• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.1
• /
• pp.33-40
• /
• 2007

RFID, a non-contact wireless identification technology is being noticed as a technology to alternate barcode system in distribution industry and general industry. Despite of merit of RFID, there are issues to be solved for practical use. One of them, which are most important, is resolution of user's information protection. RFID system without security function bears risk exposing personal data and user's privacy. In this paper, we propose mutual authentication protocol for RFID system in order to solve this security issue. This study aimed to protect user's privacy by providing dynamic ID for tag through authentication protocol safe from security threats. Information being transmitted between backend, reader and tag has no direct connection with ID of tag, and it conducts authentication process using one-way hash function, which prevents attacker's obtaining of tag information using information being transmitted.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.73-90
• /
• 2010

Recently, Tan et al. introduced a serverless search protocol in which a mobile reader maintains a tag authentication list and authenticates a tag using the list without connecting authentication server. A serverless RFID system is different from general RFID systems which use on-line server models. In the serverless RFID system, since the mobility of a personalized reader must be considered, we have to protect not only the privacy of a tag but also the privacy of a mobile reader. In this paper, we define new security requirements for serverless RFID search system and propose a secure serverless RFID search system. In our system, since tag authentication information maintained by a reader is updated in every session, we can provide the backward untraceability of a mobile reader. Also we use an encrypted timestamp to block a replay attack which is major weakness of search protocols. In addition, we define a new adversary model to analyze a serverless RFID search system and prove the security of our proposed system using the model.

• Journal of Multimedia Information System
• /
• v.8 no.1
• /
• pp.57-60
• /
• 2021

Industry 4.0 is continuous automation by applying the latest smart technologies to traditional manufacturing industries. It means that large-scale M2M (Machine-to-Machine) communication and IoT (Internet of Things) technologies are well integrated to build efficient production systems by analyzing and diagnosing various issues without human intervention. Edge computing is widely used for M2M services that handle real-time interactions between devices at industrial machinery tool sites. Here, secure data transmission is required while interacting. Thus, this paper focused on a method of creating and maintaining secret key and security tag used for message authentication between end-devices and edge-device.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.5C
• /
• pp.415-421
• /
• 2005

Passive RFID tag does not have its own power, so it has very poor computation abilities and it can deliver signals in very short range. From the facts, most RFID Tag security schemes assumed that the backward channel from tags to a reader is safe from eavesdropping. However, eavesdroppers near a tag can overhear message from a tag illegally. In this paper, we propose a method to protect the backward channel from eavesdropping by illegal readers. The proposed scheme can overcome the problems of conventional schemes such as randomized tree walking, which have been proposed to secure tag information in tree-walking algorithm as an anti-collision scheme for RFID tags. We showed the efficiency of our proposed method by using an analytical model, and it is also shown that the proposed method can provide the probability of eavesdropping in some standardized RFID tag system such as EPCglobal, ISO, uCode near to '0'.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.1
• /
• pp.41-49
• /
• 2007

RFID in which subminiature IC chip with the indentified information is built a core technique that can recognize, trace and manage various information of an object using radio frequency in the age of Ubiquitous. Several pressing matters about an infringement of Privacy and a security of private information should be settled as soon as possible because an information of specific circumstance can be collected and used without any awareness by others as well as a private information. In addition, various algorithms with high level of security, which is normally used in wire, can be hardly applied to RFID tag because of a lot of restrictions of tag. In this report, designed-RFID tag based on the standard of ISO/IEC 18000-6 and the problems which originated from the technical procedure of that design were analyzed, and the algorithm which could be applied to the designed-tag was also investigated.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.103-113
• /
• 2007

In this paper, we present a security analysis of Lightweight RFID Mutual Authentication Protocols-LMAP[10], $M^2AP$[11], EMAP[12]. Based on simple logic operations, the protocols were designed to be suitable for lightweight environments such as RFID systems. In [8,9], it is shown that these protocols are vulnerable to do-synchronization attacks with a high probability. The authors also presented an active attack that partially reveals a tag's secret values including its ID. In this paper, we point out an error from [9] and show that their do-synchronization attack would always succeed. We also improve the active attack in [9] to show an adversary can compute a tag's ID as well as certain secret keys in a deterministic way. As for $M^2AP$ and EMAP, we show that eavesdropping $2{\sim}3$ consecutive sessions is sufficient to reveal a tag's essential secret values including its ID that allows for tracing, do-synchronization and/or subsequent impersonations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.25-35
• /
• 2006

Radio Frequency identification (RFID) will become an important technology in remotely object identification systems. However, the use of RFID tags may create new threats to the sniな and Privacy of individuals holding RFID tags. These threats bring several problems which are information leakage of a tag, location trace of individuals and impersonation of a tag. Low-cost RFID systems have much restrictions such as the limited computing power, passive power mechanism and low storage space. Therefore, the cost of tag's computation should be considered as an important factor in low-cost RFID systems. We propose an authentication protocol, OHLCAP which requires only one one-way hash function operation and hence is very efficient. Furthermore, our protocol is suitable to distribution database environment. Hence our scheme can be applied to ubiquitous computing environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.3-12
• /
• 2006

RFID (Radio Frequency Identification) system is expected to play a critical role providing widespread services in the ubiquitous period. However, widespread use of RFID tags may create new threats to the privacy of individuals such as information leakage and traceability. It is difficult to solve the privacy problems because a tag has the limited computing power that is not the adequate resource to support the general encryption. Although the scheme of [2] protects the consumer privacy using an external agent, a tag should compute exponential operation needed high cost. We propose Self Re-Encryption Protocol (SREP) which provides song privacy without assisting of any external agent. Our SREP is well suitable to low-cost RFID system since it only needs multiplication and exclusive-or operation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.13-26
• /
• 2006

RFID technology is evaluated as one of core technologies for ubiquitous environment, because of its various characteristics which barcode systems don't have. However, RFID systems have consumer's privacy infringement problems, such like information leakage and location tracing. We need RFID privacy protection protocols, that satisfy three essential security requirements; confidentiality, indistinguishability and forward security, in order to protect consumer's privacy perfectly. The most secure protocol, that satisfies all of the three essential security requirements, among existing protocols, is the hash-chain based protocol that Ohkubo proposed. Unfortunately this protocol has a big disadvantage that it takes very long time to identify a tag in the back-end server. In this paper, we propose a scheme to keep security just as it is and to reduce computation time for identifying a tag in back-end server. The proposed scheme shows the results that the identification time in back-end server is reduced considerably compared to the original scheme of Ohkubo protocol.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.10
• /
• pp.121-128
• /
• 2010

In this paper, we proposed a new secure RFID(Radio Frequency IDentification) mutual authentication protocol on insecure communication channel which assumed that all communication channels between the database, the reader and the tag are insecure communication channels. The proposed protocol used a secure one-way hash function and the goal is to improve search time of a tag ID and overload of hash calculational load in DB. In addition, the proposed protocol supports not only basic security requirements to be provided by RFID mutual authentication protocol but also forward secrecy, and the tag does not generate a random number to reduce overload of processing capacity in it.