CSE4003 be tracked. Hence, in this survey paper we

CSE4003
Cyber Security

Digital
Assignment – I

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Gursimar
Kaur – 15BCE0765

Sarthak
Patel – 15BCE0788

Rohan
Roy – 15BCE0812

 

Problem
13

Write
a survey paper on the various security algorithms used in RFID networks.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Security Algorithms
used in RFID Networks

Abstract

RFID systems allow the
detection of items with the assistance of tags attached efficiently without any
visual or physical contact. security algorithms used in RFID networks. It
becomes necessary to study the security threats related with such systems.
Unauthorized tag reading and eavesdropping poses threats via radio medium being
shared. As the mode of use of RFID’s is increasing, more threats appear.
Individuals travelling with RFID tags attached to their belongings can be tracked.
Hence, in this survey paper we study the various algorithms and techniques by
which such threats can be prevented or reduced in RFID systems. Cryptographic
mechanisms cannot be applied directly to these systems due to cost issues and
its limited size. Basically, a study of methods to be applied for preventing
attacks on RFID systems.

Introduction

Radio Frequency
Identification (RFID) technology is challenged by numerous security and privacy
threats that render the widespread of such an advantageous technology.

RFID systems confront a
new set of challenges in providing security and privacy for individuals or organizations
against possible threats while they are accomplishing a great productivity gains.
Since the communication between the tags and the reader is performed through an
unsecure wireless channel, the transmitted data is vulnerable to attacks by unauthorized
readers. However, the security threats encountered in RFID systems are
different from the security threats of traditional wireless systems.

So, to analyse the various
algorithms that are used in RFID networks for their security, we first need to
identify the various types of security attacks and threats these RFID networks
have to face and withstand to function efficiently and without any errors.

Security attacks on
RFID networks:

RFID security attacks can
be categorized into two main categories: privacy violations and security violations.
In privacy violations, the attacker tries to harvest information from the
objects by eavesdropping to the communications between the object and the reader
or by tracking them.

In security violations,
an adversary counterfeits the behaviour of a tag or a reader for making undesirable
communications. Such security attacks may target the physical tag, the communication
channel between the tag and the reader, or the application or the system which
employs the RFID technology.

For RFID networks, we
mostly need to deal with the RFID channel threats that exist when an attack targets
the insecure channel between a reader and a tag. Since the RFID technology uses
wireless means of communication between the reader and the tag, RFID systems may
face eavesdropping, snooping,
counterfeiting, playback, tracking threats, and other communication
security issues that lead to privacy leaks.

Also, these RFID
networks may also face system threats that mainly refer to the attacks on the
flaws existing in the authentication protocol and encryption algorithm. The major
system threats for an RFID network are Counterfeiting
and spoofing attacks, tracing and tracking, password decoding, and Denial of
Service (DoS) attacks.

 

Literature

1
RBS: Redundant Bit Security algorithm for RFID systems- RBS
is a symmetric encryption algorithm for RFID systems. RBS is based on inserting
redundant bits into the original data bits. RBS provides both authentication and
confidentiality at the same time with low overhead in performance, area and
power consumption. This method is based on inserting the redundant bits into
the altered plaintext. 2 An Advanced
Mutual-Authentication Algorithm Using AES for RFID Systems- This algorithm
is an advanced mutual authentication protocol between a tag and the back-end database
server for a RFID system to ensure system security integrity. This protocol provides reader authentication
to a tag, exhibits forgery resistance against a simple copy, and prevents the
counterfeiting of RFID tags. Advanced mutual-authentication protocol uses an AES
algorithm as its cryptograph primitive. Since AES algorithm has a relatively
low cost, is fast, and only requires simple hardware, our proposed approach is
feasible for use in RFID systems. In addition, the relatively low computational
cost of our proposed algorithm compared to those currently used to implement
similar levels of system security makes the proposed system especially suitable
for RFID systems that have a large number of tags. This algorithm is able to prevent attacks like Man-in-the-Middle attack,
Replay attack, Forgery of tags, and unwanted tracking of customers on RFID
systems. 3 New Light-Weight Crypto Algorithm
for RFID- A new block cipher, DESL (DES Lightweight extension), which is
strong, compact and efficient. Due to its low area constraints DESL is especially
suited for RFID (Radio Frequency Identification) devices. DESL is based on the
classical DES (Data Encryption Standard) design, however, unlike DES it uses a
single S-box repeated eight times. This approach makes it possible to considerably
decrease chip size requirements. A light-weight implementation of DESL which
requires 45% less chip size and 86% less clock cycles than the best AES
implementations is used with regard to RFID applications. 4 SCARS: Simplified Cryptographic Algorithm for RFID Systems- In
RFID systems, to ensure message integrity, the actual message is usually hashed
and transmitted to the receiver along with the encrypted message. However, it
is a challenge for resource-constrained devices such as RFID systems to encrypt
a message using different algorithms. In this paper, a new symmetric key
encryption approach has been proposed that includes integrity as part of the
encryption process for RFID systems. With this approach, hash functions are not
required to achieve message integrity, thus leading to computational efficiency. 5 Strong Authentication for RFID Systems
Using the AES Algorithm- For RFID systems, this is a solution using strong
symmetric authentication which is suitable for today’s requirements regarding
low power consumption and low die-size. It is an authentication protocol which
serves as a proof of concept for authenticating an RFID tag to a reader device
using the Advanced Encryption Standard (AES) as cryptographic primitive. Challenge-response authentication
(strong authentication) method with symmetric key is used in this approach.
Symmetric methods work with one shared secret key. Authentication is done by
proofing the possession of the secret key. Overall, it uses the standard AES Algorithm
for the security of the RFID system. 6
RFID Security: Tiny Encryption Algorithm And Authentication Protocols- TEA
is implemented on an FPGA (Field Programmable Gate Array) platform. Two
protocols are designed incorporating TEA and implemented using VHDL. TEA uses
symmetric encryption; more specifically block ciphers where it encrypts a block
of data (64 bits) at a time using a 128-bit key. TEA is highly resistant to
differential cryptanalysis and claims to provide optimum security. 7 RSA Algorithm as a Data Security
Control Mechanism in RFID- The solution proposed is an RSA password generated
query to improve data security in RFID and ensure that data cannot be accessed
by any random reader or attacker that is transmitting radio signal. This
prevents hacking, modification and eavesdropping of data stored in tags by malicious
individuals.

Study

Major types of attacks
include:

1.     Duplicating
and modifying the information tag stores, unauthorized reading of tags.

2.     Obtaining
information and targeting identity of tag through eavesdropping transmissions.

 

Secure
Tag identification Algorithm

Description: There are
two matrices M1 and M2 and their inverse matrices M1-1 and M2
-1

The tag has 2 p*p
matrices M1  and M2
-1  . The reader
contains M2 and M1-1. Key k is shared
between the reader and tag. Key is of size vector q=rp. r is an integer. Key k
is always selected in a way such that X= M1K is
unique for each tag.

The session is
initiated when the reader contacts the tag. The reply provided by tag is X=
M1K. The timer is started by the tag. The product X helps in
uniquely identifying the tag. On receiving X, it obtains all the rest of the
information about tag and also the tagged time.

The second phase
involves the reader authentication with the tag and sending the new key. The
authentication process involves confirming with the tag that the key is
possessed by it. The reader uses exclusive OR bitwise components of k and
multiplies with M2. The fresh key is given by Xnew M1-1.
Both these vectors are sent to tag and it verifies the credentials of user and
then accepts. In cases of timeout in reader authentication process the process
starts again.

 

Security: The
algorithm’s security relies in the difficulty in finding the multiplier/
multiplicand in the multiplication product of the matrices. This prevents the
key used by the reader and tag from being exposed to the intruder, which
further prevents the tag identification for unethical reasons. This algorithm
works only for known cypher text attacks.

 

Security
layer for the prevention of attacks in RFID

Air
interface

The
proposed work suggests RFID technology in the band of 13.56MHz. The operation
mode chosen is half-duplex using FSK modulation. The active tags have a lot of
energy as they are connected to their own power source.

 

Data
frame

Data
transfer between tags and reader using 120 bits data-frame. CRC-32 is also used
for error detection.

Authentication Protocol

The
scheme for authentication used in security layer is the mutual authentication
based on three way handshaking model.

 

Authentication
requires two phases which include

1.     The tag
and the reader confirming each other’s identity to make sure to connect with the
wished partner.

2.     When data
is exchanged between tag and the reader, ensuring that data is kept intact.

 

Authentication
is required as the tag needs to ensure that the reader is legitimate.
Otherwise, any unauthorized reader can get full access to tag’s data memory,
and hence pose high security threats. The reader also needs to make sure
whether the tag in contact is reliable or not. Hence authentication of reader
to tag is necessary.

 

Mutual
authentication is when both the tag and reader ensure the identity of one
another. It needs to be done before the exchange of the key and data.

 

                 

 

The 3 main
authentication methods are- (1) Password authentication which has weak security
level, (2) Customized and zero knowledge authentication, (3) Challenge response
is highly secure scheme and has two types- Symmetric and Asymmetric.

 

This can be obtained by MAC( Message Authentication Codes) or
keyed hash functions. MACs guarantee the integrity of the message and prevents
against attacks from intruders. Harsh environment have the high possibility of
intruders.

 

Encryption Algorithm

 

The limitations of RFID devices suggest use of
symmetric-key encryption algorithms. RC4 algorithm is suggested- one among the
most used stream ciphers. The RC4 algorithm guarantees protection against
eavesdropping, one among the major threats in RFID networks.

 

 

 

 

 

 

 

 

 

 

 

 

Bibliography

1 Jeddi, Z., Amini, E.,
& Bayoumi, M. (2012, July). Rbs: Redundant bit security algorithm for rfid
systems. In Computer Communications and Networks (ICCCN), 2012 21st
International Conference on (pp. 1-5). IEEE.

2 Toiruul, B., & Lee, K. (2006). An advanced mutual-authentication
algorithm using AES for RFID systems. International Journal of Computer
Science and Network Security, 6(9B), 156-162.

3 Poschmann, A., Leander, G., Schramm, K., & Paar, C. (2007, May).
New light-weight crypto algorithms for RFID. In Circuits and Systems,
2007. ISCAS 2007. IEEE International Symposium on (pp. 1843-1846).
IEEE.

4 Narayanaswamy, J., Sampangi, R. V., & Sampalli, S. (2014,
September). SCARS: Simplified cryptographic algorithm for RFID systems.
In RFID Technology and Applications Conference (RFID-TA), 2014 IEEE (pp.
32-37). IEEE.

5 Feldhofer, M., Dominikus, S., & Wolkerstorfer, J. (2004,
August). Strong authentication for RFID systems using the AES algorithm.
In CHES (Vol. 4, pp. 357-370).

6 Gilbert, S. (2009). RFID Security: Tiny
Encryption Algorithm and Authentication Protocols. Master Project,
Ryerson University, Toronto, Canada.

7 Jonathan Sangoro. (2015). RSA Algorithm as a Data Security Control
Mechanism in RFID