Mete Akgün

New Results on the Key Scheduling Algorithm of RC4

A new bias is detected in the key scheduling algorithm of RC4 and a novel framework that advantageously combines this new bias with the existing ones is proposed. Using the new bias, a different algorithm is proposed to retrieve the RC4 key given the state table. The new method not only improves the success probability but also provides a more efficient way of calculation in comparison with the previous methods for any key size. The efficiency of the algorithm is demonstrated experimentally. If the key length is 40 bits, the secret key is retrieved with a 99% success rate in 0.007 seconds. The success probability for retrieving the 128 bit RC4 key is also increased significantly. 128-bit key can be retrieved with 3% success rate in 185 seconds and 7.45% success rate in 1572 seconds on a 2.67GHz Intel CPU.

Privacy preserving processing of genomic data

Recently, the rapid advance in genome sequencing technology has led to production of huge amount of sensitive genomic data. However, a serious privacy challenge is confronted with increasing number of genetic tests as genomic data is the ultimate source of identity for humans. Lately, privacy threats and possible solutions regarding the undesired access to genomic data are discussed, however it is challenging to apply proposed solutions to real life problems due to the complex nature of security definitions. In this review, we have categorized pre-existing problems and corresponding solutions in more understandable and convenient way. Additionally, we have also included open privacy problems coming with each genomic data processing procedure. We believe our classification of genome associated privacy problems will pave the way for linking of real-life problems with previously proposed methods.

Lab-on-a-chip based biosensor for the real-time detection of aflatoxin.

Polymers were synthesized and utilized for aflatoxin detection coupled with a novel lab-on-a-chip biosensor: MiSens and high performance liquid chromatography (HPLC). Non-imprinted polymers (NIPs) were preferred to be designed and used due to the toxic nature of aflatoxin template and also to avoid difficult clean-up protocols. Towards an innovative miniaturized automated system, a novel biochip has been designed that consists of 6 working electrodes (1mm diameter) with shared reference and counter electrodes. The aflatoxin detection has been achieved by a competition immunoassay that has been performed using the new biochips and the automated MiSens electrochemical biosensor device. For the assay, aflatoxin antibody has been captured on the Protein A immobilized electrode. Subsequently the sample and the enzyme-aflatoxin conjugate mixture has been injected to the electrode surfaces. The final injection of the enzyme substrate results in an amperometric signal. The sensor assays for aflatoxin B1 (AFB1) in different matrices were also performed using enzyme link immunosorbent assay (ELISA) and HPLC for confirmation. High recovery was successfully achieved in spiked wheat samples using NIP coupled HPLC and NIP coupled MiSens biosensor [2ppb of aflatoxin was determined as 1.86ppb (93% recovery), 1.73ppb (86.5% recovery), 1.96ppb (98% recovery) and 1.88ppb (94.0% recovery) for immunoaffinity column (IAC)-HPLC, NIP-HPLC, Supel™ Tox SPE Cartridges (SUP)-HPLC and NIP-MiSens, respectively]. Aflatoxin detection in fig samples were also investigated with MiSens biosensor and the results were compared with HPLC method. The new biosensor allows real-time and on-site detection of AFB1 in foods with a rapid, sensitive, fully automated and miniaturized system and expected to have an immense economic impact for food industry.

PUF Based Scalable Private RFID Authentication

In this paper, we propose a privacy-preserving authentication scheme for RFID systems with fast lookup time. Our solution is based on the use of Physically Unclonable Functions (PUFs). Although there are many proposals that addresses the security and privacy issues of RFID, the search efficiency still remains as a challenging issue. A first treebased mutual authentication scheme for RFID systems has been proposed by Molnar and Wagner to solve the search efficiency problem. The large communication overhead of this scheme has been reduced by Dimitriou performing the authentication with one message from the tag to the reader. However, tree-based schemes are vulnerable to tag compromising attack due to lack key-updating mechanism. Therefore, tree-based schemes are weak private in the Vaudenay-Model. In this paper, we present a tree-based authentication protocol for RFID systems that is destructive-private in the Vaudenay-Model. Our proposed scheme provides resistance against tag compromising attack by using PUFs as a secure storage to keep secrets of the tag. Keywords-RFID; Security; Privacy; Authentication; PUF;

A fully automated microfluidic-based electrochemical sensor for real-time bacteria detection

A fully automated microfluidic-based electrochemical biosensor was designed and manufactured for pathogen detection. The quantification of Escherichia coli was investigated with standard and nanomaterial amplified immunoassays in the concentration ranges of 0.99 × 1043.98 × 109 cfu mL-1 and 103.97 × 107 cfu mL-1 which resulted in detection limits of 1.99 × 104 cfu mL-1 and 50 cfu mL-1, respectively. The developed methodology was then applied for E. coli quantification in water samples using nanomaterial modified assay. Same detection limit for E. coli was achieved for real sample analysis with a little decrease on the sensor signal. Cross-reactivity studies were conducted by testing Shigella, Salmonella spp., Salmonella typhimurium and Staphylococcus aureus on E. coli specific antibody surface that confirmed the high specificity of the developed immunoassays. The sensor surface could be regenerated multiple times which significantly reduces the cost of the system. Our custom-designed biosensor is capable of detecting bacteria with high sensitivity and specificity, and can serve as a promising tool for pathogen detection.

Attacks and improvements to chaotic map-based RFID authentication protocol

Because of its low cost and ease of deployment, radio frequency identification RFID technology offers great potential for all applications that require identification. Main obstacle for wide adoption of this technology is the concerns about its security and privacy issues. Many RFID authentication protocols have been proposed to provide desired security and privacy level for RFID systems. Recently, Benssalah et al. have proposed a chaotic map-based RFID security protocol. In this paper, we analyze the security of this protocol and discover its vulnerabilities. We show that message generation arises some weaknesses, and this protocol is vulnerable to tracking, tag impersonation, and de-synchronization attacks. The success probabilities of the proposed attacks are significant, and their complexities are polynomial. Furthermore, we propose an RFID authentication protocol. Our protocol utilizes the Chebyshev chaotic map hard problem and conforms to the EPCglobal Class 1 Generation 2 EPC C1-G2 standard. Our protocol eliminates the weaknesses of the protocol of Benssalah et al. Copyright

A new RFID authentication protocol with resistance to server impersonation

Security is one of the main issues to adopt RFID technology in daily use. Due to resource constraints of RFID systems, it is very restricted to design a private authentication protocol based on existing cryptographic functions. In this paper, we propose a new RFID authentication protocol. The proposed protocol provides better protection against privacy and security threats than those before. Our proposed protocol is resistant to server impersonation attack introduced in [17]. Former proposal assumes that the adversary should miss any reader-to-tag communication flows and claims that their protocol is secure against forward traceability only in such communication environment. We show that even under such an assumption, the former proposed protocol is not secure. Our proposed protocol is secure against forward traceability, if the adversary misses any reader-to-tag communication flows. Our protocol also has low computational load on both the tag and the server side.

Secure RFID Authentication with Efficient Key-Lookup

In this paper, we analyze storage awareness RFID authentication protocol based on sparse tree structure (SAPA), which provides backward untraceability and reduces the space for storing key sequence. We discover that SAPA does not provide location and information privacy between successful authentication sessions and does not resist denial of service attacks, forward traceability, and server impersonation. We analyze the weaknesses of SAPA and propose a new RFID authentication protocol. The proposed protocol provides better protection against privacy and security threats than those before. Our proposed protocol provides tag information privacy and tag location privacy, and resists replay attacks, denial of service attacks, backward traceability, forward traceability (under an assumption), and server impersonation with an efficient key-lookup. Furthermore, our protocol has the least computation and communication load on both the tag and the server side compared to other tree based protocols.

Vulnerabilities of RFID Security Protocol Based on Chaotic Maps

Many RFID authentication protocols have been proposed to provide desired security and privacy level for RFID systems. Almost all of these protocols are based on symmetric cryptography because of the limited resources of RFID tags. Recently Cheng et. Al have proposed an RFID security protocol based on chaotic maps. In this paper, we analyse the security of this protocol and discover its vulnerabilities. We firstly present a de-synchronization attack in which a passive adversary makes the shared secrets out-of-synchronization by eavesdropping just one protocol session. We secondly present a secret disclosure attack in which a passive adversary extracts secrets of a tag by eavesdropping just one protocol session. An adversary having the secrets of the tag can launch some other attacks. Finally, we propose modifications to Cheng et. Als protocol to eliminate its vulnerabilities.

Towards Scalable Identification in RFID Systems

The search efficiency of radio frequency identification (RFID) protocols remains a challenging issue. There are many proposals that address the security and privacy issues of RFID, but most of them require reader work that is linear with the number of tags. Some proposals use a tree-based approach to solve the search efficiency problem. The tree-based approach reduces the search complexity from