• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.117-123
• /
• 2011

Lightweight authentication protocols are necessary in RFlD systems since a RFlD tag has computation constraints. Over recent years, many protocols have been proposed, In this paper, we examine the HB protocol and its variants, and their vulnerabilities to attacks, We analyze the problem of Piramuthu's attack on the HB++ protocol and propose solutions to it.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.6
• /
• pp.1307-1312
• /
• 2011

Radio Frequency Identification(RFID) has been considered as an key infrastructure for the ubiquitous society. However, due to the inherent drawbacks, RFID causes var- ious security threats like privacy problems, tag cloning, etc. This paper proposes a novel practical approach, which are fully conformed to EPCglobal RFID Gen2 standard, for enhancing security of currently used RFID Gen2 tags against the various security threats.

• The KIPS Transactions:PartC
• /
• v.19C no.1
• /
• pp.9-18
• /
• 2012

In 2010, Pedro et al. proposed RFID distance bounding protocol based on WSBC cryptographic puzzle. This paper points out that Pedro et al.'s protocol not only is vulnerable to tag privacy invasion attack and location tracking attack because an attacker can easily obtain the secret key(ID) of a legal tag from the intercepted messages between the reader and the tag, but also requires heavy computation by performing symmetric key operations of the resource limited passive tag and many communication rounds between the reader and the tag. Moreover, to resolve the security weakness and the computation/communication efficiency problems, this paper also present a new RFID distance bounding protocol based on WSBC cryptographic puzzle that can provide strong security and high efficiency. As a result, the proposed protocol not only provides computational and communicational efficiency because it requires secure one-way hash function for the passive tag and it reduces communication rounds, but also provides strong security because both tag and reader use secure one-way hash function to protect their exchanging messages.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.253-254
• /
• 2011

Most of existing RFID authentication protocols either suffer from some security weaknesses or require costly operations that are not available on low-cost tags. In this paper, we analyzed the security mechanism of a lightweight authentication protocol.

• The KIPS Transactions:PartC
• /
• v.18C no.5
• /
• pp.331-338
• /
• 2011

The RFID system includes a section of wireless communication between the readers and the tags. Because of its vulnerability in terms of security, this part is always targeted by attackers and causes various security problems including the leakage of secret and the invasion of privacy. In response to these problems, various protocols have been proposed, but because many of them have been hardly implementable they have been limited to theoretical description and theorem proving without the accurate verification of their safety. Thus, this study tested whether the protocol proposed by Kenji et al. satisfies security requirements, and identified its vulnerabilities such as the exposure of IDs and messages. In addition, we proposed an improved RFID security protocol that reduced the number of public keys and random numbers. As one of its main characteristics, the proposed protocol was designed to avoid unnecessary calculations and to remove vulnerabilities in terms of security. In order to develop and verify a safe protocol, we tested the protocol using Casper and FDR(Failure Divergence Refinements) and confirmed that the proposed protocol is safe in terms of security. Furthermore, the academic contributions of this study are summarized as follows. First, this study tested the safety of a security protocol through model checking, going beyond theorem proving. Second, this study suggested a more effective method for protocol development through verification using FDR.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.4
• /
• pp.1005-1014
• /
• 2010

When reader collect tags, we found that they tend to get together to specific interface in Multi-Interface Multi-Channel 2.4GHz Active RFID system. To solve this problem, we designed the LP-Combind and AP-Balanced protocol for load distribution between interfaces, then verified its superiority of the performance through the simulation. There are three problems to implement designed protocols in hardware of firmware-level. first, tag selects randomly the channel of reader and reader need the method which can change the channel of tags. second, reader has the synchronization problem between reader and tag. third, reader has problem that MCU of reader have to operate simultaneously dual interface. To slove this problems, we designed the message and implemented method for tag channel change and the protocol in order to adjust synchronization between reader and tag, Therefore, we compared and analyzed the performance of protocols by experiment. If LP windows size is same, the performance of LP-Combined protocol and AP-Balanced protocol which lower collision probability by its load distribution is more outstanding than single interface protocol performance.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.11
• /
• pp.2399-2403
• /
• 2011

Radio Frequency Identification(RFID) has been considered as an key infrastructure for the ubiquitous society. However, due to the inherent drawbacks, RFID causes var- ious security threats like privacy problems, tag cloning, etc. This paper analyses the security risk analysis process from the perspective of the RFID tag life cycle, identify the tag usage process, identify the associated vulnerability and threat to the confidentiality, integrity and availability of the information assets and its implications for privacy, and the mitigate the risks.

• Journal of KIISE:Information Networking
• /
• v.34 no.6
• /
• pp.483-492
• /
• 2007

In this paper, we propose a new hybrid approach based on query tree protocol to arbitrate tag collisions in RFID systems. The hybrid query tree protocol that combines a tree based query protocol with a slotted backoff mechanism. The proposed protocol decreases the average identification delay by reducing collisions and idle time. To reduce collisions, we use a 4-ary query tree instead of a binary query tree. To reduce idle time, we introduce a slotted backoff mechanism to reduce the number of unnecessary Query commands. Simulation and numerical analysis reveal that the proposed protocol achieves lower identification delay than existing tag collision arbitration protocols.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.12
• /
• pp.2695-2701
• /
• 2012

We need privacy protection protocols, that satisfy three essential security requirements; confidentiality, indistinguishability and forward security, in order to protect user's privacy in RFID system. The hash-chain based protocol that Ohkubo et. al proposed is the most secure protocol, that satisfies all of the essential security requirements, among existing protocols. But, this protocol has a disadvantage that it takes very long time to identify a tag in the back-end server. In this paper, we propose a scheme to keep security just as it is and to reduce computation time for identifying a tag in back-end server. The proposed scheme shows the results that the identification time in back-end server is reduced considerably compared to the hash-chain based protocol.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.791-792
• /
• 2012

RFID security protocol is widely discussed as an important issue, while the mutual authentication with the security agreement is mostly discussed enthusiastically. In this paper we improve HB family to achieve the property of mutual authentication, so that the user privacy can be protected. The future direction is to adapt the protocol for cloud computing.