Secret Searching in Wireless Sensor Networks with RFIDs

Similar documents
Performance Analysis of Channel Switching with Various Bandwidths in Cognitive Radio

A New Space-Repetition Code Based on One Bit Feedback Compared to Alamouti Space-Time Code

Fingerprint Classification Based on Directional Image Constructed Using Wavelet Transform Domains

Logarithms APPENDIX IV. 265 Appendix

On Parity based Divide and Conquer Recursive Functions

Introduction to OSPF

Data Acquisition System for Electric Vehicle s Driving Motor Test Bench Based on VC++ *

Permutation Enumeration

A SELECTIVE POINTER FORWARDING STRATEGY FOR LOCATION TRACKING IN PERSONAL COMMUNICATION SYSTEMS

Novel pseudo random number generation using variant logic framework

CHAPTER 5 A NEAR-LOSSLESS RUN-LENGTH CODER

Sapana P. Dubey. (Department of applied mathematics,piet, Nagpur,India) I. INTRODUCTION

Lecture 4: Frequency Reuse Concepts

Data Mining of Bayesian Networks to Select Fusion Nodes from Wireless Sensor Networks

Faulty Clock Detection for Crypto Circuits Against Differential Faulty Analysis Attack

arxiv: v2 [math.co] 15 Oct 2018

PRACTICAL FILTER DESIGN & IMPLEMENTATION LAB

Combined Scheme for Fast PN Code Acquisition

Intermediate Information Structures

Spread Spectrum Signal for Digital Communications

H2 Mathematics Pure Mathematics Section A Comprehensive Checklist of Concepts and Skills by Mr Wee Wen Shih. Visit: wenshih.wordpress.

PROJECT #2 GENERIC ROBOT SIMULATOR

COMPRESSION OF TRANSMULTIPLEXED ACOUSTIC SIGNALS

Subcarriers and Bits Allocation in Multiuser Orthogonal Frequency Division Multiplexing System

Single Bit DACs in a Nutshell. Part I DAC Basics

A study on the efficient compression algorithm of the voice/data integrated multiplexer

EMU-Synchronization Enhanced Mobile Underwater Networks for Assisting Time Synchronization Scheme in Sensors

PHY-MAC dialogue with Multi-Packet Reception

Neighbor Discovery for Cognitive Radio Ad Hoc Networks

A novel adaptive modulation and coding strategy based on partial feedback for enhanced MBMS network

General Model :Algorithms in the Real World. Applications. Block Codes

Acquisition of GPS Software Receiver Using Split-Radix FFT

High Speed Area Efficient Modulo 2 1

Unit 5: Estimating with Confidence

x y z HD(x, y) + HD(y, z) HD(x, z)

8. Combinatorial Structures

Radar emitter recognition method based on AdaBoost and decision tree Tang Xiaojing1, a, Chen Weigao1 and Zhu Weigang1 1

Lecture 13: DUART serial I/O, part I

ON THE FUNDAMENTAL RELATIONSHIP BETWEEN THE ACHIEVABLE CAPACITY AND DELAY IN MOBILE WIRELESS NETWORKS

Optimization of Fractional Frequency Reuse in Long Term Evolution Networks

The Fundamental Capacity-Delay Tradeoff in Large Mobile Ad Hoc Networks

Cross-Layer Performance of a Distributed Real-Time MAC Protocol Supporting Variable Bit Rate Multiclass Services in WPANs

A study on traffic accident measures in municipal roads by using GIS

DIGITALLY TUNED SINUSOIDAL OSCILLATOR USING MULTIPLE- OUTPUT CURRENT OPERATIONAL AMPLIFIER FOR APPLICATIONS IN HIGH STABLE ACOUSTICAL GENERATORS

Join a Professional Association

ECE 333: Introduction to Communication Networks Fall Lecture 4: Physical layer II

Enhancement of the IEEE MAC Protocol for Scalable Data Collection in Dense Sensor Networks

Analysis of SDR GNSS Using MATLAB

Throughput/Delay Analysis of Spectrally Phase- Encoded Optical CDMA over WDM Networks

Application of Improved Genetic Algorithm to Two-side Assembly Line Balancing

Cooperative Diversity Based on Code Superposition

Measurements of the Communications Environment in Medium Voltage Power Distribution Lines for Wide-Band Power Line Communications

CS 201: Adversary arguments. This handout presents two lower bounds for selection problems using adversary arguments ëknu73,

APPLICATION NOTE UNDERSTANDING EFFECTIVE BITS

HOW BAD RECEIVER COORDINATES CAN AFFECT GPS TIMING

Design and Construction of a Three-phase Digital Energy Meter

Optimal Arrangement of Buoys Observable by Means of Radar

Design of FPGA- Based SPWM Single Phase Full-Bridge Inverter

International Power, Electronics and Materials Engineering Conference (IPEMEC 2015)

Technical Explanation for Counters

Random Block Verification: Improving the Norwegian Electoral Mix Net

Fast Sensor Deployment for Fusion-based Target Detection

Multisensor transducer based on a parallel fiber optic digital-to-analog converter

lecture notes September 2, Sequential Choice

A New Energy Efficient Data Gathering Approach in Wireless Sensor Networks

7. Counting Measure. Definitions and Basic Properties

Roberto s Notes on Infinite Series Chapter 1: Series Section 2. Infinite series

The Detection of Abrupt Changes in Fatigue Data by Using Cumulative Sum (CUSUM) Method

Broadcasting in Multichannel Cognitive Radio Ad Hoc Networks

Efficient Anonymous Key Exchange Protocol for Roaming in Wireless Networks

Efficient and Privacy-Preserving Data Aggregation in Mobile Sensing

MEASUREMENT AND CONTORL OF TOTAL HARMONIC DISTORTION IN FREQUENCY RANGE 0,02-10KHZ.

sible number of wavelengths. The wave~~ngt~ ~ ~ ~ c ~ n b~dwidth is set low eno~gh to interfax One of the most im

A New Energy Consumption Algorithm with Active Sensor Selection Using GELS in Target Coverage WSN

History and Advancement of the Family of Log Periodic Toothed Planer Microstrip Antenna

202 Chapter 9 n Go Bot. Hint

A New Design of Log-Periodic Dipole Array (LPDA) Antenna

Density Slicing Reference Manual

On the Capacity of k-mpr Wireless Networks

IEEE Protocol Implementation And Measurement Of Current Consumption by Rajan Rai

THE LUCAS TRIANGLE RECOUNTED. Arthur T. Benjamin Dept. of Mathematics, Harvey Mudd College, Claremont, CA Introduction

AC : USING ELLIPTIC INTEGRALS AND FUNCTIONS TO STUDY LARGE-AMPLITUDE OSCILLATIONS OF A PENDULUM

ASample of an XML stream is:

SHORT-TERM TRAVEL TIME PREDICTION USING A NEURAL NETWORK

x 1 + x x n n = x 1 x 2 + x x n n = x 2 x 3 + x x n n = x 3 x 5 + x x n = x n

Compound Controller for DC Motor Servo System Based on Inner-Loop Extended State Observer

Design of FPGA Based SPWM Single Phase Inverter

Measurement of Equivalent Input Distortion AN 20

Reducing Power Dissipation in Complex Digital Filters by using the Quadratic Residue Number System Λ

Optimization of Base Station and Maximizing the Lifetime of Wireless Sensor Network

Adaptive Resource Allocation in Multiuser OFDM Systems

Importance Analysis of Urban Rail Transit Network Station Based on Passenger

Zero Pre-shared Secret Key Establishment in the Presence of Jammers

Novel Steganography System using Lucas Sequence

3. Error Correcting Codes

A Radio Resource Allocation Algorithm for QoS Provision in PMP-based Systems

Comparison of Frequency Offset Estimation Methods for OFDM Burst Transmission in the Selective Fading Channels

Counting on r-fibonacci Numbers

Energy-Optimal Online Algorithms for Broadcasting in Wireless Networks

POWERS OF 3RD ORDER MAGIC SQUARES

Transcription:

Secret Searchig i Wireless Sesor Networks with RFIDs Shih-I Huag Shiuhpyg Shieh Dept. of Comp. Sci. & Ifo. Eg. Natioal Chiao Tug Uiversity, Hsichu, Taiwa 300 {sihuag,ssp}@csie.ctu.edu.tw Abstract I this paper, we propose a etwork architecture with RFIDs ad sesor odes (ARIES, a mutual autheticatio protocol (AMULET, ad a secret search protocol (ASSART. I ARIES, the distace limitatio ca be relieved with the help of widely deployed RFID-aware sesor odes. AMULET ca perform mutual autheticatio ad reduce the cost for re-autheticatio. ASSART solves the privacy problem by offerig a secret search mechaism over ecrypted data. I this way, data will ot be disclosed durig commuicatio ad query processes. eywords: RFID, Wireless Sesor Networks, Autheticatio, Privacy, Secret Search 1. Itroductio To search uecrypted data i a covetioal remote database is relatively easy, but it leads to a problem that these searchig queries may leak private iformatio durig trasmissio. Oe possible solutio to prevet data leakig is to ecrypt origial data ad put ecrypted data i remote database. However, ecryptio causes problems whe performig queries. I a etwork composed of wireless sesor odes ad RFIDs, ecryptio is almost uaffordable. How to re-desig ecryptio schemes is a challegig task. I these eviromets, the collaboratio of sesor odes ad tags ca form a dyamic, distributed database, where each sesor ode cotais a tiy database, ad each elemet of the database is composed of data stored i RFIDs. Sice sesor odes are widely deployed, they form a group of distictive databases. To solve security problems metioed above, a simple way is to ecrypt ad store data i each database. However, it raises the secret searchig problem whe authorized readers wat to search a specific target i ecrypted form. With highly costraied computatio capability ad storage, Weis et al.[11] suggest a radomized lock protocol for private autheticatio. However, their scheme is either private or secure agaist passive eavesdroppers. Wager et al. [3] propose a PRF-based private autheticatio protocol to improve Weis s protocol. However, i both protocols, the tag eeds to be re-autheticated eve it has bee autheticated by oe authorized reader beforehad. This is computatioally waste ad uecessary. Oe acute secret search problem occurs whe data is ecrypted ad stored i tags. Though data security ca be attaied, data caot retrieved by performig search queries merely by plaitexts [1]. May researchers have ivestigated secret search over ecrypted problem whe usig a utrusted file server or exteral utrusted memory [7]. Oe of the premier research works [2] provides secret search i the sese that the utrusted servers caot lear aythig about the plaitext whe oly give the ciphertext. I their scheme, data eeds to be ecrypted beforehad with complex ecryptio operatios. This is uavailable for both tags ad sesors. Therefore, this scheme is ot well-suitable for RFID applicatios. Aother secret search solutio is to support searchig over ecrypted data by usig multi-party computatio ad oblivious fuctios [5][9]. This solutio requires high computatio overhead, ad therefore is ot applicable i sesor architecture. Our cotributios are threefold. First, we propose a architecture of RFIDs ad

RFID-aware sesor etworks (ARIES. Secod, we desig a mutual autheticatio protocol (AMULET, which is feasible for RFIDs ad sesor odes. Third, a secret search protocol (ASSART is proposed for readers to search secret over private data i a ecrypted form. The remaider of this paper is orgaized as follows. Sectio 2 itroduces our proposed architecture of RFID ad sesor etworks. Also, a mutual autheticatio protocol for readers ad tags (AMULET is proposed to prevet passive eavesdroppig. I sectio 3, a secret search protocol (ASSART is proposed to query ecrypted data. No private data will be leaked durig wireless trasmissio. Sectio 4 gives proofs to our proposed schemes, ad sectio 5 cocludes our work. 2. ARIES To solve distace limitatio problem, we propose a ARchitecture of RFIDs ad RFID-aware sesor etworks (ARIES. Sesor odes ca read data o tags as a bridge betwee readers ad tags. I this architecture, every target ca be traced eve they are located far away from readers; therefore, fidig misplaced targets, such as books, ca be solved. A RFID-reader is a device ca perform read, write or overwrite operatios o RFID tags through wireless iterface. All readers share a database storig all authorized IDs. The readers share a uique secret key s with each tag, ad s is saved i both tag ad the database shared by readers. That is, readers save all pairs of ( s, ID i the shared database, ad each tag save its idividual secret key s. Each reader also saves a uique ecryptio key E i to ecrypt data ad o other devices kow this key. Sice E i is privately saved, it ca be used to verify the owership of ecrypted data. A tag is a small, thi, readable, ad writeable device which ca store limited data. Oe restrictio of tags is that each tag has oly limited computatio capability. Computatio itesive operatios, such as ecryptio, are iadequate for tags. To reduce the effort for buildig secure chaels betwee readers ad sesor odes, tags save two secret keys. Oe key is used to build secure chael with readers, the other is used to build secure chael with sesor odes. A RFID-aware sesor ode is a tiy device capable of detectig RFID tags. It has a RFID-aware sesor, ad uses a trasceiver ad a receiver to commuicate with readers ad tags through wireless iterface. Sesor odes are cheap ad ca be widely dispersed. Each sesor saves two secret keys shared with readers ad tags. To prevet replay attacks, we assume that each reader ad sesor ode has a sychroized timer. Therefore, re-autheticatio processes ca use the timer to verify whether curret re-autheticatio process is expired or ot. The sychroizatio does ot eed to perform frequetly because autheticatio may ot operate costatly. Loosely time-sychroizatio would be secure eough for autheticatio. Sice much research has ivestigated o time sychroizatio [6][9], we do ot ited to sped time o this issue. Oe restrictio eeds to solve is distace limitatio. Sice readers caot be widely deployed, sesor odes ca make up for this eed. We assume that every sesor ca multihopped to authorized readers ad every sesor ode has a secret key SR shared with readers. With SR, readers ad sesor odes ca maitai secure commuicatio. We do ot ited to itroduce the security algorithm betwee readers ad sesors. Istead, we merely idicate that the chael betwee readers ad sesor odes are secure by storig shared secret keys or pre-distributig verifiable key pairs [8].

Figure 1: ARIES architecture. Figure 1 shows ARIES architecture of usig RFID ad sesor wireless sesor etworks. I the architecture, sesor odes ca collect data stored o tags, ad as a whole ca be viewed as a distributed database with tiy databases. Each attribute of the distributed database represets characteristics of the target. As a example, the distributed tiy database ca be represeted as followig table (Table 1: Target ID Sesor ID Attr 1 Attr 2 Attr N ID 1 Sesor A Attr(A1 Attr(A2 Attr(A ID 2 Sesor A Attr(A1 Attr(A2 Attr(A ID 2 Sesor B Attr (B1 Attr (B2 Attr(B ID 7 Sesor Attr (1 Attr (2 Attr( Table 1: A example of the distributed tiy database. 2.1 AMULET Autheticatio is the first ecessary process to build trust relatioship betwee readers ad tags. Because the commuicatio betwee reader ad tag is wireless, there is a possibility for attackers to eavesdrop the trasmitted data, icludig password. Much research has show that the RFID commuicatio is a asymmetry i sigal stregth. That is, it will be much easier for attackers to eavesdrop o sigals from reader to tag tha o data from tag to reader. With this property, we propose A MUtuaL autheticatio protocol for readers ad tags (AMULET to ehace passwords wireless commuicatio betwee RFID tags ad readers. At setup time, we give each tag a uique secret s ad idetificatio ID, ad the reader has a database D storig all pairs of ( s, ID. As the protocol show i Figure 2, AMULET ivolves the followig steps: 1. The reader chooses a radom umber R 1 {0,1 }, curret time T 1, ad calculates f s ( R 1. All R 1, T 1 ad f s ( R 1 are the set to the tag, icludig a Hello bit to idicate the begiig of the autheticatio process. 2. Whe the tag receives a Hello packet, it chooses a radom umber R 2 {0,1 }, curret time T 2, ad calculates α = ID f s ( R1,,. f s is a pseudo radom fuctio (PRF. The R 2, T 2 ad α are the set back to the reader. The tag also saves oe copy of R 2 ad T 2 i its storage. 3. Wheever the reader receives R 2, T 2 ad α, firstly it checks whether ID = α f s ( R1,, or ot. If the coditio is satisfied ad T 2 > T1, it the picks curret time T ow, calculates β = ID f s ( R1,,( Tow ad seds both T ow ad β together to the tag alog with a Ack bit idicatig the ackowledgemet. Meawhile, the reader updates origial ( s, ID pair to ( s, ID, R 2,. 4. The tag the verify it by checkig ID = β f s ( R1,, ad f s ( R1,,( Tow. If both coditios are satisfied, the autheticatio succeeds. Sice it is harder to eavesdrop o the chael from tag to reader tha from the reader to

tag, AMULET ca provide security agaist passive eavesdroppig o the reader-to-tag lik. A commo attack to autheticatio protocols is ma-i-the-middle attack. AMULET has the ature to resist such a attack. I AMULET, the reader will sed a radom umber R 1 to the tag. The the tag chooses R 2 {0,1 } ad curret time T 2 ; calculates α = ID f s ( R1,, ; sed them all back to the reader. If a attacker tries to perform ma-i-the-middle attack, he ca eavesdrop o R 1, R 2, T 1, T 2 ad α = ID f s ( R1,,. However, sice the attacker does ot kow the secret key s, he ca ot modify f s ( R1,,. Therefore, ma-i-the-middle attacks will ot success. Therefore, our protocol ca provide security agaist ma-i-the-middle attacks. We will formally prove this property i sectio 4. RFID - reader ( S, ID Hello, R1 Data stored i RFID,, α = ID f s ( R1,, Database Update ( S, ID, R 2, Ack, T = ( Tow, β = ID f s ( R1,, T Datastoredi Database Figure 2: AMULET architecture. Wheever a reader wats to sed commads to autheticated tag, the autheticatio process does ot eed to reru agai. After autheticatio process, reader s database will update origial ( s, ID pair to ( s, ID, R 2,. As show i Figure 3, the autheticated commad ca be verified by the followig two steps: 1. A ew reader ca query the database ad retrieve ( s, ID, R 2,. Whe a reader retrieves ( s, ID, R 2, istead of ( s, ID, it the kows that the tag with this ID is autheticated by aother reader before. As a result, it chooses a radom umber R 1 {0,1 }, curret time T ow ad calculates β = ID f s ( R1,, Tow. The reader the seds its commad Cm d alog with R 1 ad β to the tag. 2. Whe the tag receives Cm d, R 1 ad β, it checks if ID = β f s ( R1,,( Tow ad f s ( R1,,( Tow = β ID. If both coditios are satisfied, the the tag ca execute Cm d. Otherwise, the tag drops it directly. RFID - reader ( S, ID, R 2, T 2 Cmd, Tow, R1, β = ID f s ( R1,,( Tow Figure 3: Commads verificatio without re-autheticatio process. I this way, the re-autheticatio cost ca be reduced. Also, replay attacks ca be solved by checkig whether T ow is expired ad f s ( R1,,( Tow is sustaied or ot. Therefore, both ma-i-the-middle attacks ad replay attacks caot succeed. 3. ASSART To maitai data privacy, oe approach is to ecrypt all attributes so that attackers caot decrypt it ad get that data. However, traditioal cryptographic ecryptio is ot feasible i tags ad sesor odes because their computatio capability is limited. Moreover, it is hard to search o ecrypted data. To solve the problem, we propose A Secret SeARch protocol (ASSART. ASSART saves origial data ito a secret form, ad allow authorized readers to search secret data o tags so that o private iformatio will be disclosed durig trasmissio or query processes.

Basically each tag ca store data related to the target. Each characteristic of the target correspods to a attribute of the target. As a example, a tag attached to a book may store the book ID, book title, authors, check-i ad check-out time, borrower IDs, etc. Therefore, the status of a target ca be formally described as B = ( Attr1, L AttrN, where N is the umber of attributes. Some attributes are persoal privacy ad should ot be exposed to uauthorized readers or attackers. As show i Figure 4, ASSART ivolves the followig steps: Figure 4: ASSART operatios for attribute. 1. For a attribute Attr, the reader first geerates H ( s, by iteratively hashig s, R for times, where idicates the umber of sequetial order of Attr. ( 2 2. The reader geerates H ( Ei by iteratively hashig E i for times. 3. The reader calculates f s ( N,, ad cocateates it with N. Let λ = N f ( N, R,., s 2 4. The trasformed attribute Att r = Attr H ( Ei λ. The reader the overwrites Attr by Att r. Figure 5: ASSART operatios. After every attribute is overwritte, attackers will lear othig from the ecrypted data eve they have readers. Sice is differet i all attributes, each attribute geerates differet. With differet H ( s,, eve if some attribute values happe to be the same, it will geerate differet ecrypted attribute values. This will keep attributes private ad secure. Figure 5 shows the overview of ASSART operatios. For authorized readers, wheever a trasformed attribute Att r is give, they ca iversely-trasform it to Attr by computig: Attr = H ( Ei N, f s ( N,,. Sice authorized readers ca retrieve ( S, from the database, they ca easily calculate Attr without exposig sesitive ad private data durig wireless trasformatio. A major cotributio of ASSART is that it ca maitai the rest of attributes private, eve if some attributes are compromised. Sice f s ( N,, varies accordig to differet 1 1, ( + 1 = Attr( + 1 H + ( Ei ( N, f s ( N,, H + ( s, will remai secure eve whe f s ( N,, is compromised. This will keep the rest of attributes ucompromised. For searchig a attribute Attr i a sesor ode, the RFID-reader does ot sed Attr i plaitext durig query process. Istead, the RFID-reader broadcasts

Attr H ( Ei to all sesor odes. The each sesor ode calculates Att r by = Attr H ( Ei N, f s ( N,, with its ow s, R 2 ad all ' s. The reaso why each sesor ode eeds to calculate Att r with all ' s is because the sesor ode does ot kow what exactly is. If ay sesor ode fids the Att r, it returs Att r, = 1,2, L, to the RFID-reader. Sice data are ecrypted, data secrecy ad privacy ca be attaied durig trasmissio processes. 4. Security Aalysis I this sectio, we first show AMULET is secure uder ma-i-the-middle attacks. Secod, security aalysis i terms of the resources eeded to break the secret search protocol is discussed. We classify ma-i-the-middle attacks ito three types. Type-1 attack modifies R 1 oly, type-2 attack modifies R 2 oly, ad type-3 attack modifies R 1, R 2, ad α. We will show that these three types of attacks caot work i our autheticatio protocol. Before we start our proof, several defiitios ad theorems is give below. Def 1: (Istace Sice the status B of a target is composed of the target s ID ad attributes, B ca be formally described as B = ( IDB, Attr1, L AttrN. A istace X B is defied as X B = ( Attr1, L, AttrN, ad a verificatio fuctio V f is defied as V ( X = Attri. f B i= 1 Def 2: (Distiguishable Two istaces of a target are distiguishable if they are differet i ay attributes. Def 3: (R-Breakable Let a istace X B = ( Attr1, L, AttrN If X B ca be derived from R ( R N attributes, the it is R-Breakable. Uder the same coditio, a system is R-Breakable if it eeds R resources to break the system. RFID - reader RFID - reader ( S, ID, R 2, RFID - reader Attacker ( S, ID, R 2, T 2 Attacker ( S, ID, R 2, T 2 Attacker R1 R1 R1 R1 R1, T1 R1 T,, (,,,, α = ID f s ( R1,, 2 α = ID f s R1 R1 R 1,, α = ID f s ( R1,, f s ( R1,, f s ( R1,,,, α = ID f s ( R1,,,, α = ID f s ( R1,, R1 R 1 f s ( R1,, f s ( R1,, ID ID Figure 6: Type-1, Type-2 ad Type-3 ma-i-the-middle attacks (left to right Type-1 attacker, show i Figure 6, eavesdrops o R 1, geerates a false value R 1 ad delivers it to the tag. The tag the uses R 2 to geerate α = ID f s ( R1,, ad trasmits R 2, T 2 ad α back to the reader. Sice R 1 R1, the reader will fid that f s ( R1, R 2, f s ( R1,,. Therefore the readers ca prevet type-1 ma-i-the-middle attacks. Type-2 attacker eavesdrops o R 2, geerates a false value R 2, ad trasmits R 2 ad α back to the reader. Sice R 2, the reader will fid that f s ( R1, R 2, f s ( R1,,. Therefore the readers ca prevet type-2 ma-i-the-middle attacks. Type-3 attacker geerates false R 1, R 2, ad α back to the reader ad the tag separately. Sice s is kept i secret, the reader will fid that f s ( R1, R 2, f s ( R1,, ad ID ID. Therefore, type-3 ma-i-the-middle attacks will fails. For ASSART protocol, we will prove their security stregth i terms of the secrecy of attributes. I ASSART, the Att r ca be calculated by the followig equatio = Attr H ( Ei ( N, f s ( N,, (Eq. 1 Theorem 1 proves that it takes both s ad R 2 to compromise Att r. Theorem 1: Let T = f N, R,. T is s, R -breakable. s ( 2 ( 2

Proof: Sice N ad may be eavesdropped by attackers, oly s ad R 2 are kept secret. Therefore, attackers eed to compromise both s ad R 2 to compromise T. Therefore T is ( s, -breakable. To evaluate the security stregth of a system, a approach is to verify the umber of resources eeded to compromise the system. It is show i the theorem that it eeds both s ad R 2 to compromise a attribute. A istace is a collectio of all attributes of a tag. The security stregth of a istace is defied as the umber of attributes eeded to be compromised. As more attributes are distiguishable, higher security level ca be attaied. Theorem 2: For all Att r I, J, where I J ad X is a istace composed of Att r I ad Att r J, X = V f ( I, J. There does ot exist Att r I, J, such that V f ( I, J = V f ( I, J Proof: Let AttrI ad AttrJ are two origial attributes ad I > J. Att r I ad Att r J are trasformed attributes, ad X = V f ( I, J. If the attacker geerates Att r I ad Att r J, we will prove that it caot satisfies X = V f ( I + J. Sice X = V f ( I + J, therefore I I J J X = ( AttrI H ( Ei ( N, fs( N, ( + ( AttrJ H ( Ei ( N, fs( N, (. Oe major property i our data trasformatio protocol is that AttrI ca be used to autheticate AttrJ by checkig followig equatio. J J I I = H ( (Eq. 2 Therefore if attacker geerate Att r I ad Att r J, H I ( s, ad H J ( s, ca be calculated by the followig two equatios. I I AttrI = N, f s ( N,, (Eq. 3 J J AttrJ = N, f s ( N,, (Eq. 4 Sice s ad R 2 are kept secret oly betwee authorized readers ad tags, the attackers caot geerate false H I ( s, ad H J ( s,. Therefore, two attributes are distiguishable. Sice ay two attributes are distiguishable, eve attackers ca geerate differet attributes, the attackers caot cheat readers. Next, we will show that a istace of a target B is N-breakable ad distiguishable, where N is the umber of attributes of B. Theorem 3: Let V ( B = Attri = 1+ 2 + L+ Attr N. B is N-breakable ad f i= 0 distiguishable. Proof: Let B = ( Attr1, L, AttrN ad B be the data after trasformatio ad B = ( 1, 2, L, N. We prove N-breakable property of a istace by iductio. Let N = 2. Accordig to theorem 2, it is show that B is 2-breakable. Suppose whe N=P, B is P-breakable. We wat to prove B is P-breakable whe N=P+1. Without lost of geerosity, we assume that B = ( Attr1, L, AttrN ad B is P-breakable. Without lost of geerosity, let B1 = ( Attr1, L, AttrN, AttrN + 1. From theorem 2, we kow that every two attributes are distiguishable. Therefore, AttrN + 1 ad AttrM are 1 distiguishable for M = 1,2, LN by verifyig H N + s, R ad ( 2 1 2 N,, L, respectively. Sice all N+1 attributes are distiguishable, it is proved that a istace of a target is N-breakable. If the ew attribute Attr is iserted betwee Attr 1 to AttrN, Attr ca be verified

by both its previous attribute Attr ( 1 ad it followig attributes Attr + 1 by the followig equatios: 1 H R = R (Eq. 5 H ( 2 2 + 1 ( = (Eq. 6 If both eq.5 ad eq.6 are satisfied, the added attributed Attr is valid. Otherwise, Attr is ivalid ad should be discarded. Theorem 3 idicates that attackers eed to compromise all attributes to cheat readers. If oly a portio of attributes are compromised, still the reader ca verity it. 5. Coclusio I this paper, we preset a AREIS architecture to solve the distace limitatio problem i RFID applicatios. Targets at a distace still ca be moitored with the assistace of RFID-aware sesor odes. A autheticatio protocol, AMULET, is also proposed to mutually autheticate readers ad tags. AMULET ca resist ma-i-the-middle attacks ad reduce re-autheticatio overhead. Fially we propose a search protocol, ASSART, to search o secret data. Iformatio will ot be disclosed durig the search process. ASSART uses a key chai to improve data security. Eve if some attributes are compromised; the rest of attributes are still kept i private. 6. Refereces [1] B. Chor, O. Goldreich, E. ushilevitz, ad M. Suda, Private Iformatio Retrieval, I Proceedigs Joural of the ACM, pp.965-981, 1998. [2] D. Sog, D. Wager, ad A. Perrig, Practical Techiques for Searches o Ecrypted Data., I Proceedigs of IEEE Symposium o Security ad Privacy, pp.44-55, 2000. [3] David Molar ad David Wager, Privacy ad Security i Library RFID Issues, Practices, ad Architectures, I Proceedigs of ACM Coferece o Computer ad Commuicatio Security, pp.210-219, 2004. [4] Estri, D., Govida, R., Heidema, J., umar, Next Cetury Challeges: Scalable Coordiatio i Sesor Networks. I Proceedigs of the 5 th aual ACM/IEEE Iteratioal Coferece o Mobile Computig ad Networkig, pp.263-270, 1999. [5] H.-M. Su ad S.-P. Shieh, A Efficiet Ccostructio of Perfect Secret Sharig Schemes for Graph-based Access Structures, I Proceedigs of Computers ad Mathematics with Applicatios, pp.129-135, 1996 [6] Jaa va Greue ad Ja Rabaey, Lightweight Time Sychroizatio for Sesor Networks, I Proceedigs of the 2 d ACM Iteratioal Coferece o Wireless Sesor Networks ad Applicatios, pp.11-19, 2003. [7]. Beett, C. Grothoff, T. Horozov, ad I. Patrascu, Efficiet Sharig of Ecrypted Data, I Proceedigs of the 7th Australia Coferece o Iformatio Security ad Privacy, pp.107-120, 2002. [8] Lauret Escheauer, Virgil D. Gligor, A key-maagemet scheme for distributed sesor etworks, I Proceedigs of the 9 th ACM Coferece o Computer ad Commuicatio Security, pp.41-47, 2002. [9] Saurabh Geeriwal, Ram umar ad Mai B. Srivastava, Time-syc Protocol for Sesor Networks, I Proceedigs of the 1 st Iteratioal Coferece o Embedded Networked Sesor Systems, pp.138-149, 2003. [10] Srisathaporphat, C., Jaikaeo, C., Chie-Chug She, Sesor Iformatio Networkig Architecture, I Proceedigs of Iteratioal Workshop o Parallel Processig, pp.92-95, 2000. [11] Stephe A. Weis, Sajay E. Sarma, Roald L. Rivest, ad Daiel W. Egels, Security ad Privacy Aspects of Low-Cost Radio Frequecy Idetificatio Systems, I Proceedigs of Pervasive Computig, pp.201-212, 2004.

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback