Mustapha Benssalah

Security enhancement of the authenticated RFID security mechanism based on chaotic maps

With the fast growth of the automatic authentication and asset tracking usage in a wide variety of applications in different fields, government, logistics, transportation and retail are among the most supportive of the radio-frequency identification (RFID) market. Security is a crucial issue and must be addressed seriously. RFID security must meet the public demand of data protection. Recently, several lightweight RFID authentication protocols conforming to the EPCglobal Class 1 Generation 2 (EPC C1-G2) standard have been proposed. In this paper, we present efficient attacks against the authenticated RFID security mechanism of Chang et al. based on Chebyshev chaotic maps, which is the first solution that adopted the chaos in the RFID authentication process. It turns out that this protocol has fundamental weaknesses that can be used by an adversary to break the system. We will show that this protocol is vulnerable to tracking attack, secret disclosure attack, impersonation attack and desynchronization attack. The proposed attack techniques are in light of two flaws related to the message generation and the shared-secret update process, which are not neatly scrutinized. Then, we propose an improved RFID authentication protocol based on the Chebyshev chaotic map hard problem, conforming to the EPC C1-G2 standard with more flexibility, security and mobility for the RFID application. Copyright

Design and implementation of a new active RFID authentication protocol based on elliptic curve encryption

RFID (radio frequency identification) is an efficient automatic identification technology used in a wide variety of applications and more recently as a leading authentication technology in many security services. However, the wireless nature of the transmitted data causes various security issues that must be addressed decisively. To solve these issues, numerous solutions and attempts have been proposed in the literature using several cryptographic primitives. Yet, it is still uncertain about the practicability of a significant number of these protocols, as their hardware implementation has not received much attention. In this paper, we deal with an efficient FPGA implementation and validation of an RFID authentication protocol based on elliptic curve (ECC) encryption scheme. As far as we know, this is the first FPGA implementation of an RFID authentication protocol based on ECC-ElGamal encryption. We believe that the proposed design architecture will bring a new clarity to others ECC-based protocols architectures. In addition, we illustrate the effectiveness of the implemented architecture in the car key systems.

RFID authentication protocols based on ECC encryption schemes

In this paper, we propose a new RFID authentication protocol based on elliptic curves ElGamal encryption schemes. The proposed protocol needs two passes, requires only scalar point multiplications operation and can resist to various kinds of attacks such as man-in-the-middle attack, simple power analysis, and replay attacks.These features make it very attractive to low cost RFID applications, such as the biometric passport active authentication (AA) for example. The proposed protocol is tested and simulated in c ≠ language for several NIST recommended curves over GF(p) (p = 112; 128; 160; 192 and 256 bits).

Security Analysis and Enhancement of the Most Recent RFID Authentication Protocol for Telecare Medicine Information System

Radio frequency identification (RFID) technology has been used in a wide variety of applications, more recently as a leading identification technology in healthcare environments. In the most recent years, this technology is adopted for telecare medicine information system (TMIS) for authentication, safety, security, data confidentiality and patient’s privacy protection over public networks. TMIS is the bridge between patients at home and doctors at healthcare organizations that permits to confirm the correctness of exchanged information between different actors of the system. Recently, several RFID authentication schemes have been presented and suggested for the TMIS in the literature. These schemes try to resolve the security and privacy problems over insecure healthcare networks environments by exploiting different cryptographic primitive’s solutions. In this paper, we analyze in depth the security of the most recent proposed protocol for TMIS in the literature and find out its main vulnerabilities. The proposed attacks are possible due to some weaknesses related to the misuse of the timestamp technique, the calculation of the reader request and tag response messages using the one-way hash function, which are not attentively scrutinized. Furthermore, we propose an efficient and robust improved mobile authentication protocol with high efficiency and security for TMIS. The performance analysis shows that our improved protocol could solve security weaknesses of the studied protocol and provide mobility, efficiency and is well-suited to adoption for TMIS.

Dual cooperative RFID-telecare medicine information system authentication protocol for healthcare environments

Radio Frequency IDentification (RFID) technology is used in a wide variety of applications, more recently as a leading identification technology in healthcare environments. In the most recent years, this technology has been adopted for telecare medicine information system (TMIS) for authentication, safety, security, data confidentiality, and patients privacy protection over public networks. TMIS is the bridge between patients at home and doctors at healthcare organizations that permits to validate the correctness of exchanged information between different actors of the system. Recently, several RFID and smart cards authentication schemes have been presented and suggested for the TMIS in the literature. These schemes try to resolve the security and privacy problems over insecure healthcare network environments by exploiting different cryptographic primitives solutions. In this paper, we first highlighted the vulnerabilities of the most recent proposed protocol for TMIS in the literature and proposed attacks based on the weaknesses related to the misuse of the timestamp technique, the calculation of the reader request and tag response messages using the one-way hash function, which are not attentively scrutinized. Second, we propose an efficient dual RFID-TMIS mobile authentication protocol with high efficiency and security for healthcare systems. Our proposal is an improvement and extension of the protocol of Li et al., where we propose to associate the RFID technology with TMIS in the same authentication system to take advantages of both these two promising technologies. The performance analysis shows that our improved protocol could solve security weaknesses of the studied protocol and provide mobility, efficiency and is well suited for TMIS adoption in remote areas and low population density. Copyright

Efficient ECC implementation architecture suitable for RFID technology

In this paper, we provide an investigation on the feasibility of embedding the ECC authentication service in RFID chip-set. Thus, we deal with the implementation of the most costly operation, which is the scalar point multiplication. It is also considered as the core of the security of the ECC protocols. Two architectures are studied and implemented using the Montgomery algorithm adopting the affine and projective coordinates. According to the obtained results, we show that the scalar point multiplication implementation using affine coordinates is efficient in terms of speed and area than the projective coordinates architecture.

Towards a complete chaotic map‐based mobile RFID authentication protocol with efficient anticollision tag indexing

Radio frequency identification technology is one of the modern popular emerging technologies proven to advance a wide range of applications in both academia and industry. However, potential security risks, privacy issues, and efficiency are still open challenges that must be addressed seriously to achieve enhanced protection. In this paper, we show that the Akgun et al. protocol remains unsafe and imperfect in terms of the security issue and database identification efficiency. We, first, demonstrate that the Akgun et al. protocol suffers from a stolen/lost reader attack, which could expose users to some life threatening situations and unwanted collection of sensitive private information. Second, we found that all indexing identification-based protocols and exceptionally the Akgun et al. protocol cannot be used properly when the collision of tag index occurs, which exhibits a low efficiency in the database entry identification process. As the Akgun et al. protocol is almost perfect, it is worthy to be enhanced. Therefore, towards a complete and secure mobile radio frequency identification authentication protocol, we propose efficient solutions that could overcome the aforementioned security problem and offer high identification efficiency using efficient anticollision procedure based on dynamic linked list data structure principle. Via informal and formal security analysis, we show that the improved version is insensitive to the most common attacks and is more efficient than the existing schemes in the literature. Copyright

Pseudo-random sequence generator based on random selection of an elliptic curve

Pseudo-random numbers generators (PRNG) are one of the main security tools in Radio Frequency IDentification (RFID) technology. Thus, a weak internal embedded generator can directly cause the entire application to be insecure and it makes no sense to employ robust protocols for the security issue. In this paper, we propose a new PRNG constructed by randomly selecting points from two elliptic curves, suitable for ECC based applications. The main contribution of this work is the increasing of the generator internal states by extending the set of its output realizations to two curves randomly selected. The main advantages of this PRNG in comparison to previous works are the large periodicity, a better distribution of the generated sequences and a high security level based on the elliptic curve discrete logarithm problem (ECDLP). Further, the proposed PRNG has passed the different Special Publication 800-22 NIST statistical test suite. Moreover, the proposed PRNG presents a scalable architecture in term of security level and periodicity at the expense of increasing the computation complexity. Thus, it can be adapted for ECC based cryptosystems such as RFID tags and sensors networks and other applications like computer physic simulations, and control coding.

Design and implementation of passive UHF RFID system

In this paper, the implementation of passive UHF RFID, using Agilent Advanced Design System, is constructed. The implementation of this system is divided into two main parts, the reader part and the tag part. The architecture of each part is described in details and is implemented. During the design process, we propose models for building blocks of different encoding types used in RFID system. A dipole reader antenna, with a center frequency of 915 MHz is also proposed and designed. Finally, we present some implementation results.