| RFID is one of the core technologies for Io T. However, the key technical difficulties are to how to solve the security, privacy and scalability problems in RFID authentication protocols under Io T environment. Nowadays, there are some problems as following: most protocols do not achieve indistinguishability and scalability, cannot be executed by efficient automation testing; Especially the OT protocols lack the perfect security model in view of the practical environment. Therefore, the design and analysis of protocols have more realistic significance under the perfect model. This dissertation focuses on the security and privacy problems for the low-cost RFID authentication protocols by summarizing the existing protocols. All of the research results are described as follows:(1) This dissertation proposes two definitions based on indistinguishability theory, such as strong indistinguishability and weak indistinguishability. EOHLCAP protocol and EMAP protocol are analyzed by these definitions. Then, EMAP+ protocol is proposed. EOHLCAP protocol does not achieve strong indistinguishability and suffers from tracing attacks. In addition, EMAP protocol does not meet weak indistinguishability and suffers from tracing attacks. In order to solve these problems, this dissertation presents the EMAP+ protocol which meets strong indistinguishability and weak indistinguishability, resists tracing attacks and Do S attacks, and improves efficiency and scalability.(2) Since the existing authentication protocols(especially the OT protocol) lack complete security model, this dissertation presents the untraceability model by using the defines of the forward untraceability, backward untraceability and strong forward untraceability. Three improved RFID protocols are proposed respectively and have been safety analysis under untraceability model and compared with other protocols. This dissertation analyzes the problems of RFID protocols under untraceability model. For instance, NRS+ protocol suffers from reader impersonation attacks, Do S attacks and tracing attacks; ACSP+ protocol suffers from reader impersonation attacks, Do S attacks and forward traceability. In order to solve the problems, the improved NRS++ protocol and ACSP++ protocols are proposed respectively, achieve the forward and backward traceability under untraceability model, and resist replay attacks, Do S attacks, tracing attacks, reader and tag impersonation attacks. Subsequently, in view of the ownership transfer in the practical application environment, the definition of strong forward untraceability is proposed to enhance the untraceability model. Although Doss et al. presented the OT protocols based on quadratic residues which meet the strong forward untraceability, their potocols are lack of data integrity authentication, suffer from impersonation attacks and desynchronization attacks. In order to solve these problems, the improved LOTRP protocol is proposed. LOTRP protocol not only meets backward untraceability and the proposed strong forward untraceability, but also resists against replay attacks, tracing attacks, inner reader malicious impersonation attacks, tag impersonation attacks and desynchronization attacks. The comparisons of security and performance properties show that LOTRP protocol has more security, higher efficiency and better scalability compared with other schemes.(3) Since the existing heuristic analysis of security protocol cannot implement automatic detection, this dissertation introduces the formal code method to achieve the efficient and security automatic analysis of RFID protocol. Then, two RFID protocols are analyzed using the formal code method, which shows that two protocols both suffer from key disclosure attacks. The analysis results are listed as following: the formal code analysis method is more efficient and accurate than the traditional heuristic analysis method, and implements the automatic security detection of protocols.(4) In order to solve the insecurity problems of existing lightweight protocols and add scalability of security framework, this dissertation presents security and scalable SRSFP+ protocol supporting Io T. SRSFP protocol presents security check handoff(SCH) for RFID systems. However, this dissertation points out that SRSFP protocol suffers from tag impersonation attacks, reader impersonation attacks and tracing attacks, and does not achieve strong forward untraceability. Then the improved SRSFP+ protocol is proposed, which adapts SCH technique to speed up re-clearance of tags. Finally, SRSFP+ protocol meets the forward untraceability, backward untraceability and strong forward untraceability under the untraceability model. The comparison results show that the improved protocol offers better security and scalability than the existing protocols.
|
PDF Full Text Request