CSE4003Cyber SecurityDigitalAssignment – IGursimarKaur – 15BCE0765SarthakPatel – 15BCE0788RohanRoy – 15BCE0812 Problem13Writea survey paper on the various security algorithms used in RFID networks. Security Algorithmsused in RFID NetworksAbstractRFID systems allow thedetection of items with the assistance of tags attached efficiently without anyvisual or physical contact.
security algorithms used in RFID networks. Itbecomes necessary to study the security threats related with such systems.Unauthorized tag reading and eavesdropping poses threats via radio medium beingshared. As the mode of use of RFID’s is increasing, more threats appear.
Individuals travelling with RFID tags attached to their belongings can be tracked.Hence, in this survey paper we study the various algorithms and techniques bywhich such threats can be prevented or reduced in RFID systems. Cryptographicmechanisms cannot be applied directly to these systems due to cost issues andits limited size. Basically, a study of methods to be applied for preventingattacks on RFID systems.IntroductionRadio FrequencyIdentification (RFID) technology is challenged by numerous security and privacythreats that render the widespread of such an advantageous technology.
RFID systems confront anew set of challenges in providing security and privacy for individuals or organizationsagainst possible threats while they are accomplishing a great productivity gains.Since the communication between the tags and the reader is performed through anunsecure wireless channel, the transmitted data is vulnerable to attacks by unauthorizedreaders. However, the security threats encountered in RFID systems aredifferent from the security threats of traditional wireless systems.
So, to analyse the variousalgorithms that are used in RFID networks for their security, we first need toidentify the various types of security attacks and threats these RFID networkshave to face and withstand to function efficiently and without any errors.Security attacks onRFID networks:RFID security attacks canbe categorized into two main categories: privacy violations and security violations.In privacy violations, the attacker tries to harvest information from theobjects by eavesdropping to the communications between the object and the readeror by tracking them.
In security violations,an adversary counterfeits the behaviour of a tag or a reader for making undesirablecommunications. Such security attacks may target the physical tag, the communicationchannel between the tag and the reader, or the application or the system whichemploys the RFID technology.For RFID networks, wemostly need to deal with the RFID channel threats that exist when an attack targetsthe insecure channel between a reader and a tag. Since the RFID technology useswireless means of communication between the reader and the tag, RFID systems mayface eavesdropping, snooping,counterfeiting, playback, tracking threats, and other communicationsecurity issues that lead to privacy leaks.Also, these RFIDnetworks may also face system threats that mainly refer to the attacks on theflaws existing in the authentication protocol and encryption algorithm. The majorsystem threats for an RFID network are Counterfeitingand spoofing attacks, tracing and tracking, password decoding, and Denial ofService (DoS) attacks. Literature1RBS: Redundant Bit Security algorithm for RFID systems- RBSis a symmetric encryption algorithm for RFID systems.
RBS is based on insertingredundant bits into the original data bits. RBS provides both authentication andconfidentiality at the same time with low overhead in performance, area andpower consumption. This method is based on inserting the redundant bits intothe altered plaintext. 2 An AdvancedMutual-Authentication Algorithm Using AES for RFID Systems- This algorithmis an advanced mutual authentication protocol between a tag and the back-end databaseserver for a RFID system to ensure system security integrity. This protocol provides reader authenticationto a tag, exhibits forgery resistance against a simple copy, and prevents thecounterfeiting of RFID tags. Advanced mutual-authentication protocol uses an AESalgorithm as its cryptograph primitive. Since AES algorithm has a relativelylow cost, is fast, and only requires simple hardware, our proposed approach isfeasible for use in RFID systems.
In addition, the relatively low computationalcost of our proposed algorithm compared to those currently used to implementsimilar levels of system security makes the proposed system especially suitablefor RFID systems that have a large number of tags. This algorithm is able to prevent attacks like Man-in-the-Middle attack,Replay attack, Forgery of tags, and unwanted tracking of customers on RFIDsystems. 3 New Light-Weight Crypto Algorithmfor RFID- A new block cipher, DESL (DES Lightweight extension), which isstrong, compact and efficient. Due to its low area constraints DESL is especiallysuited for RFID (Radio Frequency Identification) devices. DESL is based on theclassical DES (Data Encryption Standard) design, however, unlike DES it uses asingle S-box repeated eight times. This approach makes it possible to considerablydecrease chip size requirements.
A light-weight implementation of DESL whichrequires 45% less chip size and 86% less clock cycles than the best AESimplementations is used with regard to RFID applications. 4 SCARS: Simplified Cryptographic Algorithm for RFID Systems- InRFID systems, to ensure message integrity, the actual message is usually hashedand transmitted to the receiver along with the encrypted message. However, itis a challenge for resource-constrained devices such as RFID systems to encrypta message using different algorithms. In this paper, a new symmetric keyencryption approach has been proposed that includes integrity as part of theencryption process for RFID systems.
With this approach, hash functions are notrequired to achieve message integrity, thus leading to computational efficiency. 5 Strong Authentication for RFID SystemsUsing the AES Algorithm- For RFID systems, this is a solution using strongsymmetric authentication which is suitable for today’s requirements regardinglow power consumption and low die-size. It is an authentication protocol whichserves as a proof of concept for authenticating an RFID tag to a reader deviceusing the Advanced Encryption Standard (AES) as cryptographic primitive. Challenge-response authentication(strong authentication) method with symmetric key is used in this approach.Symmetric methods work with one shared secret key. Authentication is done byproofing the possession of the secret key. Overall, it uses the standard AES Algorithmfor the security of the RFID system. 6RFID Security: Tiny Encryption Algorithm And Authentication Protocols- TEAis implemented on an FPGA (Field Programmable Gate Array) platform.
Twoprotocols are designed incorporating TEA and implemented using VHDL. TEA usessymmetric encryption; more specifically block ciphers where it encrypts a blockof data (64 bits) at a time using a 128-bit key. TEA is highly resistant todifferential cryptanalysis and claims to provide optimum security. 7 RSA Algorithm as a Data SecurityControl Mechanism in RFID- The solution proposed is an RSA password generatedquery to improve data security in RFID and ensure that data cannot be accessedby any random reader or attacker that is transmitting radio signal. Thisprevents hacking, modification and eavesdropping of data stored in tags by maliciousindividuals.
StudyMajor types of attacksinclude:1. Duplicatingand modifying the information tag stores, unauthorized reading of tags.2. Obtaininginformation and targeting identity of tag through eavesdropping transmissions. SecureTag identification AlgorithmDescription: There aretwo matrices M1 and M2 and their inverse matrices M1-1 and M2-1The tag has 2 p*pmatrices M1 and M2-1 .
The readercontains M2 and M1-1. Key k is sharedbetween the reader and tag. Key is of size vector q=rp. r is an integer.
Key kis always selected in a way such that X= M1K isunique for each tag. The session isinitiated when the reader contacts the tag. The reply provided by tag is X=M1K. The timer is started by the tag.
The product X helps inuniquely identifying the tag. On receiving X, it obtains all the rest of theinformation about tag and also the tagged time.The second phaseinvolves the reader authentication with the tag and sending the new key. Theauthentication process involves confirming with the tag that the key ispossessed by it.
The reader uses exclusive OR bitwise components of k andmultiplies with M2. The fresh key is given by Xnew M1-1.Both these vectors are sent to tag and it verifies the credentials of user andthen accepts. In cases of timeout in reader authentication process the processstarts again. Security: Thealgorithm’s security relies in the difficulty in finding the multiplier/multiplicand in the multiplication product of the matrices. This prevents thekey used by the reader and tag from being exposed to the intruder, whichfurther prevents the tag identification for unethical reasons.
This algorithmworks only for known cypher text attacks. Securitylayer for the prevention of attacks in RFIDAirinterface Theproposed work suggests RFID technology in the band of 13.56MHz.
The operationmode chosen is half-duplex using FSK modulation. The active tags have a lot ofenergy as they are connected to their own power source. Dataframe Datatransfer between tags and reader using 120 bits data-frame. CRC-32 is also usedfor error detection.Authentication ProtocolThescheme for authentication used in security layer is the mutual authenticationbased on three way handshaking model. Authenticationrequires two phases which include1.
The tagand the reader confirming each other’s identity to make sure to connect with thewished partner. 2. When datais exchanged between tag and the reader, ensuring that data is kept intact. Authenticationis required as the tag needs to ensure that the reader is legitimate.Otherwise, any unauthorized reader can get full access to tag’s data memory,and hence pose high security threats.
The reader also needs to make surewhether the tag in contact is reliable or not. Hence authentication of readerto tag is necessary. Mutualauthentication is when both the tag and reader ensure the identity of oneanother. It needs to be done before the exchange of the key and data.
The 3 mainauthentication methods are- (1) Password authentication which has weak securitylevel, (2) Customized and zero knowledge authentication, (3) Challenge responseis highly secure scheme and has two types- Symmetric and Asymmetric. This can be obtained by MAC( Message Authentication Codes) orkeyed hash functions. MACs guarantee the integrity of the message and preventsagainst attacks from intruders. Harsh environment have the high possibility ofintruders. Encryption Algorithm The limitations of RFID devices suggest use ofsymmetric-key encryption algorithms.
RC4 algorithm is suggested- one among themost used stream ciphers. The RC4 algorithm guarantees protection againsteavesdropping, one among the major threats in RFID networks. Bibliography1 Jeddi, Z., Amini, E.,& Bayoumi, M. (2012, July). Rbs: Redundant bit security algorithm for rfidsystems.
In Computer Communications and Networks (ICCCN), 2012 21stInternational Conference on (pp. 1-5). IEEE.2 Toiruul, B., & Lee, K. (2006). An advanced mutual-authenticationalgorithm using AES for RFID systems.
International Journal of ComputerScience and Network Security, 6(9B), 156-162.3 Poschmann, A., Leander, G., Schramm, K., & Paar, C. (2007, May).New light-weight crypto algorithms for RFID. In Circuits and Systems,2007.
ISCAS 2007. IEEE International Symposium on (pp. 1843-1846).IEEE.4 Narayanaswamy, J., Sampangi, R. V., & Sampalli, S.
(2014,September). SCARS: Simplified cryptographic algorithm for RFID systems.In RFID Technology and Applications Conference (RFID-TA), 2014 IEEE (pp.
32-37). IEEE.5 Feldhofer, M., Dominikus, S.
, & Wolkerstorfer, J. (2004,August). Strong authentication for RFID systems using the AES algorithm.In CHES (Vol. 4, pp.
357-370).6 Gilbert, S. (2009). RFID Security: TinyEncryption Algorithm and Authentication Protocols. Master Project,Ryerson University, Toronto, Canada.
7 Jonathan Sangoro. (2015). RSA Algorithm as a Data Security ControlMechanism in RFID