• Journal of Information Processing Systems
• /
• 제2권3호
• /
• pp.170-177
• /
• 2006

Recently, RFID technology has attracted considerable attention in many industry fields. The RFID environment requires a standard architecture for the smooth exchange of data between heterogeneous networks. The architecture should offer an efficient standard environment, such as a communication environment based on Web Services, PKI or Kerberos-based security, and abstract business processes which could be used in the diverse domains. Therefore, in this paper, we propose an Enterprise Application Framework (EAF) which includes a standard communication protocol, security functions, and abstract level business processes. The suggested architecture is expected to provide a more secure and flexible security management in the dynamic RFID application environments, and is expected to provide an abstract business event for the development of business processes which could apply RFID technology to the existing systems.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 한국해양정보통신학회 2011년도 춘계학술대회
• /
• pp.473-475
• /
• 2011

Radio Frequency Identification(RFID) has been considered as an key infrastructure for the ubiquitous society. However, due to the inherent drawbacks, RFID causes var- ious security threats like privacy problems, tag cloning, etc. This paper proposes a novel practical approach, which are fully conformed to EPCglobal RFID Gen2 standard, for enhancing security of currently used RFID Gen2 tags against the various security threats.

• Proceedings of the Korea Information Processing Society Conference
• /
• 한국정보처리학회 2005년도 춘계학술발표대회
• /
• pp.1201-1204
• /
• 2005

차세대 유비쿼터스 환경에서 중요한 기술적 위치를 차지할 것으로 예상되는 무선주파수 인식기술(RFID)은 다양한 분야에서 적용될 것으로 기대가된다. 하지만 핵심이 되는 태그 자체의 특성으로 인하여 사용자의 프라이버시 침해라는 역기능도 내포하고 있다. 따라서 본 논문에서는 이러한 RFID 태그 사용자의 정보 누출에 의한 프라이버시 보호를 위하여 기존의 암호학적 보호기법을 적용하기 어려운 저가의 태그를 이용한 RFID시스템 환경에서 효율적으로 태그의 정보를 보호하는 기법인 블록커 태그를 이용하였다. 블로커 태그는 보호하고자하는 태그의 정보를 알아내고자 하는 공격자의 요청에 대하여 실제 태그와 같은 정보로 응답하되 특정 태그정보가 아닌 전체 태그 정보를 전달하는 형태로 공격자가 특정 태그 정보를 찾지 못하게 하여 사용자의 프라이버시 보호가 가능함을 보였다.

• The KIPS Transactions:PartC
• /
• 제16C권3호
• /
• pp.307-316
• /
• 2009

RFID technique which is recognizable without the physical contact between the reader and the tag is the core to archive ubiquitous environment, and has been attracting a lot of interest from both industry and academic institutes. Especially, RFID based logistic service management can get the low priced cost and the advancement of the appointed date of delivery. In this paper, we first analyze security requirements of international logistics process, and then propose a RBAC based security model and represent access control constraints using UML.

• Journal of Internet Computing and Services
• /
• 제12권6호
• /
• pp.139-147
• /
• 2011

We proposed the secure and efficient passive RFID protocol which is based on one-way hash based low-cost authentication protocol (OHLCAP). The paper introduces OHLCAP and the vulnerabilities of OHLCAP and suggests security solutions by analyzing them. Afterwards, The paper presents the proposed protocol and demonstrates computational performance and security of the protocol. This protocol not only has the resistances against eavesdropping attack, impersonation attack, desynchronization attack, and replay attack but also provides untraceability and forward secrecy.

• IEIE Transactions on Smart Processing and Computing
• /
• 제1권1호
• /
• pp.65-71
• /
• 2012

Mobile RFID is a new application that uses a mobile phone as an RFID reader with wireless technology and provides a new valuable service to users by integrating RFID and ubiquitous sensor network infrastructures with mobile communication and wireless Internet. Whereas the mobile RFID system has many advantages, privacy violation problems on the reader side are very concerning to individuals and researchers. Unlike in regular RFID environments, where the communication channel between the server and reader is assumed to be secure, the communication channel between the backend server and the RFID reader in the mobile RFID system is not assumed to be safe. Therefore it has become necessary to devise a new communication protocol that secures the privacy of mobile RFID-enabled devices. Recently, Lo et al. proposed a mutual key agreement protocol that secures the authenticity and privacy of engaged mobile RFID readers by constructing a secure session key between the reader and server. However, this paper shows that this protocol does not meet all of the necessary security requirements. Therefore we developed an enhanced mutual key agreement protocol for mobile RFID-enabled devices that alleviates these concerns. We further show that our protocol can enhance data security and provide privacy protection for the reader in an unsecured mobile RFID environment, even in the presence of an active adversary.

• Journal of Digital Contents Society
• /
• 제6권4호
• /
• pp.267-272
• /
• 2005

The ubiquitous computing environment is a new paradigm that represents the future life and is expected to bring about great changes in IT and in the lives of individuals. However, since a good deal of information can be easily obtained and shared in the ubiquitous computing environment, problems such as a security threat and infringement of privacy are getting serious. The present study is intended to explore some ways to minimize such problems by introducing RFID technology in the ubiquitous computing environment. This study also examines the causes of violation of security and privacy that might occur in the RFID system and requirement for security. In addition it seeks possible technical solutions to those causes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제19권3호
• /
• pp.61-72
• /
• 2009

To guarantee security between the tag and back-end server and implementation efficiency in low power tag, we propose two typed mutual authentication protocols in RFID system. One is static-ID authentication scheme which is well suitable in distributed server environments. The other is dynamic-ID scheme which is additively satisfied forward security. In proposed scheme, it does not need any random number generator in tag and requires only one(maximally three) hash operation(s) in tag or server to authenticate each other. Furthermore, we implement the proposed schemes in RFID smart card system and verify its normal operations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제16권2호
• /
• pp.81-94
• /
• 2006

This study, in particular, aims to regulate the core techniques of ubiquitous computing, such as the use of an ad hoc network and the smart-tag technique, and to look more closely into RFID Tag's smart-tag-related security service. The study aims to do so because several important technical factors and structures must be taken into account for RFID Tag to be applied in the ubiquitous-computing-related infrastructure, and the security of the tag is considered one of the core technologies. To realize secure ubiquitous computing in the case of the Passive-tag-Performing RF communication, a less costly security service, the technical items needed to carry this out, a security service to be applied to passive tags, and network management techniques are required. Therefore, the passive-tag-based networks as the authentication level is established based on the secure authentication of each tag and the service that the tag delivers in the passive-tag-based networks and as the same service and authentication levels are applied, and the active-tag-based network system proposed herein is not merely a security service against illegal RFID tags by performing a current-location and service registration process after the secure authentication process of the active RFID tag, but is also a secure protocol for single and group services, is proposed in this study.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 한국정보보호학회 2006년도 하계학술대회
• /
• pp.515-518
• /
• 2006

RFID(Radio Frequency Identification) 시스템이란 무선 라디오 주파수를 이용하여 사물을 식별 및 추적할 수 있는 기술로서 산업 전반에 걸쳐 그 적용성이 확대되고 있으나 불안전한통신상에서 데이터 송 수신 및 태그의 제한적인 계산능력과 한정된 저장 공간의 자원으로 인한 위치 추적, 스푸핑 공격, 재전송공격, 사용자 프라이버시 침해 등의 취약점이 존재한다. 본 논문에서는 기존의 RFID 시스템에 대한 인증 프로토콜들을 분석하고, Challenge Response(C-R) 인증 프로토콜에서 연산량을 줄임으로서 위치 추적과 스푸핑 공격, 재전송 공격에 효율적으로 개선된 C-R 인증 프로토콜을 제안한다.