Enhancing the security of RCIA ultra-lightweight authentication protocol by using random number generator (RNG) technique
With the growing demand for low-cost Radio Frequency Identification (RFID) system, there is a necessity to design RFID ultra-lightweight authentication protocols to be compatible with the system and also resistant against possible attacks. However, the existing ultra-lightweight authentication pro...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | eng eng |
| Published: |
2015
|
| Subjects: | |
| Online Access: | https://etd.uum.edu.my/5628/1/s816376_01.pdf https://etd.uum.edu.my/5628/2/s816376_02.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-uum-etd.5628 |
|---|---|
| record_format |
uketd_dc |
| institution |
Universiti Utara Malaysia |
| collection |
UUM ETD |
| language |
eng eng |
| advisor |
Zakaria, Nur Haryani |
| topic |
T58.5-58.64 Information technology |
| spellingShingle |
T58.5-58.64 Information technology Yasear, Shaymah Akram Enhancing the security of RCIA ultra-lightweight authentication protocol by using random number generator (RNG) technique |
| description |
With the growing demand for low-cost Radio Frequency Identification (RFID) system, there is a necessity to design RFID ultra-lightweight authentication protocols to be compatible with the system and also resistant against possible attacks. However, the existing
ultra-lightweight authentication protocols are susceptible to wide range of attacks. This study is an attempt to enhance the security of Robust Confidentiality, Integrity, and Authentication (RCIA) ultra-lightweight authentication protocols especially with regard to privacy issue. In the RCIA protocol, IDs value is sent between reader and tag as a constant value. The constant value will enable attacker to trace the location of the tag which violates the privacy users. In order to enhance the security of RCIA protocol, Random Number Generator (RNG) technique has been used. This
technique relies on generating random numbers in the tag side, based on Bitwise operations. The idea of this technique is to change the IDs of a tag on every query session so that it will not stay as a constant value. The implementation of Enhanced RCIA has been conducted by using a simulation. The simulation provided the ability to show that the operations of RCIA protocol as to compare with the enhanced RCIA. The outcome shows that the enhanced RCIA outperforms existing one in terms of privacy. |
| format |
Thesis |
| qualification_name |
masters |
| qualification_level |
Master's degree |
| author |
Yasear, Shaymah Akram |
| author_facet |
Yasear, Shaymah Akram |
| author_sort |
Yasear, Shaymah Akram |
| title |
Enhancing the security of RCIA ultra-lightweight
authentication protocol by using random number generator (RNG) technique |
| title_short |
Enhancing the security of RCIA ultra-lightweight
authentication protocol by using random number generator (RNG) technique |
| title_full |
Enhancing the security of RCIA ultra-lightweight
authentication protocol by using random number generator (RNG) technique |
| title_fullStr |
Enhancing the security of RCIA ultra-lightweight
authentication protocol by using random number generator (RNG) technique |
| title_full_unstemmed |
Enhancing the security of RCIA ultra-lightweight
authentication protocol by using random number generator (RNG) technique |
| title_sort |
enhancing the security of rcia ultra-lightweight
authentication protocol by using random number generator (rng) technique |
| granting_institution |
Universiti Utara Malaysia |
| granting_department |
Awang Had Salleh Graduate School of Arts & Sciences |
| publishDate |
2015 |
| url |
https://etd.uum.edu.my/5628/1/s816376_01.pdf https://etd.uum.edu.my/5628/2/s816376_02.pdf |
| _version_ |
1747827960282349568 |
| spelling |
my-uum-etd.56282021-03-29T09:23:33Z Enhancing the security of RCIA ultra-lightweight authentication protocol by using random number generator (RNG) technique 2015 Yasear, Shaymah Akram Zakaria, Nur Haryani Awang Had Salleh Graduate School of Arts & Sciences Awang Had Salleh Graduate School of Arts and Sciences T58.5-58.64 Information technology With the growing demand for low-cost Radio Frequency Identification (RFID) system, there is a necessity to design RFID ultra-lightweight authentication protocols to be compatible with the system and also resistant against possible attacks. However, the existing ultra-lightweight authentication protocols are susceptible to wide range of attacks. This study is an attempt to enhance the security of Robust Confidentiality, Integrity, and Authentication (RCIA) ultra-lightweight authentication protocols especially with regard to privacy issue. In the RCIA protocol, IDs value is sent between reader and tag as a constant value. The constant value will enable attacker to trace the location of the tag which violates the privacy users. In order to enhance the security of RCIA protocol, Random Number Generator (RNG) technique has been used. This technique relies on generating random numbers in the tag side, based on Bitwise operations. The idea of this technique is to change the IDs of a tag on every query session so that it will not stay as a constant value. The implementation of Enhanced RCIA has been conducted by using a simulation. The simulation provided the ability to show that the operations of RCIA protocol as to compare with the enhanced RCIA. The outcome shows that the enhanced RCIA outperforms existing one in terms of privacy. 2015 Thesis https://etd.uum.edu.my/5628/ https://etd.uum.edu.my/5628/1/s816376_01.pdf text eng public https://etd.uum.edu.my/5628/2/s816376_02.pdf text eng public masters masters Universiti Utara Malaysia [1] S. A. Weis, "Security and privacy in radio-frequency identification devices," Massachusetts Institute of Technology, 2003. [2] F. Thornton and P. Sanghera, How to Cheat at Deploying and Securing RFID: Syngress, 2011. [3] S. A. Weis, "RFID (Radio Frequency Identification): Principles and applications," Retrived from www. eecs. harvard. edu/rfid-article. pd f on, vol. 1, 2011. [4] P. R. Agarwal and P. R. Agarwal, "RFID (Radio Frequency Identification) growth in daily life," International Journal of Scientific Engineering and Technology, vol. 1, pp. 71-78, 2012. [5] A. Alqarni, M. Alabdulhafith, and S. Sampalli, "A Proposed RFID Authentication Protocol based on Two Stages of Authentication," Procedia Computer Science, vol. 37, pp. 503-510, 2014. [6] United States Government Accountability Office, "Information Security: Radio Frequency Identification Technology in the Federal Government," Washington GAO-05-551, May 2005. [7] P. Peris-Lopez, J. C. Hernandez-Castro, J. M. Tapiador, and A. Ribagorda, "Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol," in Information security applications, ed: Springer, 2009, pp. 56-68. [8] H.-Y. Chien, "SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity," Dependable and Secure Computing, IEEE Transactions on, vol. 4, pp. 337-340, 2007. [9] M. Ohkubo, K. Suzuki, and S. Kinoshita, "Cryptographic approach to “privacy-friendly” tags," in RFID privacy workshop, 2003. [10] M. David and N. R. Prasad, "Providing strong security and high privacy in lowcost RFID networks," in Security and privacy in mobile information and communication systems, ed: Springer, 2009, pp. 172-179. [11] Y. Tian, G. Chen, and J. Li, "A new ultralightweight RFID authentication protocol with permutation," Communications Letters, IEEE, vol. 16, pp. 702-705, 2012. [12] U. Mujahid, M. Najam-ul-Islam, and M. A. Shami, "RCIA: A New Ultralightweight RFID Authentication Protocol Using Recursive Hash," International Journal of Distributed Sensor Networks, vol. 2015, 2015. [13] A. Juels and S. A. Weis, "Authenticating pervasive devices with human protocols," in Advances in Cryptology–CRYPTO 2005, 2005, pp. 293-308. [14] S. Kinoshita, M. Ohkubo, F. Hoshino, G. Morohashi, O. Shionoiri, and A. Kanai, "Privacy enhanced active RFID tag," Cognitive Science Research Paper-University of Sussex CSRP, vol. 577, p. 100, 2005. [15] S. Kumar and C. Paar, "Are standards compliant elliptic curve cryptosystems feasible on RFID," in Workshop on RFID Security-RFIDSec, 2006. [16] K. Rhee, J. Kwak, S. Kim, and D. Won, "Challenge-response based RFID authentication protocol for distributed database environment," in Security in Pervasive Computing, ed: Springer, 2005, pp. 70-84. [17] H.-Y. Chien, "Secure access control schemes for RFID systems with anonymity," in null, 2006, p. 96. [18] A. Juels, D. Molnar, and D. Wagner, "Security and Privacy Issues in Epassports," in Security and Privacy for Emerging Areas in Communications Networks, 2005. SecureComm 2005. First International Conference on, 2005, pp. 74-88. [19] J. Bringer, H. Chabanne, and E. Dottax, "HB^+^+: a Lightweight Authentication Protocol Secure against Some Attacks," in Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2006. SecPerU 2006. Second International Workshop on, 2006, pp. 28-33. [20] J. Munilla and A. Peinado, "HB-MP: A further step in the HB-family of lightweight authentication protocols," Computer Networks, vol. 51, pp. 2262-2267, 2007. [21] H.-Y. Chien and C.-H. Chen, "Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards," Computer Standards & Interfaces, vol. 29, pp. 254-259, 2007. [22] M. Hutter and J.-M. Schmidt, Radio Frequency Identification: Security and Privacy Issues 9th International Workshop, RFIDsec 2013, Graz, Austria, July 9-11, 2013, Revised Selected Papers vol. 8262: Springer, 2013. [23] X. Zhuang, Z.-H. Wang, C.-C. Chang, and Y. Zhu, "Security analysis of a new ultra-lightweight RFID protocol and its improvement," Journal of Information Hiding and Multimedia Signal Processing, vol. 4, pp. 166-177, 2013. [24] P. Peris-Lopez, J. C. Hernandez-Castro, J. M. Estévez-Tapiador, and A. Ribagorda, "LMAP: A real lightweight mutual authentication protocol for lowcost RFID tags," in Workshop on RFID security, 2006, pp. 12-14. [25] P. Peris-Lopez, J. C. Hernandez-Castro, J. M. Estevez-Tapiador, and A. Ribagorda, "EMAP: An efficient mutual-authentication protocol for low-cost RFID tags," in On the move to meaningful internet systems 2006: Otm 2006 Workshops, 2006, pp. 352-361. [26] T. Li, G. Wang, and R. H. Deng, "Security Analysis on a Family of Ultralightweight RFID Authentication Protocols," JSW, vol. 3, pp. 1-10, 2008. [27] T. Cao, E. Bertino, and H. Lei, "Security analysis of the SASI protocol," Dependable and Secure Computing, IEEE Transactions on, vol. 6, pp. 73-77, 2009. [28] G. Avoine, X. Carpent, and B. Martin, "Strong authentication and strong integrity (SASI) is not that strong," in Radio Frequency Identification: Security and Privacy Issues, ed: Springer, 2010, pp. 50-64. [29] H.-M. Sun, W.-C. Ting, and K.-H. Wang, "On the security of Chien's ultralightweight RFID authentication protocol," IEEE Transactions on Dependable and Secure Computing, pp. 315-317, 2009. [30] G. Avoine, X. Carpent, and B. Martin, "Privacy-friendly synchronized ultralightweight authentication protocols in the storm," Journal of Network and Computer Applications, vol. 35, pp. 826-843, 2012. [31] E. Taqieddin and J. Sarangapani, "Vulnerability analysis of two ultralightweight RFID authentication protocols: RAPP and gossamer," in Internet Technology And Secured Transactions, 2012 International Conference for, 2012, pp. 80-86. [32] K.-H. Yeh and N. Lo, "Improvement of two lightweight RFID authentication protocols," Information Assurance and Security Letters, vol. 1, pp. 6-11, 2010. [33] Z. Bilal, A. Masood, and F. Kausar, "Security analysis of ultra-lightweight cryptographic protocol for low-cost RFID tags: Gossamer protocol," in Network-Based Information Systems, 2009. NBIS'09. International Conference on, 2009, pp. 260-267. [34] M. Zubair, E. U. Mujahid, and J. Ahmed, "Cryptanalysis of RFID Ultralightweight Protocols and Comparison between its Solutions Approaches," Bahria University Journal of Information & Communication Technologies, vol. 5, pp. 58-63, 2012. [35] J. C. Hernandez-Castro, P. Peris-Lopez, R. C.-W. Phan, and J. M. Tapiador, "Cryptanalysis of the David-Prasad RFID ultralightweight authentication protocol," in Radio Frequency Identification: Security and Privacy Issues, ed: Springer, 2010, pp. 22-34. [36] D. F. Barrero, J. C. Hernández‐Castro, P. Peris‐Lopez, and D. Camacho, "A genetic tango attack against the David–Prasad RFID ultra‐lightweight authentication protocol," Expert Systems, vol. 31, pp. 9-19, 2014. [37] G. Avoine and X. Carpent, "Yet another ultralightweight authentication protocol that is broken," in Radio Frequency Identification. Security and Privacy Issues, ed: Springer, 2013, pp. 20-30. [38] W. Shao-hui, H. Zhijie, L. Sujuan, and C. Dan-wei, "Security analysis of RAPP an RFID authentication protocol based on permutation," College of computer, Nanjing University of Posts and Telecommunications, Nanjing, vol. 210046, 2012. [39] Z. Ahmadian, M. Salmasizadeh, and M. R. Aref, "Desynchronization attack on RAPP ultralightweight authentication protocol," Information processing letters, vol. 113, pp. 205-209, 2013. [40] G. Marsaglia, "Xorshift rngs," Journal of Statistical Software, vol. 8, pp. 1-6, 2003. [41] S. Vigna, "An experimental exploration of Marsaglia's xorshift generators, scrambled," arXiv preprint arXiv:1402.6246, 2014. [42] S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, "Security and privacy aspects of low-cost radio frequency identification systems," in Security in pervasive computing, ed: Springer, 2004, pp. 201-212. |