Chris J. Mitchell

RFID authentication protocol for low-cost tags

In this paper, we investigate the possible privacy and security threats to RFID systems, and consider whether previously proposed RFID protocols address these threats. We then propose a new authentication protocol which provides the identified privacy and security features and is also efficient. The new protocol resists tag information leakage, tag location tracking, replay attacks, denial of service attacks, backward traceability, forward traceability (under an assumption), and server impersonation (also under an assumption). We also show that it requires less tag-side storage and computation than other similarly structured RFID protocols.

A taxonomy of single sign-on systems

At present, network users have to manage one set of authentication credentials (usually a username/password pair) for every service with which they are registered. Single Sign-On (SSO) has been proposed as a solution to the usability, security and management implications of this situation. Under SSO, users authenticate themselves only once and are logged into the services they subsequently use without further manual interaction. Several architectures for SSO have been developed, each with different properties and underlying infrastructures. This paper presents a taxonomy of these approaches and puts some of the SSO schemes, services and products into that context. This enables decisions about the design and selection of future approaches to SSO to be made within a more structured context; it also reveals some important differences in the security properties that can be provided by various approaches.

Key storage in secure networks

Abstract In this paper the key storage problem associated with the provision of secure communications between every pair of users in a large network is described, and a possible method of alleviating the problem is discussed. This method, based on the use of finite incidence structures with special properties called key distribution patterns, is shown to generalize earlier work in the area. The more general formulation of the storage saving scheme contained here enables use to made of the extensive body of knowledge already existing on the theory of block designs. From this theory we are able to extract a number of new families of examples of potentially useful key distribution systems.

Scalable RFID security protocols supporting tag ownership transfer

We identify privacy, security and performance requirements for radio frequency identification (RFID) protocols, as well as additional functional requirements such as tag ownership transfer. Many previously proposed protocols suffer from scalability issues because they require a linear search to identify or authenticate a tag. In support of scalability, some RFID protocols, however, only require constant time for tag identification, but, unfortunately, all previously proposed schemes of this type have serious shortcomings. We propose a novel scalable RFID authentication protocol based on the scheme presented in Song and Mitchell (2009) [1], that takes constant time to authenticate a tag. We also propose secret update protocols for tag ownership and authorisation transfer. The proposed protocols possess the identified privacy, security and performance properties and meet the requirements for secure ownership transfer identified here.

Comments on the S/KEY user authentication scheme

We give a critical analysis of the security properties of the S/KEY user authentication system.

A Proposed Architecture for Trusted Third Party Services

In this paper we propose a novel solution to the problem of providing trusted third party services, such as the management of cryptographic keys for end-to-end encryption, in a way that meets legal requirements for warranted interception. Also included is a discussion of what might be a reasonable set of requirements for international provision of such services, as well as some analysis of the cryptographic properties of the architecture and how it might operate in practice.

Authentication protocols for mobile network environment value-added services

The secure provision of mobile computing and telecommunication services is rapidly increasing in importance as both demand and applications for such services continue to grow. This paper is concerned with the design of public key based protocols suitable for application in upcoming third-generation mobile systems such as the Universal Mobile Telecommunications Service. Candidate protocols are considered for the authentication of a mobile user to a value-added service provider with initialization of a mechanism enabling payment for the value-added service. A set of goals for such a protocol are identified, as are a number of generic attacks; these goals and attacks are then used to evaluate the suitability of seven candidate third-generation user-to-network authentication protocols. Many of these candidate protocols are shown to have highly undesirable features.

Reputation methods for routing security for mobile ad hoc networks

Mobile ad hoc networks have inherently very different properties to conventional networks. These new characteristics present major security vulnerabilities; in particular, one side effect of the unique way in which routing protocols operate in ad hoc networks is that many new threats arise. Selfish nodes are those which do not perform certain operations that the protocol specifies that they should, through a wish to conserve power. Malicious nodes may deliberately disrupt the network using a variety of attacks. The paper discusses reputation mechanisms which have been suggested as a means to mitigate the detrimental effect of selfish and malicious nodes. The paper reveals reasons why complex reputation systems may be too inefficient to use in a mobile ad hoc network, where resources are limited. However, suggestions are also made to show how a simple reputation system might be used to enhance the robustness of ad hoc networks.

Enumerating boolean functions of cryptographic significance

In this paper we describe applications of functions from GF(2)m onto GF(2)n in the design of encryption algorithms. If such a function is to be useful it must satisfy a set of criteria, the actual definition of which depends on the type of encryption technique involved. This in turn means that it is important to ensure that the selected criteria do not restrict the choice of function too severely, i.e., the set of functions must be enumerated. We discuss some of the possible sets of criteria and then give partial results on the corresponding enumeration problems. Many open problems remain, some of them corresponding to well-known hard enumeration questions.

Single Sign-On using Trusted Platforms

At present, network users have to remember a username and a corresponding password for every service with which they are registered. One solution to the security and usability implications of this situation is Single Sign-On, whereby the user authenticates only once to an ‘Authentication Service Provider’ (ASP) and subsequently uses disparate Service Providers (SPs) without necessarily re-authenticating. The information about the user’s authentication status is handled between the ASP and the desired SP transparently to the user. This paper describes a method by which the end-user’s computing platform itself plays the role of the ASP. The platform has to be a Trusted Platform conforming to the Trusted Computing Platform Alliance (TCPA) specifications. The relevant TCPA architectural components and security services are described and associated threats are analysed.