Süleyman Kardaş

A framework for analyzing RFID distance bounding protocols

Many distance bounding protocols appropriate for the RFID technology have been proposed recently. Unfortunately, they are commonly designed without any formal approach, which leads to inaccurate analyzes and unfair comparisons. Motivated by this need, we introduce a unified framework that aims to improve analysis and design of distance bounding protocols. Our framework includes a thorough terminology about the frauds, adversary and prover, thus disambiguating many misleading terms. It also explores the adversarys capabilities and strategies, and addresses the impact of the provers ability to tamper with his device. It thus introduces some new concepts in the distance bounding domain as the black-box and white-box models, and the relation between the frauds with respect to these models. The relevancy and impact of the framework is finally demonstrated on a study case: Munilla-Peinado distance bounding protocol.

A novel RFID distance bounding protocol based on physically unclonable functions

Radio Frequency Identification (RFID) systems are vulnerable to relay attacks (i.e., mafia, terrorist and distance frauds) when they are used for authentication purposes. Distance bounding protocols are particularly designed as a countermeasure against these attacks. These protocols aim to ensure that the tags are in a distant area by measuring the round-trip delays during a rapid challenge-response exchange of short authenticated messages. Terrorist fraud is the most challenging attack to avoid, because a legitimate user (a tag owner) collaborates with an attacker to defeat the authentication system. Many RFID distance bounding protocols have been proposed recently, with encouraging results. However, none of them provides the ideal security against the terrorist fraud. Motivated by this need, we first introduce a strong adversary model for Physically Unclonable Functions (PUFs) based authentication protocol in which the adversary has access to volatile memory of the tag. We show that the security of Sadeghi et al. s PUF based authentication protocol is not secure in this model. We provide a new technique to improve the security of their protocol. Namely, in our scheme, even if an adversary has access to volatile memory she cannot obtain all long term keys to clone the tag. Next, we propose a novel RFID distance bounding protocol based on PUFs which satisfies the expected security requirements. Comparing to the previous protocols, the use of PUFs in our protocol enhances the system in terms of security, privacy and tag computational overhead. We also prove that our extended protocol with a final signature provides the ideal security against all those frauds, remarkably the terrorist fraud. Besides that, our protocols enjoy the attractive properties of PUFs, which provide the most cost efficient and reliable means to fingerprint chips based on their physical properties.

PUF-enhanced offline RFID security and privacy

RFID (Radio Frequency IDentification) based communication solutions have been widely used nowadays for mobile environments such as access control for secure system, ticketing systems for transportation, and sport events. These systems usually depend on readers that are not continuously connected to a secure backend system. Thus, the readers should be able to perform their duties even in offline mode, which generally requires the management by the readers of the susceptible data. The use of RFID may cause several security and privacy issues such as traceability of tag owner, malicious eavesdropping and cloning of tags. Besides, when a reader is compromised by an adversary, the solution to resolve these issues getting worse. In order to handle these issues, several RFID authentication protocols have been recently proposed; but almost none of them provide strong privacy for the tag owner. On the other hand, several frameworks have been proposed to analyze the security and privacy but none of them consider offline RFID system. Motivated by this need, in this paper, we first revisit Vaudenays model, extend it by considering offline RFID system and introduce the notion of compromise reader attacks. Then, we propose an efficient RFID mutual authentication protocol. Our protocol is based on the use of physically unclonable functions (PUFs) which provide cost-efficient means to the fingerprint chips based on their physical properties. We prove that our protocol provides destructive privacy for tag owner even against reader attacks.

Optimal security limits of RFID distance bounding protocols

In this paper, we classify the RFID distance bounding protocols having bitwise fast phases and no final signature. We also give the theoretical security bounds for two specific classes, leaving the security bounds for the general case as an open problem. As for the classification, we introduce the notion of k-previous challenge dependent (k-PCD) protocols where each response bit depends on the current and k-previous challenges and there is no final signature. We treat the case k = 0, which means each response bit depends only on the current challenge, as a special case and define such protocols as current challenge dependent (CCD) protocols. In general, we construct a trade-off curve between the security levels of mafia and distance frauds by introducing two generic attack algorithms. This leads to the conclusion that CCD protocols cannot attain the ideal security against distance fraud, i.e. 1/2, for each challenge-response bit, without totally losing the security against mafia fraud. We extend the generic attacks to 1-PCD protocols and obtain a trade-off curve for 1-PCD protocols pointing out that 1-PCD protocols can provide better security than CCD protocols. Thereby, we propose a natural extension of a CCD protocol to a 1-PCD protocol in order to improve its security. As a study case, we give two natural extensions of Hancke and Kuhn protocol to show how to enhance the security against either mafia fraud or distance fraud without extra cost.

An Efficient and Private RFID Authentication Protocol Supporting Ownership Transfer

Radio Frequency IDentification (RFID) systems are getting pervasively deployed in many daily life applications. But this increased usage of RFID systems brings some serious problems together, security and privacy. In some applications, ownership transfer of RFID labels is sine qua non need. Specifically, the owner of RFID tag might be required to change several times during its lifetime. Besides, after ownership transfer, the authentication protocol should also prevent the old owner to trace the tags and disallow the new owner to trace old transactions of the tags. On the other hand, while achieving privacy and security concerns, the computation complexity should be considered. In order to resolve these issues, numerous authentication protocols have been proposed in the literature. Many of them failed and their computation load on the server side is very high. Motivated by this need, we propose an RFID mutual authentication protocol to provide ownership transfer. In our protocol, the server needs only a constant-time complexity for identification when the tag and server are synchronized. In case of ownership transfer, our protocol preserves both old and new owners’ privacy. Our protocol is backward untraceable against a strong adversary who compromise tag, and also forward untraceable under an assumption.

A New Security and Privacy Framework for RFID in Cloud Computing

RFID is a leading technology that has been rapidly deployed in several daily life applications that require strong security and privacy mechanisms. However, RFID systems commonly have limited computational capacity and inefficient data management. There is a demanding urge to address these issues in the light of some mechanism which can make the technology excel. Cloud computing is one of the fastest growing segments of IT industry that provides cost effective solutions for handling and using data collected with RFID. As more and more information on companies and individuals is placed in the cloud, concerns are beginning to escalate about just how safe an environment it is. Therefore, while integrating RFID into the cloud, the security and privacy of the tag owner must be considered. Motivated by this, we first provide a new security and privacy model for RFID technology integrated to the cloud computing. In this model, we define the capabilities of the adversary and give the formal definitions. After that we propose a cloud-based RFID authentication protocol to illustrate our model. The protocol utilizes symmetric-key based cryptography. We prove that the protocol achieves destructive privacy according to our model.

Bilkent news portal: a personalizable system with new event detection and tracking capabilities

1. SYSTEM OVERVIEW Multi-source news portals, a relatively new technology, receive and gather news from several Web news providers. These systems can make the news more accessible, especially by providing event-oriented groupings by detecting and tracking the first stories of previously unseen events. In this short article we briefly demonstrate the first personalizable Turkish news portal (http://newsportal.bilkent.edu.tr/Portal) that provides the following functionalities (see Figures 1 and 2).

Providing Resistance against Server Information Leakage in RFID Systems

RFID (Radio Frequency IDentification) technology has been widely used in daily life, such as in access control, electronic passports, contactless credit cards, transportation, and animal tracking. However, this technology may cause various security and privacy problems, e.g. traceability of tag owner, malicious eavesdropping of tags and cloning of tags. In order to thwart these security and privacy problems, a wide variety of authentication protocols have been proposed in the literature. All of these protocols assume that the server is secure, and it does not leak any information about the system. In this paper, we propose a novel attack on RFID systems, namely Server Information Leakage (SIL) attack. In this attack, an adversary illegally captures information from the server and sends this information to the reader in order to impersonate the tag. To the best of our knowledge, none of the existing protocols resist against this new attack. We also propose an RFID authentication protocol that provides resistance against SIL attack and other known attacks.

Examination of a New Defense Mechanism: Honeywords

Past experiences show us that password breach is still one of the main methods of attackers to obtain personal or sensitive user data. Basically, assuming they have access to list of hashed passwords, they apply guessing attacks, i.e., attempt to guess a password by trying a large number of possibilities. We certainly need to change our way of thinking and use a novel and creative approach in order to protect our passwords. In fact, there are already novel attempts to provide password protection. The Honeywords system of Juels and Rivest is one of them which provides a detection mechanism for password breaches. Roughly speaking, they propose a method for password-based authentication systems where fake passwords, i.e., “honeywords” are added into a password file, in order to detect impersonation. Their solution includes an auxiliary secure server called “honeychecker” which can distinguish a user’s real password among her honeywords and immediately sets off an alarm whenever a honeyword is used. However, they also pointed out that their system needs to be improved in various ways by highlighting some open problems. In this paper, after revisiting the security of their proposal, we specifically focus on and aim to solve a highlighted open problem, i.e., active attacks where the adversary modifies the code running on either the login server or the honeychecker.

Security and efficiency analysis of the Hamming distance computation protocol based on oblivious transfer

Bringer et al. proposed two cryptographic protocols for the computation of Hamming distance. Their first scheme uses oblivious transfer and provides security in the semi-honest model. The other scheme uses committed oblivious transfer and is claimed to provide full security in the malicious case. The proposed protocols have direct implications to biometric authentication schemes between a prover and a verifier where the verifier has biometric data of the users in plain form.