Dang Nguyen Duc

Defending RFID authentication protocols against DoS attacks

In this paper, we present a security weakness of a forward secure authentication protocol proposed by Tri Van Le et al. called O-FRAP which stands for Optimistic Forward secure RFID Authentication Protocol. In particular, we point out that in the O-FRAP protocol, the server can be subject to a denial-of-service attack due to a flaw in the database querying procedure. Our attack also applies to a simplified version of O-FRAP called O-RAP (Optimistic RFID Authentication Protocol) which is essentially O-FRAP but without a secret key updating procedure (and thus forward security). We then propose two improved protocols called O-FRAP^+ and O-RAP^+ which prevent the said denial-of-service attack. In addition, the O-FRAP^+ protocol also addresses two security weaknesses of O-FRAP pointed out earlier by Khaled and Raphael. In terms of performance, comparing to O-FRAP, O-FRAP^+ requires a few more computational steps but much less storage at the back-end server.

A Forward-Secure Blind Signature Scheme Based on the Strong RSA Assumption

Key exposures bring out very serious problems in security services. Especially, it is more severe in the applications such as electronic cash or electronic payment where money is directly involved. Forward secrecy is one of the security notions addressing the key exposure issues. Roughly speaking, forward secrecy is aimed to protect the validity of all actions using the secret key before the key exposure. In this paper, we investigate the key exposure problem in blind signature (with an application to the electronic cash in mind) and propose a blind signature scheme which guarantees forward secrecy. Our scheme is constructed from the provably secure Okamoto-Guillou-Quisquater (OGQ for short) blind signature scheme. Using the forking lemma by Pointcheval and Stern [4], we can show the equivalence between the existence of a forger with the solvability of the strong RSA problem. Further we show that our scheme introduces no significant communication overhead comparing with the original OGQ scheme.

Open issues in RFID security

RFID security is a relatively new research area. Within less than a decade, a large number of research papers dealing with security issues of RFID technology have appeared. In this paper we attempt to summarize current research works in the field of RFID security and discuss some of their open issues. Firstly, we outline the security threats to RFID, then we summarize some of the current counter-measures and finally, we draw attention to the open issues and challenges in RIFD security.

A survey on RFID security and provably secure grouping-proof protocols

RFID security is a relatively new research area. Within less than a decade, a large number of research papers dealing with security issues of RFID technology have appeared. In the first part of this paper, we attempt to summarise current research in the field of RFID security and discuss some of their open issues. In the second part of this paper, we address some of the open problems we suggested in the first part. In particular, we deal with scalability problem of existing grouping-proof protocols for RFID tags. In addition, we also present the first security definition for a secure grouping-proof protocol for RFID tags. The definition is then used to analyse the security of our proposed grouping-proof protocol which employs a (n, n)-secret sharing scheme to solve the scalability problem of previous protocols.

A capability-based privacy-preserving scheme for pervasive computing environments

In a pervasive computing environment, users interact with many smart devices or service providers (SPs) to obtain some useful services from them. These SPs can be either genuine or malicious. As a result, users privacy is at a greater risk, as they are prone to revealing their location, identity and transactions information to such SPs. On the other hand, user authentication is also required for SPs to provide service access control to only authorized users. In order to protect users privacy, they must be allowed to have anonymous interactions with SPs. But, authenticating and authorizing an anonymous user becomes a challenging task. In this paper, we propose a simple and efficient scheme that allows users to anonymously interact with SPs and the SPs can effectively authenticate and authorize the users based on the anonymous information submitted by the users.

Enhancing Security of Class I Generation 2 RFID against Traceability and Cloning

In this whitepaper, we present a synchronization-based communication protocol for EPCglobal Class-1 Gen-2 RFID devices. The Class-1 Gen-2 RFID tag supports only simple cryptographic primitives like Pseudo-random Number Generator (PRNG) and Cyclic Redundancy Code (CRC). Our protocol is secure in a sense that it prevents the cloned tags and malicious readers from impersonating and abusing legitimate tags, respectively. In addition, our protocol provides that each RFID tag emits a different bit string (pseudonym) or meta-ID when receiving each and every reader’s query. Therefore, it makes tracking activities and personal preferences of tag’s owner impractical to provide the user’s privacy.