| Radio Frequency Identification (RFID) is a non-contact and automated object identification technology that uses radio signal to identify an object carrying the identification information. Due to the automatic identification process and low-cost tag, RFID has found widespread use in many applications such as supply chain management, manufacturing, public information service industries and so on. It greatly enhances operational efficiency and reduces costs for enterprises and organizations.However, the security and privacy issues have raised people's concerns. These threats hamper the development of RFID application and also leave security vulnerabilities in existing application areas. The main concerns are security and privacy threats. Firstly, because of the use of wireless channel between tags and readers, communications can be easily attacked by eavesdropping, tampering, replay attack and so on. Secondly, when a tag responds with identification or personal information to an unauthentic reader interrogation without alerting its owner, it threatens information and location privacy of the tag owner. In most RFID systems, tags is typically designed to be inexpensive for mass distribution, thus they have limited memory capacity, computational and processing ability. These inherent limitations of low-cost tags could not afford the use of traditional cryptographic primitives which are costly in such environments.In this thesis, we focus on the wireless channel between a tag and a reader. We provide an in-depth analysis of the security and privacy threatens on communications between tags and readers, as well as the existing attacks. On this basis, we analyze the security requirements and countermeasures. We obtain the following achievements:First, we propose a mutual authentication protocol MAP designed for RFID system. The protocol prevents security and privacy threats in RFID system including replay attack, desynchronize attack and tag location tracking. It also provides forward security. Storage and computational performances are analyzed to prove our protocol provides better performance compared with related scheme.Second, considering requirement of tag ownership transfer in some applications, we design a lightweight RFID protocol OTLAP with ownership transfer. Our protocol not only prevents security and privacy threats in MAP, but also provides tag ownership transfer and resistance to tag killing attack. OTLAP has advantages of security and privacy while not scarifying the efficiency on tag-side, compared to the related works.Third, a mutual authentication and key exchange protocol AKEMAP for RFID system is proposed. The protocol provides secure authentication and authenticated key exchange for tag and reader in each session. It also provides backward and forward security. Security of this protocol is formally analyzed using the BAN logic. |
PDF Full Text Request