With the increased popularity of RFID applications, different authentication schemes have been proposed to provide security and privacy protection for users. Most recent RFID protocols use a central database to store the RFID tag data. The RFID reader first queries the RFID tag and returns the reply to the database. After authentication, the database returns the tag data to the reader. In this paper, we propose a more flexible authentication protocol that provides comparable protection without the need for a central database. We also suggest a protocol for secure search for RFID tags. We believe that as RFID applications become widespread, the ability to securely search for RFID tags will be increasingly useful.

Abstract not found

Abstract. The cheap and convenient RFID tag is revolutionising supply chain management. More accurate tracking of goods allows for more efficient use of delivery resources and the ability to account for every single manufactured item from the factory to the consumer. Within such restricted environments there is little need, and therefore no drive, towards supporting more than the most basic security features. Beyond the supply chain, however, two factors come into play: (1) the adversarial threat changes and (2) mechanisms for closed environments may become unsuitable. In anticipation of new and widely-deployed applications for RFID tags, we present the results of a prototype FPGA-based implementation of the GPS scheme, an established and ISO-standardised public key technique. The prototype implementation includes all tag and reader functionality as well as a wireless interface. With this prototype, the complete tag authentication process takes 200ms while only 2600 GE are required to support the on-tag cryptography. 1

We define three privacy-preserving solutions to the problem of distributing secrets between manufacturers and vendors of items labeled with Electronic Product Code (EPC) Gen2 tags. The solutions rely on the use of an anonymous threshold secret sharing scheme that allows the exchange of blinded information between readers and tags. Moreover, our secret sharing scheme allows self-renewal of shares with secret preservation between asynchronous shareholders. The first two solutions address the eavesdropping and rogue scanning threats. The third solution mitigates as well tracking threats. 1

Abstract. RFID-tags can be seen as a new generation of bar codes with added functionality. They are becoming very popular tools for identification of products in various applications such as supply-chain management. The widespread deployment of RFID technology will depend to a large extent on its acceptance by the general public. Thus, developing privacy and security technologies specifically suited to the constrained environment of RFID tags continues to be a key problem. In this paper, we introduce several new mechanisms that are cheap to implement or integrate into RFID tags and that at the same time enhance the security of the tags and the privacy of the individual carrying the tags. These new mechanisms are based on physical principles alone or on their combination with cryptographic methods. We also review previous works that use physical principles to provide security and privacy in RFID systems.

Abstract In this paper, we propose a technique for certifying encounter information with acquaintances in wireless sensor networks. In our technique, we assume that each user holds a small low power sensor with a short range wireless communication device such as ZigBee, and that multiple sensors called landmarks, which provide accurate location and time, are sparsely distributed in the target area. Each user’s sensor stores encounter information obtained from other users and landmarks in its memory, and it sends those information to its local server when it meets with landmarks which are connected to the Internet. At the same time, we assume that each user registers his/her private key and the list (called friend list) of his/her acquaintances in the Certification Authority (CA) server. When each user sends his/her encounter information to CA, CA informs the digital evidence about when and whom each user has met. In order to keep privacy of each encountered person, if an encountered person does not register the user’s name in his/her friend list, the user cannot know that the user has met with the encountered person. Thus, our technique guarantees anonymity and unlinkability of encounter information by using a hash function and symmetric-key encryption. We have implemented the proposed technique using a hash function SHA-1 on MOTE and confirmed efficiency of the proposed technique through experiments. In addition, we have theoretically analyzed its low energy consumption and practical ability about traceability.

Abstract. The design and implementation of security threat mitigation mechanisms in RFID systems, specially in low-cost RFID tags, are gaining great attention in both industry and academia. One main focus of research interests is the authentication and privacy techniques to prevent attacks targeting the insecure wireless channel of these systems. Cryptography is a key tool to address these threats. Nevertheless, strong hardware constraints, such as production costs, power consumption, time of response, and regulations compliance, makes the use of traditional cryptography in these systems a very challenging problem. The use of low-overhead procedures becomes the main approach to solve these challenging problems where traditional cryptography cannot fit. Recent results and trends, with an emphasis on lightweight techniques for addressing critical threats against low-cost RFID systems, are surveyed.

In this survey we take a look at different approaches proposed in the literature for addressing the privacy and security issues derived from the Radio-Frequency IDentification (RFID) deployment. We concentrate on the lack of privacy that RFID users can suffer from, and we elaborate on how the security in the communications between RFID devices can be assured. The main goal of this brief survey is giving a concise classification of the most relevant privacy protection protocols applied to RFID technology. For the sake of brevity and clarity, only the most relevant approaches are selected and classified according to the computational power of the utilised passive devices (i.e. the tags).

Abstract. The field of lightweight cryptography has developed significantly over recent years and many impressive implementation results have been published. However these results are often concerned with a core computation and when it comes to a real implementation there can be significant hidden overheads. In this paper we consider the case of cryptoGPS and we outline a full implementation that has been fabricated in ASIC. Interestingly, the implementation requirements still remain within the typically-cited limits for on-the-tag cryptography. 1

We address security solutions to protect the communication of the wireless components of a home health care system. We analyze especially the problem of exchanging secrets to satisfy authentication of entities. We outline some important aspects that must be guaranteed given the existence of low-cost and resource-constrained RFID components. Appropriate solutions must, therefore, enable several nodes, with different computing and communicating capabilities, to securely interact and communicate.