushless DC Motor Based on PWM

CHAPTER 2 LITERATURE STUDY

Efficient and Resilient Key Discovery based on Pseudo-Random Key Pre-Deployment

A Slot-Asynchronous MAC Protocol Design for Blind Rendezvous in Cognitive Radio Networks

Multi-beam antennas in a broadband wireless access system

Interference Cancellation Method without Feedback Amount for Three Users Interference Channel

Fuzzy Logic Controller for Three Phase PWM AC-DC Converter

On the Description of Communications Between Software Components with UML

Rek Molva, Alain Pannetrat. Institut Eurecom, Sophia-Antipolis, France. cryptographic keying material.

MAXIMUM FLOWS IN FUZZY NETWORKS WITH FUNNEL-SHAPED NODES

METHOD OF LOCATION USING SIGNALS OF UNKNOWN ORIGIN. Inventor: Brian L. Baskin

Jamming-Resistant Collaborative Broadcast In Wireless Networks, Part II: Multihop Networks

The Discussion of this exercise covers the following points:

Information-Coupled Turbo Codes for LTE Systems

Algorithms for Memory Hierarchies Lecture 14

Simulation of Transformer Based Z-Source Inverter to Obtain High Voltage Boost Ability

Understanding Basic Analog Ideal Op Amps

ABB STOTZ-KONTAKT. ABB i-bus EIB Current Module SM/S Intelligent Installation Systems. User Manual SM/S In = 16 A AC Un = 230 V AC

Exercise 1-1. The Sine Wave EXERCISE OBJECTIVE DISCUSSION OUTLINE. Relationship between a rotating phasor and a sine wave DISCUSSION

Electrically Large Zero-Phase-Shift Metamaterial-based Grid Array Antenna for UHF Near-Field RFID Readers

BP-P2P: Belief Propagation-Based Trust and Reputation Management for P2P Networks

CS2204 DIGITAL LOGIC & STATE MACHINE DESIGN fall 2008

Engineer-to-Engineer Note

Application of Wavelet De-noising in Vibration Torque Measurement

A Key Set Cipher for Wireless Sensor Networks

To provide data transmission in indoor

This is a repository copy of Effect of power state on absorption cross section of personal computer components.

Mixed CMOS PTL Adders

Synchronous Machine Parameter Measurement

A Development of Earthing-Resistance-Estimation Instrument

Synchronous Generator Line Synchronization

CS 135: Computer Architecture I. Boolean Algebra. Basic Logic Gates

Postprint. This is the accepted version of a paper presented at IEEE PES General Meeting.

Foot-Pedal: Haptic Feedback Human Interface Bridging Sensational Gap between Remote Places

BP-P2P: Belief Propagation-Based Trust and Reputation Management for P2P Networks

Dataflow Language Model. DataFlow Models. Applications of Dataflow. Dataflow Languages. Kahn process networks. A Kahn Process (1)

CHAPTER 3 AMPLIFIER DESIGN TECHNIQUES

Synchronous Machine Parameter Measurement

Adaptive Network Coding for Wireless Access Networks

A Cluster-based TDMA System for Inter-Vehicle Communications *

INSTITUTE OF AERONAUTICAL ENGINEERING (Autonomous) Dundigal, Hyderabad

Energy Harvesting Two-Way Channels With Decoding and Processing Costs

EE Controls Lab #2: Implementing State-Transition Logic on a PLC

A COMPARISON OF CIRCUIT IMPLEMENTATIONS FROM A SECURITY PERSPECTIVE

(CATALYST GROUP) B"sic Electric"l Engineering

Network-coded Cooperation for Multi-unicast with Non-Ideal Source-Relay Channels

Open Access A Novel Parallel Current-sharing Control Method of Switch Power Supply

The Math Learning Center PO Box 12929, Salem, Oregon Math Learning Center

Engineer-to-Engineer Note

Domination and Independence on Square Chessboard

A Channel Splitting Technique for Reducing Handoff Delay in Wireless Networks

Development and application of a patent-based design around. process

Design of UHF Fractal Antenna for Localized Near-Field RFID Application

A New Algorithm to Compute Alternate Paths in Reliable OSPF (ROSPF)

Design and Modeling of Substrate Integrated Waveguide based Antenna to Study the Effect of Different Dielectric Materials

CS2204 DIGITAL LOGIC & STATE MACHINE DESIGN SPRING 2005

Robustness Analysis of Pulse Width Modulation Control of Motor Speed

Redundancy Data Elimination Scheme Based on Stitching Technique in Image Senor Networks

Nevery electronic device, since all the semiconductor

University of North Carolina-Charlotte Department of Electrical and Computer Engineering ECGR 4143/5195 Electrical Machinery Fall 2009

Engineer-to-Engineer Note

Experiment 3: Non-Ideal Operational Amplifiers

LECTURE 9: QUADRATIC RESIDUES AND THE LAW OF QUADRATIC RECIPROCITY

Sequential Logic (2) Synchronous vs Asynchronous Sequential Circuit. Clock Signal. Synchronous Sequential Circuits. FSM Overview 9/10/12

Polar Coordinates. July 30, 2014

Design And Implementation Of Luo Converter For Electric Vehicle Applications

Joanna Towler, Roading Engineer, Professional Services, NZTA National Office Dave Bates, Operations Manager, NZTA National Office

MATH 118 PROBLEM SET 6

Student Book SERIES. Patterns and Algebra. Name

April 9, 2000 DIS chapter 10 CHAPTER 3 : INTEGRATED PROCESSOR-LEVEL ARCHITECTURES FOR REAL-TIME DIGITAL SIGNAL PROCESSING

High-speed Simulation of the GPRS Link Layer

A New Stochastic Inner Product Core Design for Digital FIR Filters

Products no longer available

Improving Iris Identification using User Quality and Cohort Information

Math Circles Finite Automata Question Sheet 3 (Solutions)

Three-Phase NPC Inverter Using Three-Phase Coupled Inductor

On the Prediction of EPON Traffic Using Polynomial Fitting in Optical Network Units

B inary classification refers to the categorization of data

Geometric quantities for polar curves

High Speed On-Chip Interconnects: Trade offs in Passive Termination

Experiment 3: Non-Ideal Operational Amplifiers

Secret Key Generation and Agreement in UWB Communication Channels

Module 9. DC Machines. Version 2 EE IIT, Kharagpur

Application Note. Differential Amplifier

ECE 274 Digital Logic. Digital Design. Datapath Components Shifters, Comparators, Counters, Multipliers Digital Design

PB-735 HD DP. Industrial Line. Automatic punch and bind machine for books and calendars

Design and implementation of a high-speed bit-serial SFQ adder based on the binary decision diagram

DYE SOLUBILITY IN SUPERCRITICAL CARBON DIOXIDE FLUID

DP4T RF CMOS Switch: A Better Option to Replace the SPDT Switch and DPDT Switch

Lecture 16: Four Quadrant operation of DC Drive (or) TYPE E Four Quadrant chopper Fed Drive: Operation

Implementation of Different Architectures of Forward 4x4 Integer DCT For H.264/AVC Encoder

MULTILEVEL INVERTER TOPOLOGIES USING FLIPFLOPS

Signaling-Embedded Preamble Design for Flexible Optical Transport Networks

Automatic Heuristic Construction in a Complete General Game Player

Soft switched DC-DC PWM Converters

Novel Dragon Shape UHF RFID Tag Antenna

Design of FPGA-Based Rapid Prototype Spectral Subtraction for Hands-free Speech Applications

Hardware Implementation of Image Compression Technique using Wavelet

Transcription:

JOUNAL OF COMPUES, VOL 8, NO 9, SEPEMBE 2013 2405 An One-wy Hsh Function Bsed Lightweight Mutul Authentiction FID Protocol Xuping en Institute of Softwre nd Intelligent echnology, HngZhou Dinzi University, Hngzhou, Chin renxp@hdueducn Xinghu Xu nd Yunf Li Institute of Softwre nd Intelligent echnology, HngZhou Dinzi University, Hngzhou, Chin {xhxu, yunfli}@hdueducn Abstrct With the widespred development of FID technology, security nd privcy issues become more prominent in FID pplictions In this pper, new onewy hsh function bsed mutul uthentiction protocol is proposed to ddress such security nd privcy problems Prticulrly, ccess list nd pseudorndom flgs re dopted for quick serch, to ensure good efficiency nd sclbility he proposed protocol is nlyzed ccording to three spects: logic, security nd performnce Concretely, GNY logic forml method is used to verify the design correctness of the protocol, the ttck model is used to nlyze the security, nd the performnce is evluted from communiction overlod, storge, nd computtion requirement he nlysis results show tht the protocol hs no obvious design flws, cn resist mjor ttcks, nd improves the system relibility nd effectiveness he proposed protocol cn be esily sclble for lightweight FID systems Index erms uthentiction protocol, logicl nlysis, security, privcy, FID I INODUCION dio Frequency Identifiction (FID systems, thnks to their low cost nd their convenience in identifying n object without physicl contct, hve found mny pplictions in mnufcturing, supply chin mngement, prking grge mngement, nd inventory control[1] Moreover, FID technology is envisioned s n economicl replcement for trditionl brcode counterprt nd expected to be mssively deployed in consumer object identifiction he dvntges of FID system over brcode system include mny-to-mny communiction, wireless dt trnsmission nd its computing nture [2] Despite mny prospective pplictions, FID technology lso poses severl security nd privcy threts [3] [4] which could hrm its globl doption Mny schemes hve been proposed to ddress those security/privcy issues Authentiction of FID tgs is n ctive reserch re nd protocols hve been extensively studied nd reported in the literture [5][6] It is more common tht mutul uthentiction of the tg, reder nd bck-end server [7][8][9] Mutul uthentiction is required to ensure tht tg informtion cn only be legitimte reder nd server systems to get nd reder nd server systems only ccept legl tg informtion Moreover, communiction dt need to be protected Some uthentiction protocols [10][11][12] provide security bsed on bitwise opertion or other simple functions Some uthentiction protocols [13][14][15] [16]minly execute irreversible hsh function nd pseudorndom number genertor (PNG Other uthentiction protocols [17][18] minly use typicl cryptogrphy to chieve high security nd require more system resources Most uthentiction protocols hve been designed without strict forml proof However, lck of forml nlysis my mke those protocols ignoring design flws nd security vulnerbilities In mny cses, people wnt to chieve good security nd privcy gurntee, but do not wnt to consume too much system resources In this pper, we proposed mutul uthentiction protocol bsed on one-wy hsh function for FID system, which hope to meet forementioned requirement he min contributions of our work re s follows Onewy hsh function is used to protect communiction dt during uthentiction Access lists nd pseudorndom flgs re used to chieve quick serch GNY logic forml method is used to verify the design correctness of the protocol he ttck model is used to do the security nlysis In next section, relted FID protocols re reviewed nd nlyzed he proposed protocol is described in section 3 Forml nlysis of the protocol with GNY logic is given in section 4 In section 5, the ttck model is used to nlyze the security on the mjor ttcks Performnce nlysis is done in section 6 Finlly, section 7 drws conclusion II ELAED WOKS According to the security efficiency nd opertion complexity, the protocols (including ccess control, uthentiction nd encryption cn be clssified into three ctegories: ultr-lightweight, lightweight, middleweight he proposed protocol is lightweight protocol So the 2013 ACADEMY PUBLISHE doi:104304/jcp892405-2412

2406 JOUNAL OF COMPUES, VOL 8, NO 9, SEPEMBE 2013 uthors focus on some relted lightweight uthentiction protocols Song nd Mitchell (SM [13] propose FID Authentiction Protocol for Low-cost gs which uses rndom number s temporry secret nd keyed hsh function to protect the messges communicted between tg nd reder It is climed tht the scheme cn provides the identified privcy nd security fetures But this scheme resists forwrd trcebility nd server impersontion under n ssumption And the scheme hs not been proved by forml method nd there my be design flw Ning et l [9] suggest distributed key rry uthentiction protocol (KAAP tht provides clssified security protection It is syntheticlly nlyzed in three spects: logic, security nd performnce It is climed tht the scheme cn resist both externl ttcks nd internl forgery ttcks with insignificntly incresed complexity he scheme need hold key rry, once the key rry is leked, the entire system security cn not be gurnteed Moreover, the key rry method limits the system sclbility hee et l [14] propose Chllenge-esponse Bsed FID Authentiction Protocol (HIDVP he protocol is bsed on Chllenge-esponse using one-wy hsh function nd rndom number It is climed tht the scheme cn resist spoofing, reply ttck nd so on But it hs been found to be unsuitble for distributed dtbse environment [8] Liu nd Ning [8] present zero-knowledge uthentiction protocol bsed on lterntive mode in FID systems (ZKAP In ZKAP, dul zero-knowledge proofs re rndomly chosen to provide nonymity nd mutul uthentiction without reveling ny sensitive identifiers he scheme uses Pseudo-rndom flgs nd ccess lists for quick serch nd check And it employs forml proof model nd ttck model to prove tht ZKAP owns no obvious design defects nd cn resist mjor ttcks But the scheme requires too mny rounds (4 or 5 nd too mny messges (8 or 10 need to be communicted he conventionl security scheme only need communicte 5 messges III POOCOL DESCIPION A System Prmeters ble 1 shows the prmeters pplied in the protocol B Authenticte Phse Figure 1 shows the new protocol We describe the protocol detil in the following ccording to the sequence of messge exchnges 1 Phse 1: Chllenge messges: genertes rndom number r, then computes B = h( PID, r nd C = PID r, nd sends B nd C to s n initil query Nottion DB L L r, r ABLE I NOAION Description he reder in the FID system he tg in the FID system he dtbse in the FID system the ccess list for tgs to retrieve certin reder the ccess list for the dtbse to retrieve certin tg the rndom numbers generted by, PID, he pseudonym of, PID h( A one-wy hsh function [ ] he rounding opertion XO bitwise logic opertor Conctente opertor 2 Phse 2: esponse messges: Upon receiving the query, verifies by serch PID in the ccess list nd clcultes the corresponding r If there isn t PID to meet B nd C, the protocol will terminte with n error code Otherwise, gets PID nd r, nd performs the rounding opertion on r to gin round-off integer d = [ r ] long generting rndom number r computes D = h( r, PID nd E = ( r PID >> d, then responds D nd E to 3 Phse 3: Forwrd messge: When receives the response, it extrcts r from E hen it forwrds D nd r to the dtbse DB for the further uthentiction 4 Phse 4: Authenticte the tg: While receiving D nd r, DB verifies whether there is PID in L If it is flse, is considered s n illegl entity nd will terminte the uthentiction process with n error code Otherwise, DB forwrds PID to nd will be uthenticted by hen obtins F = h( PID, r by performing one-wy hsh function nd sends F to 5 Phse 5: Authenticte the reder: Upon receiving F, performs the one-wy hsh function on its current r If the two vlues re equl, will be PID nd uthenticted by Otherwise, will be considered s n illegl entity nd will terminte the uthentiction with n error code he proposed protocol dopts lightweight mechnisms to relize security, efficiency nd relibility, including one-wy hsh, quick check, nd mutul uthentiction he min pproches re complementry s follows 1 One-wy hsh is dopted to protect PID nd PID to relize no reversibility without reveling ny sensitive dt he one-wy hsh function hs the following property: For ny output y, it is 2013 ACADEMY PUBLISHE

JOUNAL OF COMPUES, VOL 8, NO 9, SEPEMBE 2013 2407 computtionlly infesible to find n input such tht h ( X = y, given no corresponding input is known [13] In the open ir interfce, { B, D, F }cn be sfely published since n ttcker my not find useful dt from those messges 2 Access lists ( L, L store ll the pseudorndom identifiers nd re used to mrk certin reder or certin tg for quick serch DB mintins L nd mintins L For exmple, while receiving D nd r, DB checks L for mtching entry he ccess lists s index-pseudonyms effectively reduce the time complexity of serch opertion nd enble more sclble for dynmic systems 3 Pseudorndom identifiers re trnsmitted insted of the rel identifiers Furthermore, nd generte their rndom numbers r nd r which re to ensure dynmic refresh in ech session Moreover, nd store the lst Pseudorndom identifiers nd rndom numbers, if new query rrives with the sme dt within certin time, it will be neglected his will help the system resist the replying or jmming ttcks 4 Mutul uthentiction procedure is performed to relize ccess control verifies by two steps he first step is to ensure the vlidity of PID he second is to indeed uthenticte DB uthentictes then trnsmits the messge to If nd only if both uthentictions succeed, communiction between nd is secure nd will continue In summry, the new protocol is lightweight mutul uthentiction scheme bsed on one-wy hsh function Figure 1 he mutul uthentiction protocol IV FOMAL ANALYSIS OF HE POOCOL WIH GNY LOGIC Most uthentiction protocols hve been designed nd demonstrted in informl wys However, informl nlysis my ignore design flws nd security errors In the lst section, we hve been described bsic security verifiction for the new protocol in the intuitive wy In the section, GNY Logic [19] is pplied to nlyze the design correctness of the new protocol he forml method my evlute the protocol strictly nd completely therefore even subtle defects cn be found With the forml method, protocol cn be demonstrted to resonbly chieve its gols using logicl postultes We do the GNY forml logic nlysis like [9], nd the nlysis comprises of four steps: 1 formliztion of the messges; 2 definition of initil ssumptions; 3 definition of nticipnt gols; 4 verifiction by logicl rules nd formuls A Formliztion of Messges We formlize of the protocol messges in the lnguge of GNY Logic nd express ech exchnged messge s logicl formul For the ske of clrity, we use the sme sttements like [19][20] ble 2 shows those sttements ABLE II BASIC SAEMENS Nottion Description S X S receives messge contining X, S cn red nd repet X S X S receives X, X is not-originted-here formul S X S possesses, or is cpble of possessing X S ~ X S once conveyed X S X S believes, or would be entitled to believe, tht sttement X holds S φ X S believes, or is entitled to believe tht X is recognizble S # X S believes, or is entitled to believe tht X is fresh v S S X S believes, or is entitled to believe, tht V is suitble secret for S nd X { X, Y } Conctention here re five messges (we clled them: M1, M2, M3, M4, M5 between DB, nd in the uthentiction phses With those sttements the formlized messges re s follows: (M1 * h( PID, r, *( PID r (M2 * h( r, PID, *( r PID >> d (M3 DB * h ( r, PID, DB *r (M4 *PID (M5 h( PID, r, * B Initil Assumptions In order to deduce the security gols from the forementioned sttements, some ssumptions re needed We ssume tht the following sttements cn be obtined: (A1 r ; PID (A2 PID, # PID, ; (A3 r ; (A4 PID, PID DB (A5 #PID, PID (A6 DB # PID, DB DB PID (A7 DB ( DB * 2013 ACADEMY PUBLISHE

2408 JOUNAL OF COMPUES, VOL 8, NO 9, SEPEMBE 2013 hose sttements show the initil possessions nd bilities of ech prticiptor Ech tg possesses r nd PID, nd it is entitled to believe the PID is fresh he reder possesses r nd PID he dtbse DB is entitled to believe the PID is fresh he communiction chnnel between nd DB is considered to be secure; so believes tht DB hs jurisdiction over ll his beliefs C Anticipnt Gols he im of the protocol is to mutul uthenticte between nd nd ssure the messges not used in the previous sessions he nticipnt gol cn be expressed s follows: (G1 ~ r, (G2 ~ PID, (G3 ~ r (G4 ~ PID (G5 DB ~ PID (G6 # h( PID (G7 # h( PID G1 nd G2 show tht believes tht conveyed r nd PID G3 nd G4 show tht believes tht conveyed r nd PID G5 shows tht DB believes tht conveyed PID G6 nd G7 show tht the messges re not used in the previous sessions he first to fifth gols indicte tht the messges re from legl entities And the sixth nd seventh gols indicte freshness requirements D Logic Verifiction In this subsection, we will show tht the gols cn be deduced from the ssumption, the formlized messges nd the relted GNY ules From M1, is informed messges h ( PID, r nd ( PID r hs not received or sent them in the previous sessions, we hve * h( PID, r, *( PID r (1 Applying the Being-old ule 1: ( P ( X /( P X deduces h( PID, r, ( PID r (2 cn retrieve PID from L, nd pplying the Being-old ule 5: ( P F( X, Y, P X/( P Y deduces PID, r (3 hus, is considered to hve been informed PID nd r Applying the Possession ule P1 : ( P X /( P X deduces PID, r, h( PID, r (4 Applying the Possession ule P2: ( P X, P Y /( P ( X, Y, P F( X, Y deduces PID, r (5 ( From A5, #PID, nd pplying the Freshness ule F1: ( P #( X /( P #( X, Y, P # F( X deduces #( PID, r, (6 Applying the Messge Interprettion ule I3: S P H ( X, < S >, P ( X, S, P P Q, P #( X, S P Q ~( X, < S>, P Q ~ H ( X, < S> deduces ~ ( PID, r (7 Finlly, from I3 interprettion nd pplying the Messge Interprettion ule I7: ( P Q ~ ( X, Y/ P Q ~ X deduces ~ ( PID, ~ ( r (8 As result, believes tht once conveyed PID nd r Gol G1 nd G2 re chieved Hereinfter, for simplicity, we directly mrk the pplied logicl rules nd formuls behind the formul For Gol 3: We cn deduce tht *( r PID >> d // by M2 ( r PID >> d //by 1 ( r PID //by 5 r // by 5 r // by P1 ( r, PID //by P2 φ( r // by P4, 6 #( r, PID //by A2, F1 ~ r //by I1 According to I1, is entitled to believe tht once conveyed r For Gol 5: We cn deduce tht DB * h( r, PID, DB *r //by M3 DB h ( r, PID, DB r //by 1 DB, DB h r, PID //by P1 r ( DB PID // by P5 nd ccess list DB ( r, PID //by P2 DB # PID //A6 DB #( r, PID //by F1 DB ~ ( PID // by I3 According to I3, DB is entitled to believe tht once conveyed PID For Gol 4: we cn deduce tht DB ( DB * //by A7 DB ~ ( PID // by Gol 5 DB ( ~ PID DB ( ~ PID //by J3 ( ~ PID //by J1 As result, is entitled to believe tht once conveyed PID For Gol 6: We cn deduce tht # PID // by A5 L 2013 ACADEMY PUBLISHE

JOUNAL OF COMPUES, VOL 8, NO 9, SEPEMBE 2013 2409 PID // from formul (2 # h( PID // by F10 As result, is entitled to believe tht h( PID is fresh For Gol 7: We cn deduce tht DB ( DB * //by A7 DB # PID //by A6 DB # PID DB # PID // by J3 # PID // by J1 *PID // by M4 PID // by 1 PID //by P1 # h( PID // by F10 As result, is entitled to believe tht h( PID is fresh V SECUIY ANALYSIS Like the mjority of similr protocols, we suppose the communiction between DB nd the reder is secure However, the wireless communiction between the reder nd the tg is confronted more serious chllenges We consider the following ttck in the ttck model: spoofing, replying, trcking nd DOS We perform the nlysis with three steps like [9] he first step is to suppose the ction of the ttcker nd the second is to simulte the process of the ttcking step by step he lst is to deduce the security A Spoofing Attck In spoofing ttck, the ttck forges legl reder to get the informtion of the tg or forges legl tg to chet the reder During the reder spoofing ttck, n ttcker simultes s reder nd performs the following ctions: In one session: A: A disguises s reder nd send query to A( : h( PID, r,( PID r : cn not find one mtch to verify A ( / A( : Authentiction will fil In bd conditions: A( : h( r, PID,( r PID >> d // d = [ r ] If responses A by mistke, then A ( ( obtins r In the next session: A: A disguises s tg first nd intercept messges sent to A( / : h( PID, r,( PID r A ( : h( r, PID,( r PID >> d : obtins r from ( r PID >> d using PID nd r DB : r, h( r, PID DB: DB checks whether there is corresponding PID in L, nd it will find tht no mtching flg since the probbility tht r equls r is negligible DB / A(, uthentiction fils In the worse conditions: If DB ignores the mistke nd responses PI D to, clcultes to get h ( PID, r, nd forwrds it to A DB : ( PID A( : h( PID, r A ( cn not obtin PID from h ( PID, r even if it possesses r A: Finlly, A disguises s reder nd forwrds h ( PID, r to A ( : h( PID, r : h( PID, r h( PID, r / A(, uthentiction fils B eply Attck eply ttck refers to tht n ttcker impersontes legl entity to involve into the communictions so s to ccess, modify, nd even delete the messges [8] he protocol uses rndom number to resist the reply ttck In one session: A hs lernt : { h ( PID, r, PID r, h ( r, PID, ( r PID >> d, h ( PID, r } In the next session: A disguises s tg A( / : h( PID, r, PID r A( : h( r, PID,( r PID >> d : If ( [ r ] == [ r ] then obtins r from ( r PID >> d, then will find tht r hs been used in the former session he protocol termintes Else, obtins r from ( r PID >> d, nd r r DB : r, h( r, PID DB:DB checks whether there is corresponding PID in L, nd it will find tht no mtching flg since r r In the worse condition If DB ignores nd responses PI D to, clcultes to get h ( PID, r, nd forwrds it to A DB : PID A : h ( PID, r ( 2013 ACADEMY PUBLISHE

2410 JOUNAL OF COMPUES, VOL 8, NO 9, SEPEMBE 2013 hen A disguises s reder A ( : h( PID, r : h PID, r h( PID, r, the protocol termintes ( C rcking Attck he ttcker my trce tgs through collecting the trnsferring messges in the pst trnsmissions or through mlicious reders In the former sitution, the reder nd tg generte nd use different rndom numbers for ech uthentiction, so the ttcker cn not find two sme messges nd is incpble of trcing the certin tg In the ltter, some mlicious reders send the sme query to tg If the tg responses the sme messge, the reder my trce the certin tg nd chieve its relted informtion If the ttcker A performs the following ctions: A( i : h ( PID, r 1 1, PID r 1 1 ; h ( PID, r 2 2, PID r 2 2 receives the messges nd serches ccess list L PID i in the, there is no mtching entry nd the protocol will terminte In the worse conditions, my responses those reders by mistke: A( i : h ( r, PID 1, ( r PID d 1 >> 1 1 ; h ( r, PID 2, ( r PID d 2 >> 2 2 ; Any two responses re independent since ( r, r, 1 r 2 re diverse from ech other nd 3 ( r, r, 1 r 2 re the sme situtions, while 3 d = [ ] hus, the ttcker is no bility to trce the i r i certin tg ccording to those different messges herefore, no mtter which wy the ttcker employs, it is impossible to trce certin tg nd the loction privcy is ensured D DOS Attck DOS ttck refers to the dtbse nd reders re not ble to process the norml communictions, becuse the ttcker mkes sure tht their resources struggling to keep up through lunching lot of requests he purpose of DOS ttck is not to chieve the sensitive dt, but rther tying to disturb the norml communiction In this protocol, we dopt two pproches to provide protection ginst the DOS ttck like [9] One is ccess lists ( L, L for preliminry check he dtbse will block mlicious ttcks by no mtching pseudorndom identifier in the ccess list L nd similrly L will help the tg discern the illegl reder Another pproch is rndom/ pseudorndom numbers ( r, r, PID, PID he legl tg nd reder store the lst received rndom numbers nd pseudorndom identifiers s temp lists hey cn refuse the query with the sme rndom number or pseudorndom identifier within certin time So the ttcker cn not disturb the norml communiction In the protocol, the forwrd security cn be ensured becuse of rndom / pseudorndom numbers An ttcker cnnot obtin tg s identifier replced by PID even it correctly guesses the rndom number r So the protocol offers nonymity VI PEFOMANCE ANALYSIS In FID systems, the performnce is nother importnt metric besides the security issue, such tht the optimiztion nd blnce between security nd performnce re necessry for FID systems [22] Like most uthentiction protocols, the protocol needs five phses to complete the whole uthentiction process In order to properly evlute the protocol, we compre it with other relted protocols in two spects: storge requirement nd computtion lod In our protocol, ech tg stores identifier pseudorndom identifier PID nd ccess list ID, L, while other relted cryptogrphic lgorithms(such s KAAP need store the secret keys Access list stores ll reders pseudorndom identifiers Additionlly, the memory consumption on one-wy hsh function is nother concern Stndrdized cryptogrphic hsh functions such s SHA-1 re too expensive for use in tody s low-cost FID tgs [22][23] A potentil lterntive is the Whirlpool hsh function, which hs been stndrdized by ISO/IEC nd evluted by the New Europen Schemes for Signtures, Integrity nd Encryption (NESSIE project [24] Prmstlleret l [25] present compct hrdwre implementtion of Whirlpool, which uses n innovtive stte representtion tht mkes it possible to significntly reduce the required hrdwre resources [13] During the entire round, ech reder nd ech tg performs one rndom number genertion ( NG opertion Ech tg lso performs one cryptogrphic hsh function while ech reder performs twice Like KAAP, we dopt the ccess lists L nd L to void exhustive serches in the storge, which reduce the time complexity of serch opertion ble 4 shows the performnce comprison with other relted protocols Our protocol hs the similr storge requirement s protocols [9][14] nd it is more thn S-M here re no exhustive serches in the protocol like protocols [9][14], while protocol [13] require t lest n serches in the storge In the storge nlysis, keys, rndom numbers nd hsh function vlue re ignored for the ske of simplicity All the other components re ssumed L bits sized he protocol owns cceptble storge requirement nd computtion lod From ble 4, it shows tht the protocol requirements fewer complex function invoctions for the tg thn the other three protocols 2013 ACADEMY PUBLISHE

JOUNAL OF COMPUES, VOL 8, NO 9, SEPEMBE 2013 2411 ABLE III PEFOMANCE COMPAISON storge computtion DB+ S-M L +2H +(N+1H HIDVP 3L 3H +3H KAAP 3L +2E +2E Our protocol 3L +H +2H :NG opertion; H: hsh opertion; E: encryption; N:number of tgs; L: length of identifier/ccess list; Note: Ignoring the length of keys, rndom numbers nd hsh function vlue VII CONCLUSIONS In this pper, novel mutul uthentiction protocol bsed on one-wy hsh function is proposed for security protection in FID-bsed sensor systems he protocol dopts mutul uthentiction mechnism, ccess lists nd rndom ccess control mechnism to strengthen security nd privcy protection he design correctness of the protocol is verified by GNY logic using s forml nlysis According to ttck model nlysis, the protocol cn resist severl mjor ttcks Moreover, the protocol hs cceptble storge requirements nd computtion lod bsed on performnce nlysis he protocol hs better sclbility becuse it does not need the secret keys So the protocol is suitble for more lrge-scle nd highrelibility ppliction ACKNOWLEDGMEN his work ws supported in prt by grnt from ZheJing science nd technology pln key project, No 2007 c11023 EFEENCES [1] H Chien nd C Chen, Mutul uthentiction protocol for FID conforming to EPC clss 1 genertion 2 stndrds Computer Stndrds & Interfces, 29(2:254 259, Februry 2007 [2] Dng Nguyen Duc, Hyunrok Lee nd Kwngjo Kim Enhncing Security of EPCGlobl Gen-2 FID ginst rcebility nd cloning Auto-ID Lbs White Pper WP- SWNE-016, 2006 [3] Meingst Mrci, King Jennifer nd Mullign Deirdre K Security nd privcy risks of embedded FID in everydy things: he e-pssport nd beyond Journl of Communictions, v 2, n 7, p 36-48, 2007 [4] Chen Bing, n Chengxing, Jin Bo, Zou Xing nd Di YueboFID-bsed electronic identity security cloud pltform in cyberspce Journl of Networks, v 7, n 7, p 1131-1138, 2012 [5] Gurv Kpoor nd Selwyn Pirmuthu Vulnerbilities in Some ecently Proposed FID Ownership rnsfer Protocols IEEE COMMUNICAIONS LEES, VOL 12, NO 3, MACH 2010 [6]S Pirmuthu, Lightweight cryptogrphic uthentiction in pssive FID-tgged systems, IEEE rns Systems, Mn, nd Cybernetics -Prt C, vol 38, no 3, pp 360 376, 2008 [7] A Juels, Yoking-proofs for FID tgs, in: First Interntionl Workshop on Pervsive Computing nd Communiction Security, 2004 [8] H Liu, H Ning,: Zero-Knowledge Authentiction Protocol Bsed on Alterntive Mode in FID Systems, IEEE Sensors Journl, Dec 2011,Vol 11, No 12, pp3235-3245 [9] H Ning, H Liu, J Mo, Y Zhng: Sclble nd distributed key rry uthentiction protocol in rdio frequency identifiction-bsed sensor systems, IE Communictions,2011,vol 5, lss12, pp1755-1768 [10] Sun, HM, ing, WC: A Gen2-bsed FID uthentiction protocol for security nd privcy, IEEE rns Mob Comput 2009, 8, (8, pp 1052 1062 [11] K Ski, W Ku, Zimmermnn, M Sun, Dynmic Bit Encoding for Privcy Protection ginst Correltion Attcks in FID Bckwrd Chnnel IEEE ANSACIONS ON COMPUES, VOL 62, NO 1, JANUAY 2013,pp112-123 [12] Y in, G Chen, nd J Li A New Ultrlightweight FID Authentiction Protocol with Permuttion IEEE COMMUNICAIONS LEES, VOL 16, NO 5, MAY 2012, pp702-705 [13] B Song nd C J Mitchell, FID uthentiction protocol for Low-cost gs, In the Proceedings of WiSec 08, Mrch 2008, pp 140-147 [14] hee, K, Kwk, J, Kim, S, Won, D: Chllenge-response bsed FID uthentiction protocol for distributed dtbse environment, Secur Pervsive Comput, 2005, 3450, pp 70 84 [15] Doss, W Zhou, S Sundresn, S Yu, L Go A minimum disclosure pproch to uthentiction nd privcy in FID systems Computer Networks 56 (2012 3401 3416 [16] Bin Wng nd Mode M A Server Independent Authentiction Scheme for FID Systems IEEE ANSACIONS ON INDUSIAL INFOMAICS, VOL 8, NO 3, AUG 2012,pp689-696 [17] M Feldhofer, S Dominikus, nd JWolkerstorfer, Strong uthentiction for FID ystems using the AES lgorithm, in Proc CryptogrHrdw Embed Syst, CHES 04, 2004, vol 3156, LNCS, pp 357 370 [18] S I Ahmed, F hmn, nd E Hoque, EAP: ECC bsed FID uthentiction protocol, in Proc 12th IEEE Int Workshop on Future rends of Distrib Comput Syst (FDCS 08, 2008, pp 219 225 [19] Gong, L, Needhm,, Yhlom, : esoning bout belief in cryptogrphic protocols Proc IEEE Computer Society Symp eserch in Security nd Privcy, Cliforni, USA, My 1990,pp 234 248 [20] Godor, G, Imre, S: Security nlysis of the simple lightweight uthentiction protocol Proc 2010 Ninth Int Conf Networks (ICN, French Alps, Frnce, April 2010, pp 231 236 [21] Oltenu, A, Xio, Y, Zhng, Y: Optimiztion between AES security nd performnce for IEEE 802153 WPAN, IEEE rns Wirel Commun, 2009, 8, (12, pp 6030 6037 [22] M Lehtonen, Stke, F Michhelles, nd E Fleisch From identifiction to uthentiction review of FID product uthentiction techniques In Printed hndout of Workshop on FID Security FIDSec 2006, 2006 [23] Stephen Weis Security nd privcy in rdio-frequency identifiction devices Mster s thesis, Msschusetts Institute of echnology (MI, Msschusetts, USA, My 2003 [24] B Preneel et l Finl report of Europen project IS-1999-12324: New Europen schemes for signtures, integrity, nd encryption Avilble t: wwwcosicestkuleuvenbe/nessie/, April 2004 [25] N Prmstller, C echberger, nd V ijmen A compct FPGA implementtion of the hsh function whirlpool In ACM/SIGDA 14th interntionl symposium on Field 2013 ACADEMY PUBLISHE

2412 JOUNAL OF COMPUES, VOL 8, NO 9, SEPEMBE 2013 Progrmmble Gte Arrys FPGA 06, ACM Press, pges 159 166, New York, 2006 Xueping en ws born in 1978 in Zhejing Province, Chin She received the BS degree from Hnzhou Dinzi University, Hngzhou, Chin, in 2005 Currently, she is lecturer t the School of computer science nd technology, Hngzhou Dinzi University She hs prticipted in severl reserch projects t the provincil Science Foundtion of Zhejing nd the Development Progrm of Chin (973 Project, etc She hs published more thn 10 ppers in journls, interntionl confer ences nd workshops, her current reserch focuses on FID Xinghu Xu is now professor in the School of Computer Science t Hngzhou Dinzi Unviersity, Chin He received his BEng in Computer Science from Hngzhou Dinzi University, Chin, nd his PhD degree in Computer Science from Zhejing University, Chin His reserch interests include wireless networks, prllel nd distributed computing, cloud computing His recent reserch hs been supported by Nturl Science Fundtion of Chin He hs served s progrm committee member of ChinGrid 2008/2009/2011, GCC 2009/2010 nd the publiction chir of APSCC 2010 He is the member of the IEEE, ACM, the senior member of CCF (Chin Computer Federtion He is lso the member of CCF echnicl Committee of Service Computing nd CCF echnicl Committee of High Performnce Computing E-mil: xhxu@hdueducn Yunf Li is n ssocite professor of the School of Computer Science nd echnology, Hngzhou Dinzi University, P Chin He received the PhD degree nd the Mster degree in Computing Science from Huzhong University of Science nd echnology, nd the bchelor's degree in mthemtics from Wuhn University His reserch interests include Performnce Modeling nd Anlysis of Softwre, Virtul Mchine, Cloud Computing, System Security, nd Network Security He hs published over 30 reserch ppers in the well-estblished journls nd conferences including Cluster Computing, he Journl of Supercomputing, IE Communictions, Interntionl Journl of Ad Hoc Ubiquitous Computing, Jisunji Ynjiu yu Fnzhn, nd ien zu Hsueh Po 2013 ACADEMY PUBLISHE

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback