• Journal of the Korea Society of Computer and Information
• /
• v.12 no.4
• /
• pp.69-75
• /
• 2007

On the wireless communication between RFID Tag and Reader, there are some existing problems with weaknesses of security such as spoofing, replay, traffic analysis, position tracking, etc., in the established hash lock related algorithm. This paper has presented the comparison and analysis of the established hash lock related algorithm for privacy and in order to make up for this, also suggested a new security authentication algorithm based on hash which has an authentication protocol and creates hash function by using random numbers received from the reader on real time and every session. The algorithm suggested here can offer a several of usefulness for RFID authentication system and it has an advantage to reduce the amount of calculations compared to established algorithm. It also uses the tags needed among a lot of tags around which are expected later and it is expected to reduce a responsibility of the server by ending unnecessary tags' operation with time based.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.1
• /
• pp.12-18
• /
• 2013

In 2012, Woosik Bae proposed a DAP3-RS(Design of Authentication Protocol for Privacy Protection in RFID Systems) using the hash function and AES(Advanced Encryption Standard) algorithm to hide Tag's identification and to generates variable data in every session. He argued that the DAP3-RS is safe from spoofing attack, replay attack, traffic analysis and etc. Also, the DAP3-RS resolved problem by fixed metaID of Hash-Lock protocol using AES algorithm. However, unlike his argue, attacker can pass authentication and traffic analysis using by same data and fixed hash value on the wireless. We proposed authentication protocol based on AES algorithm. Also, our protocol is secure and efficient in comparison with the DAP3-RS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.57-68
• /
• 2004

Recently, Radio Frequency Identification (RFID) systems stands in the spotlight of industry as a common and useful tool in manufacturing, supply chain management (SCM) and stock management. In the near future, low-cost RFID Electronic Product Code; (EPC) or smart-labels may be a practical replacement for optical barcodes on consumer items. However, manufacturing cheap and small RFID tags, and developing secure RFID authentication Protocols are problems which need to be solved. In spite of advances in semiconductor technology, computation and storage ability of the tag are so limited that it is difficult and too expensive to apply existing crypto-systems to RFID tags. Thus it is necessary to create a new protocol which would require less storage space and lower computation costs and that is secure in the RFID system's environments. In this paper, we propose a RFID authentication protocol that is secure against location tracking and spoofing attacks. Our protocol can be used as a practical solution for privacy protection because it requires less computations in database than the previous RFID authentication protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.11C
• /
• pp.883-891
• /
• 2008

In 2006, Lee and Ahn proposed a matrix-based RFID authentication protocol which eliminates the security problems in HB and $HB^+$ RFID authentication protocols. Their proposed protocol provides the following three merits: (1) it reduces the computational costs of the RFID tag. (2) it reduces the communication overhead between the reader and the tag. (3) it protects the user privacy. However, this paper points out that Lee and Ahn's proposed protocol is insecure to various attacks because it does not provide mutual authentication which the RFID tag does not authenticate the legality of the RFID reader unlike their claims. In addition, this paper proposes an improved matrix-based RFID mutual authentication protocol that can provide the mutual authentication. As a result, the proposed protocol not only can provide strong security and but also guarantee high efficiency because it reduces the communication rounds compare with Lee-Ahn's protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.4C
• /
• pp.197-206
• /
• 2011

In the RFID system, bulk tag information is stored into the back-end database as plaintext format not ciphertext. In this case, the tags's private informations can be easily compromised by an external hacker or an insider attacker. If the private informations of tags disclosed by the attackers, it can occur serious privacy invasion problem. Recently the database(DB) security is an important issue to prevent the above DB compromised attack. However, DB security for RFID systeme has not been considered yet. If we use the DB security technique into the RFID system, the above described privacy invasion' problem can be easily prevented. Based on this motivation, this paper proposes a secure and efficient back-end database security and authentication(S-DB) scheme with XOR-based encryption/decryption algorithm. In the proposed scheme, all tag's private information is encrypted and stored by using the DB secret key to protect the DB compromised attack. As a result, the proposed S-DB scheme 'can provide stronger security and more efficiency for the secure RFID system environment.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.25-27
• /
• 2005

본 논문에서 제안하는 시스템은 기존의 RFID System의 보안성을 높이기 위하여 2단계 인증처리를 통하여 안전성을 더 확보할 수 있게 되었다. 제안하는 시스템은 RFID Tag 인증 후 사용자의 추가적인 인증정보의 획득을 카메라를 통하여 사용자의 영상특징정보를 추출한다. 본 논문에서는 빠른 인증과 검색을 위하여 이미지 영역별 색상특징정보를 사용하여 추가적인 인증과정을 수행하게 된다. 제안하는 시스템을 실험한 결과 RFID Tag와 색상특징정보를 사용하여 출입인증을 하였을 경우 단일한 인증처리 시스템보다 정확한 결과를 얻을 수 있었다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.12
• /
• pp.3694-3701
• /
• 2009

This paper suggests that location tracking system by RFID. It uses the location tracking and the authentication to entrance after inserts passive RFID tag into user Identification card. The readers periodically broadcast their signal, and then the readers understand where users are by analyzing them. In one of tracking systems, it is possible to detect the area where user had stayed for the longest time during moving according to signal power, to know user moved path and user next moving path. Also, it can be used in entrance authentication system in security area by using tag ID value which stored to backend server.

• Journal of Digital Convergence
• /
• v.11 no.4
• /
• pp.221-227
• /
• 2013

RFID is an automatic identification technology that can control a range of information via IC chips and radio communication. Also known as electronic tags, smart tags or electronic labels, RFID technology enables embedding the overall process from production to sales in an ultra-small IC chip and tracking down such information using radio frequencies. Currently, RFID-based application and development is in progress in such fields as health care, national defense, logistics and security. RFID structure consists of a reader that reads tag information, a tag that provides information and the database that manages data. Yet, the wireless section between the reader and the tag is vulnerable to security issues. To sort out the vulnerability, studies on security protocols have been conducted actively. However, due to difficulties in implementation, most suggestions are concerned with theorem proving, which is prone to vulnerability found by other investigators later on, ending up in many troubles with applicability in practice. To experimentally test the security of the protocol proposed here, the formal verification tool, CasperFDR was used. To sum up, the proposed protocol was found to be secure against diverse attacks. That is, the proposed protocol meets the safety standard against new types of attacks and ensures security when applied to real tags in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.63-73
• /
• 2008

RFID(Radio Frequency IDentification) system is an automated identification system that basically consists of tags and readers and Back-End-Databases. Tags and Readers communicate with each other by RF signal. As a reader can identify many tags in contactless manner using RF signal, RFID system is expected to do a new technology to replace a bar-code system in supply-chain management and payment system and access control and medical record and so on. However, RFID system creates new threats to the security of systems and privacy of individuals, Because tags and readers communicate with each other in insecure channel using RF signal. So many people are trying to study various manners to solve these problems against attacks, But they are difficult to apply to RFID system based on EPCglobal UHF Class-1 Generation-2 tags. Recently, Chien and Chen proposed a mutual Authentication protocol for RFID conforming to EPCglobal UHF Class-1 Generation-2 tags. we discover vulnerabilities of security and inefficiency about their protocol. Therefore, We analyze vulnerabilities of their protocol and propose an efficient mutual authentication protocol that improves security and efficiency.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.951-954
• /
• 2006

RFID시스템은 태그와 리더, 백엔드DB로 구성되는 무선인식시스템으로 용도와 기능, 크기에 따라 다양하지만 가장 널리 사용될 것으로 예상되는 것은 저가 수동형 태그로 향후 바코드시스템을 대체할 것으로 기대된다. 이러한 RFID시스템은 적법한 리더와 태그에게 정보를 전달해서 도청자로부터 통신을 방해받지 않아야 하고, 원하지 않는 태그 정보의 노출로 인한 개인 프라이버시 침해를 방지할 수 있어야 한다. 본 논문에서는 불특정다수가 이용하는 많은 양의 아이템을 취급하는 공공도서관에서 RFID시스템을 도입함에 따라 예상되는 개인 프라이버시 침해를 방지하기 위해 보안 요구사항을 만족하면서 시스템 사용 환경에 맞는 프라이버시 보호 방식을 제안한다.