• Journal of Internet Computing and Services
• /
• v.12 no.6
• /
• pp.139-147
• /
• 2011

We proposed the secure and efficient passive RFID protocol which is based on one-way hash based low-cost authentication protocol (OHLCAP). The paper introduces OHLCAP and the vulnerabilities of OHLCAP and suggests security solutions by analyzing them. Afterwards, The paper presents the proposed protocol and demonstrates computational performance and security of the protocol. This protocol not only has the resistances against eavesdropping attack, impersonation attack, desynchronization attack, and replay attack but also provides untraceability and forward secrecy.

• The KIPS Transactions:PartC
• /
• v.19C no.1
• /
• pp.9-18
• /
• 2012

In 2010, Pedro et al. proposed RFID distance bounding protocol based on WSBC cryptographic puzzle. This paper points out that Pedro et al.'s protocol not only is vulnerable to tag privacy invasion attack and location tracking attack because an attacker can easily obtain the secret key(ID) of a legal tag from the intercepted messages between the reader and the tag, but also requires heavy computation by performing symmetric key operations of the resource limited passive tag and many communication rounds between the reader and the tag. Moreover, to resolve the security weakness and the computation/communication efficiency problems, this paper also present a new RFID distance bounding protocol based on WSBC cryptographic puzzle that can provide strong security and high efficiency. As a result, the proposed protocol not only provides computational and communicational efficiency because it requires secure one-way hash function for the passive tag and it reduces communication rounds, but also provides strong security because both tag and reader use secure one-way hash function to protect their exchanging messages.

• The KIPS Transactions:PartC
• /
• v.12C no.3 s.99
• /
• pp.309-316
• /
• 2005

Recently, RFID system is a main technology to realize ubiquitous computing environments, but the feature of the RFID system may bring about various privacy problem. So, many kinds of protocols To resolve this problem are researched. In this paper, we analyse the privacy problem of the previous methods and propose more secure and effective authentication protocol to protect user's privacy. Then we prove that the proposed protocol is secure and effective as we compare the proposed protocol with previous methods. The proposed protocol is based on Challenge-Response using one-way hash function and random number. The proposed protocol is secure against replay attack, spoofing attack and so on. In addition, the proposed protocol is proper for distributed database environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.13-26
• /
• 2006

RFID technology is evaluated as one of core technologies for ubiquitous environment, because of its various characteristics which barcode systems don't have. However, RFID systems have consumer's privacy infringement problems, such like information leakage and location tracing. We need RFID privacy protection protocols, that satisfy three essential security requirements; confidentiality, indistinguishability and forward security, in order to protect consumer's privacy perfectly. The most secure protocol, that satisfies all of the three essential security requirements, among existing protocols, is the hash-chain based protocol that Ohkubo proposed. Unfortunately this protocol has a big disadvantage that it takes very long time to identify a tag in the back-end server. In this paper, we propose a scheme to keep security just as it is and to reduce computation time for identifying a tag in back-end server. The proposed scheme shows the results that the identification time in back-end server is reduced considerably compared to the original scheme of Ohkubo protocol.

• The Journal of Korean Association of Computer Education
• /
• v.14 no.1
• /
• pp.175-185
• /
• 2011

Recently RFID systems have been introduced in place of barcode systems to industries such as logistics, distribution, and manufacturing. Due to security vulnerabilities in wireless communication between the reader and tags, however, the authentication protocols for the communication have also been researched extensively. In order to solve the vulnerability of previously proposed protocols, this paper thus proposes an authentication protocol that satisfies the security requirements in the RFID system and minimizes the quantity of computation such as random number generation, transmitting the micro-time of databases. In addition, it is expected that the proposed cross authentication protocol is safe against replay attack, spoofing attack, traffic analysis, and eavesdropping attack when it is applied to the RFID system. Also, it has advantages such as providing a high level of security at a lower manufacturing cost.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.71-82
• /
• 2011

The RFID system provides undeniable advantages so that it is used for various application. However recent RFID system is vulnerable to some attacks as eavesdropping, replay attack, message hijacking, and tag tampering, because the messages are transmitted through the wireless channel and the tags are cheap. Above attacks cause the tag and reader impersonation, denial of service by invalidating tag, and the location tracking concerning bearer of tags, A lot of RFID authentication protocol bas been proposed to solve the vulnerability. Since Weis, Sanna, Rivest, and Engel, proposed the bash-based RFID authentication protocol, many researchers have improved hash-based authentication protocol and recent bash-based authentication protocols provide security and desirable privacy. However, it remains open problem to reduce the tag identification time as long as privacy and security are still guaranteed. Here we propose a new protocol in which the tags generate the message depending on the state of previous communitions between tag and reader. In consequence, our protocol allows a server to identify a tag in a reasonable amount of time while ensuring security and privacy, To be specific, we reduced the time for the server to identify a tag when the last session finished abnormally by at least 50% compared with other bash-based schemes that ensure levels of security and privacy similar to ours.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.1-3
• /
• 2005

기존의 RFID 인증 프로토콜은 트래킹 공격이나 스푸핑 공격에 취약하다는 단점을 가지고 있다. 특히 해쉬기반이나 랜덤 해쉬기반 RFID 인증 프로토콜은 스푸핑 공격으로 인하여 태그와 리더간의 인증이 안전하지 못한 프로토콜이며 해쉬체인 RFID 인증 프로토콜은 리더인증이 곤란한 일방향 인증 프로토콜이다. 본 논문에서 제안하는 프로토콜은 해쉬함수와 RNG(난수생성기)만을 사용하기 때문에 저가의 수동형 RFID 시스템에서 구현이 가능할 뿐만 아니라, 트래킹 공격과 스푸핑 공격에 안전하고, 태그와 리더간의 양방향 인증이 가능한 RFID 인증 프로토콜이다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1508-1509
• /
• 2008

본 논문에서는 기존에 제안된 RFID 인증 프로토콜이 임의의 RFID 태그로 위장한 공격자로부터 스푸핑 공격을 당할 수 있음을 증명하고, 이러한 보안 문제점을 해결한 안전하고 효율적인 RFID 상호 인증 프로토콜을 제안한다. 제안한 RFID 상호 인증 프로토콜은 기존의 RFID 인증 메커니즘들이 가지고 있는 보안 문제점들을 해결할 뿐만 아니라, 스푸핑 공격에 대한 취약점을 해결하고, 해쉬함수 연산 오버헤드를 줄여줌으로써 빠른 인증 시간을 보장하여 더욱 강력한 안전성과 효율성을 제공한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.344-365
• /
• 2020

Providing security has been always on priority in all areas of computing and communication, and for the systems that are low on computing power, implementing appropriate and efficient security mechanism has been a continuous challenge for the researchers. Radio Frequency Identification (RFID) system is such an environment, which requires the design and implementation of efficient security mechanism. Earlier, the security protocols for RFID based on hash functions and symmetric key cryptography have been proposed. But, due to high strength and requirement of less key size in elliptic curve cryptography, the focus of researchers has been on designing efficient security protocol for RFID based on elliptic curves. In this paper, an efficient elliptic curve signcryption based security protocol for RFID has been proposed, which provides mutual authentication, confidentiality, non-repudiation, integrity, availability, forward security, anonymity, and scalability. Moreover, the proposed protocol successfully provides resistance from replay attack, impersonation attack, location tracking attack, de-synchronization attack, denial of service attack, man-in-the-middle attack, cloning attack, and key-compromise attack. Results have revealed that the proposed protocol is efficient than the other related protocols as it takes less computational time and storage cost, especially for the tag, making it ideal to be used for RFID systems.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.6C
• /
• pp.578-587
• /
• 2009

In 2005, Ko-Kim-Kwon pointed out Henrici-Muller's hash based RFID authentication protocol is insecure to location tracking attack, spoofing attack and Denial of Service attack. Then, they proposed a new RFID authentication protocol(3K-RFID) that can withstand these security problems. However, this paper shows that 3K-RFID authentication protocol is still not only vulnerable to spoofing attack and Denial of Service attack but also does not provide forward secrecy, and then proposes an improved secure I3K-RFID authentication protocol in order to resolve such problems.