Font Size: a A A

Analysis And Design Of RFID Security Protocols In The Internet Of Things

Posted on:2017-05-15Degree:DoctorType:Dissertation
Country:ChinaCandidate:B Q YuanFull Text:PDF
GTID:1108330485460298Subject:Information security
Abstract/Summary:PDF Full Text Request
RFID (radio frequency identification) is an automatic identification and data capture technology. When a tag is attached to or embedded in a target object, the object can be identified by a reader without directly touching. With the increasing attention to the IoT (Internet of things) around the world, as the key technology of the perceptual layer in IoT, RFID technology has considerable development no matter on the technology level or on the application scope. Now, RFID systems have been widely applied to many fields such as product management, transportation payments, logistics management and ticket management.RFID tags generally have limited memory capacity and processing ability. Furthermore, a RFID reader and a RFID tag communicate with each other via an open wireless channel. Therefore, RFID systems are vulnerable to various security threats, such as eavesdropping attacks, replay attacks, privacy attacks. To design and apply efficient and secure RFID protocols is the important guarantee for realizing the security of RFID systems. In this thesis, several types of RFID security protocols are analyzed and designed, including the ownership transfer protocol for a single tag, the grouping-proof protocol for RFID tags, the group ownership transfer protocol for RFID tags, and the cloud-based RFID ownership transfer protocol. The main research achievements are as follows:(1) With the ownership transfer of an object, the ownership of the RFID tag attached to the object also requires to be transferred. Security and privacy are the key issues while researchers studying the process of RFID tag ownership transfer. A novel lightweight ownership transfer protocol for a single RFID tag is proposed. Then, in the UC (universally composable) framework, an ideal functionality for RFID tag ownership transfer is formally defined. Subsequently, it is proved that the proposed protocol realizes the previously defined ideal functionality and satisfies the required security properties such as mutual authentication, tag anonymity, resistance to de-synchronization attacks, forward privacy protection and backward privacy protection. Compared with the existing ownership transfer protocols for a single RFID tag, the computational complexity and the storage requirements of the new protocol are all lower. Meanwhile, the number of interaction among the entities is small. Therefore, the new protocol can efficiently implement the ownership transfer of the low-cost tags.(2) A grouping-proof protocol is to generate a proof that two or more tags have been scanned simultaneously by a reader. Security and efficiency are the core issues when designing a grouping-proof protocol. In this thesis, we analyze the security model of a grouping-proof protocol. Then, a novel offline grouping-proof protocol is proposed based on the model. The protocol is reading order-independent, that is, once received messages from the reader, each tag in the group can start the computation simultaneously. Therefore, the protocol is highly efficient. In addition, the pseudorandom number generator is mainly used on the tag to generate the partial grouping-proof, which makes the protocol suitable for application scenario of low-cost tags. Subsequently, after analyzing a typical reading order-dependent protocol, we show that the protocol is vulnerable to de-synchronization attacks and active attacks. Then, we propose an improved scheme to fix these flaws. Compared with the original protocol, the new scheme maintains the similar performance and improves the security greatly.(3) In some applications, it is often needed to simultaneously transfer the ownership of a group of RFID tags in a session. However, most of the existing group ownership transfer schemes for RFID tags generally require the support of a trusted third party and the help of a grouping-proof protocol to realize the ownership transfer of a group of tags. In this thesis, we design a secure and efficient group ownership transfer protocol for RFID tags. The novel protocol supports simultaneous ownership transfer of a group of RFID tags without a trusted third party. Then, in the UC framework, an ideal functionality capturing the secure group ownership transfer for RFID tags is formally defined. Subsequently, we prove that the new protocol realizes the above defined ideal functionality.(4) Nowadays, RFID systems have been widely used in various kinds of applications. However, with the increasing growth of the application scale of RFID tags, the traditional RFID systems cannot meet the practical requirements due to the limited computational capacity and inefficiency in mass data management. To solve these issues, cloud-based RFID architecture for scalable RFID systems has been introduced in recent years. In this thesis, we survey the security and privacy requirements for the cloud-based RFID tag ownership transfer, and present a novel ownership transfer protocol for RFID tag without a trusted third party in the cloud computing environment. In our protocol, the information associated with a tag is stored on the semi-trusted cloud, and the proxy re-encryption scheme is used on the cloud to create the new ownership relation for the tag. Furthermore, we define an ideal functionality capturing the secure ownership transfer for RFID tag based on the cloud. Subsequently, the new protocol is proved to be secure within the UC framework. Compared with the traditional ownership transfer schemes, our scheme has obvious advantages in deployment cost and scalability.
Keywords/Search Tags:Internet of things, RFID, universally composable, ownership transfer, grouping-proof, privacy protection
PDF Full Text Request
Related items