• Journal of Information Processing Systems
• /
• 제7권4호
• /
• pp.691-706
• /
• 2011

Since security and privacy problems in RFID systems have attracted much attention, numerous RFID authentication protocols have been suggested. One of the various design approaches is to use light-weight logics such as bitwise Boolean operations and addition modulo $2^m$ between m-bits words. Because these operations can be implemented in a small chip area, that is the major requirement in RFID protocols, a series of protocols have been suggested conforming to this approach. In this paper, we present new attacks on these lightweight RFID authentication protocols by using the Gr$\ddot{o}$bner basis. Our attacks are superior to previous ones for the following reasons: since we do not use the specific characteristics of target protocols, they are generally applicable to various ones. Furthermore, they are so powerful that we can recover almost all secret information of the protocols. For concrete examples, we show that almost all secret variables of six RFID protocols, LMAP, $M^2AP$, EMAP, SASI, Lo et al.'s protocol, and Lee et al.'s protocol, can be recovered within a few seconds on a single PC.

• 한국통신학회논문지
• /
• 제37권1C호
• /
• pp.24-33
• /
• 2012

RFID 시스템은 바코드 대체 기술로 급부상 하지만 도청, 위치추적, 스푸핑 공격, 재전송 공격과 같은 다양한 공격에 취약하다. 이를 해결하고자 암호학적 기법이 연구되고 있지만 자원적 제약이 있는 수동형 태그에 적용하기 힘든 실정이다. 최근 초경량 RFID 인증 프로토콜은 RFID 태그에 적용 가능하지만 비동기화, T. Li가 제시한 능동 공격에 많은 문제가 있다. 본 논문에서는 초경량 RFID 인증 프로토콜의 문제를 해결하고, RFID 시스템에서 일어날 수 있는 일반적인 공격에 안전한 프로토콜을 설계하여 현실적으로 적용 가능한 프로토콜을 제안한다.

• 한국정보통신학회:학술대회논문집
• /
• 한국해양정보통신학회 2009년도 춘계학술대회
• /
• pp.789-792
• /
• 2009

As RFID technology is becoming ubiquitous, the secunty of these systems gets much attention. Its fields of usage include personal identification, supply-chain management systems, and many more. Many kinds of RFID tags are available on the market which differ both in storage, and computational capacity. Since by standard IT means all the tags have small capacities, the security mechanisms which are in use in computer networks are not suitable. For expensive tags with relatively large computational capacities many secure communication protocols were developed, for cheap low-end tags, only a few lightweight protocols exist. In this paper we introduce our solution, which is based on the least computation demanding operator, the exclusive or function. By introducing two tags instead of one in the RFID system, our scheme provides security solutions which are comparable with those provided by the lightweight protocols. In the meantime, our scheme does not demand any computational steps to be made by the ta.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권3호
• /
• pp.1212-1228
• /
• 2016

Secure communication is an important aspect of today's interconnected environments and it can be achieved by the use of cryptographic algorithms and protocols. However, many existing cryptographic mechanisms are tightly integrated into communication protocols. Issues emerge when security vulnerabilities are discovered in cryptographic mechanisms because their replacement would eventually require replacing deployed protocols. The concept of cryptographic agility is the solution to these issues because it allows dynamic switching of cryptographic algorithms and keys prior to and during the communication. Most of today's secure protocols implement cryptographic agility (IPsec, SSL/TLS, SSH), but cryptographic agility mechanisms cannot be used in a standalone manner. In order to deal with the aforementioned limitations, we propose a lightweight cryptographically agile agreement model, which is formally verified. We also present a solution in the Agile Cryptographic Agreement Protocol (ACAP) that can be adapted on various network layers, architectures and devices. The proposed solution is able to provide existing and new communication protocols with secure communication prerequisites in a straightforward way without adding substantial communication overhead. Furthermore, it can be used between previously unknown parties in an opportunistic environment. The proposed model is formally verified, followed by a comprehensive discussion about security considerations. A prototype implementation of the proposed model is demonstrated and evaluated.

• IEIE Transactions on Smart Processing and Computing
• /
• 제1권2호
• /
• pp.95-105
• /
• 2012

The widespread implementation of RFID in ubiquitous computing is constrained considerably by privacy and security unreliability of the wireless communication channel. This failure to satisfy the basic, security needs of the technology has a direct impact of the limited computational capability of the tags, which are essential for the implementation of RFID. Because the universal application of RFID means the use of low cost tags, their security is limited to lightweight cryptographic primitives. Therefore, EPCGen2, which is a class of low cost tags, has the enabling properties to support their communication protocols. This means that satisfying the security needs of EPCGen2 could ensure low cost security because EPCGen2 is a class of low cost, passive tags. In that way, a solution to the hindrance of low cost tags lies in the security of EPCGen2. To this effect, many lightweight authentication protocols have been proposed to improve the privacy and security of communication protocols suitable for low cost tags. Although many EPCgen2 compliant protocols have been proposed to ensure the security of low cost tags, the optimum security has not been guaranteed because many protocols are prone to well-known attacks or fall short of acceptable computational load. This paper proposes a remedy protocol to the flyweight RFID authentication protocol proposed by Burmester and Munilla against a desynchronization attack. Based on shared pseudorandom number generator, this protocol provides mutual authentication, anonymity, session unlinkability and forward security in addition to security against a desynchronization attack. The desirable features of this protocol are efficiency and security.

• 한국정보전자통신기술학회논문지
• /
• 제11권1호
• /
• pp.121-128
• /
• 2018

사물인터넷(IoT) 기술은 사람과 장치 간 통신 기술 및 데이터 취득을 위한 센싱 기술, 가상의 프로세스, 저장 데이터 등 모든 것들이 인터넷으로 연결되어 활용 되는 기술이다. 최근 IoT 관련 프로토콜에 대해 연구가 많이 진행되고 있지만, IoT 보안을 위한 경량 프로토콜에 대한 연구는 미흡한 실정이다. IoT 프로토콜들의 보안성을 위해 추가로 연구되는 부분이 있지만 이는 메모리 사용 및 통신량의 단점을 갖고 있기 때문에 적합하다고 할 수 없다. 이러한 이유로 IoT의 자원 제약적인 특성상 기존의 프로토콜들이 경량화 추세로 가고 있으며 경량화 IPsec 연구는 필수적이라 할 수 있다. 본 논문에서는 기존 경량 IPsec을 분석하고 취약점을 보완한 새로운 경량 IPsec을 제안한다. 그리고 성능 분석 및 성능 평가를 통하여 기존 경량 IPsec 프로토콜과의 차이점을 분석하였다.

• 정보보호학회논문지
• /
• 제17권4호
• /
• pp.103-113
• /
• 2007

최근 P. Peris-Lopez 등에 의하여 제안된 일련의 RFID 상호인증 프로토콜 LMAP[10], $M^2AP$[11], EMAP[12]은 간단한 논리 연산에 기반하여 경량 환경에서 높은 구현 효율성을 제공하도록 설계되었다. 그런데, T. Li 등은 [8,9]에서 전송 메시지를 변조하는 능동적 공격으로 위 프로토콜들에 대한 비동기화공격이 높은 확률로 적용됨을 보이고, 태그의 ID를 포함한 일부 비밀 정보를 얻을 수 있음을 보였다. 본 논문에서는 [9]의 일부 오류를 수정하여 비동기화공격이 항상 가능함을 보이고 LMAP에 대한 대폭 개선된 능동적 공격을 제시한다. 한편, $M^2AP$, EMAP에 대한 새로운 분석으로서, $2{\sim}3$개 연속 세션의 도청으로 태그의 ID를 포함한 일부 비밀 정보를 얻을 수 있음을 보인다. 이들 정보는 태그 추적 외에, $M^2AP$의 경우 태그 위장에도 사용될 수 있어 본고의 공격은 $M^2AP$와 EMAP의 치명적인 결함을 드러낸다고 하겠다.

• 한국산업정보학회논문지
• /
• 제20권4호
• /
• pp.11-23
• /
• 2015

본 논문에서는 중앙관리 서버와 부착형 경량 단말기를 사용하는 HACCP(Hazard Analysis and Critical Control Point) 자동화 시스템에서, 효율적인 HACCP 데이터의 송수신을 위한 통신 미들웨어를 개발한다. 이를 위해서 HACCP 관리 규정을 토대로 경량 단말기에 최적화될 수 있는 HACCP 데이터를 위한 통신 메시지 규약을 설계한다. 또한 경량 단말기와 서버 간의 데이터 교환 및 데이터 통합 관리 기능을 수행하는 통신 미들웨어를 구현한다. 통신 미들웨어는 단말기의 경량화를 지원하기 위해서, 단말기가 필요로 하는 데이터를 능동적으로 갱신하며, 서버의 HACCP 데이터베이스를 관리한다. 또한 단말기와 서버의 일관적인 데이터 공유가 가능하도록 모니터링 기능을 제공하고 통신 메시지의 송수신을 담당하여 실질적으로 HACCP 자동화 업무를 수행한다. 이러한 HACCP 데이터 관리를 위한 통신 메시지 규약과 통신 미들웨어의 기능을 검증함으로써, 경량 단말기를 지원할 수 있는 HACCP 자동화 시스템 개발에 요소 기술로 활용될 수 있음을 보인다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권2호
• /
• pp.978-1002
• /
• 2019

With the rapid development of the Internet of Things, the problem of privacy protection has been paid great attention. Recently, Nikooghadam et al. pointed out that Kumari et al.'s protocol can neither resist off-line guessing attack nor preserve user anonymity. Moreover, the authors also proposed an authentication supportive session initial protocol, claiming to resist various vulnerability attacks. Unfortunately, this paper proves that the authentication protocols of Kumari et al. and Nikooghadam et al. have neither the ability to preserve perfect forward secrecy nor the ability to resist key-compromise impersonation attack. In order to remedy such flaws in their protocols, we design a lightweight authentication protocol using elliptic curve cryptography. By way of informal security analysis, it is shown that the proposed protocol can both resist a variety of attacks and provide more security. Afterward, it is also proved that the protocol is resistant against active and passive attacks under Dolev-Yao model by means of Burrows-Abadi-Needham logic (BAN-Logic), and fulfills mutual authentication using Automated Validation of Internet Security Protocols and Applications (AVISPA) software. Subsequently, we compare the protocol with the related scheme in terms of computational complexity and security. The comparative analytics witness that the proposed protocol is more suitable for practical application scenarios.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권3호
• /
• pp.1119-1143
• /
• 2014

Lightweight trust mechanism with lightweight cryptographic primitives has emerged as an important mechanism in resource constraint wireless sensor based mobile devices. In this work, outlier detection in lightweight Mobile Ad-hoc NETworks (MANETs) is extended to create the space of reliable trust cycle with anomaly detection mechanism and minimum energy losses [1]. Further, system is tested against outliers through detection ratios and anomaly scores before incorporating virtual programmable nodes to increase the efficiency. Security in proposed system is verified through ProVerif automated toolkit and mathematical analysis shows that it is strong against bad mouthing and on-off attacks. Performance of proposed technique is analyzed over different MANET routing protocols with variations in number of nodes and it is observed that system provide good amount of throughput with maximum of 20% increase in delay on increase of maximum of 100 nodes. System is reflecting good amount of scalability, optimization of resources and security. Lightweight modeling and policy analysis with lightweight cryptographic primitives shows that the intruders can be detection in few milliseconds without any conflicts in access rights.