Tieyan Li

Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol

In this paper, we analyze the security vulnerabilities of EMAP, an efficient RFID mutual authentication protocol recently proposed by Peris-Lopez et al. (2006). We present two effective attacks, a de-synchronization attack and a full-disclosure attack, against the protocol. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. The latter completely compromises a tag by extracting all the secret information stored in the tag. The de-synchronization attack can be carried out in just round of interaction in EMAP while the full-disclosure attack is accomplished across several runs of EMAP. We also discuss ways to counter the attacks

Highly reliable trust establishment scheme in ad hoc networks

Securing ad hoc networks in a fully self-organized way is effective and light-weight, but fails to accomplish trust initialization in many trust deficient scenarios. To overcome this problem, this paper aims at building well established trust relationships in ad hoc networks without relying on any pre-defined assumption. We propose a probabilistic solution based on distributed trust model. A secret dealer is introduced only in the system bootstrapping phase to complement the assumption in trust initialization. With it, much shorter and more robust trust chains are able to be constructed with high probability. A fully self-organized trust establishment approach is then adopted to conform to the dynamic membership changes. The simulation results on both static and dynamic performances show that our scheme is highly resilient to dynamic membership changing and scales well. The lack of initial trust establishment mechanisms in most higher level security solutions (e.g. key management schemes, secure routing protocols) for ad hoc networks makes them benefit from our scheme.

RFID privacy: relation between two notions, minimal condition, and efficient construction

Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the unpredictability of the output of a protocol, denoted as unp-privacy. In this paper, the definition of unp-privacy is refined and the relation between the two notions is clarified: it is proven that ind-privacy is weaker than unp-privacy. Moreover, the minimal (necessary and sufficient)condition on RFID tags to achieve unp-privacy is determined. It is shown that if an RFID system has strong (or weak) unp-privacy then the computational power of an RFID tag can be used to construct a pseudorandom function family provided that the RFID system is complete and sound. On the other hand, if each tag is able to compute a pseudorandom function, then the tags can be used to construct an RFID system with strong (or weak) unp-privacy. In this sense, a pseudorandom function family is the minimal requirement on an RFID tags computational power for enforcing strong RFID system privacy. Finally, a new RFID protocol is proposed to satisfy the minimal requirement, which also outperforms the state-of-the-art RFID protocols in terms of computational cost and communication overhead.

Insights into Malware Detection and Prevention on Mobile Phones

The malware threat for mobile phones is expected to increase with the functionality enhancement of mobile phones. This threat is exacerbated with the surge in population of smart phones instilled with stable Internet access which provides attractive targets for malware developers. Prior research on malware protection has focused on avoiding the negative impact of the functionality limitations of mobile phones to keep the performance cost within the limitations of mobile phones. Being different, this paper investigates the positive impact of these limitations on suppressing the development of mobile malware. We study the state-of-the-art mobile malware, as well as the progress of academic research and industrial effort against mobile malware. Our study shows that the functionality limitations of mobile phones should be considered as advantages as they have significant impact on shrinking the living space of mobile malware. From this perspective, we propose and analyze three potential directions for effective malware detection and prevention on mobile phones.

Providing Stronger Authentication at a Low Cost to RFID Tags Operating under the EPCglobal Framework

In 2006, EPCglobal and the International Organization for Standards (ISO) ratified the EPC Class-1 Generation-2 (Gen-2) standard and the ISO 18000 standard respectively. These efforts represented major advancements in the direction of universal standardization for low-cost RFID tags. However, a cause for concern is that security issues do not seem to be properly addressed in these standards. In this paper, we propose a new lightweight RFID tag-reader mutual authentication scheme for use under the EPCglobal framework. The scheme is based on previous work by Konidala and Kim. We attempt to mitigate the weaknesses observed in the original scheme, and at the same time, consider other possible adversarial threats, as well as constraints on low-cost RFID tags requirements.

Classify encrypted data in wireless sensor networks

End-to-end security mechanisms, like SSL, may seriously limit the capability of in-network processing that is the most critical function in sensor networks. Supporting in-network processing can significantly improve the performance of extremely resource-constrained sensor networks featuring many-to-one traffic patterns. How to protect the traffic and support in-network processing at the same time is an open problem. The paper tackles the problem by proposing a model for categorizing encrypted messages in wireless sensor networks. A classifier, an intermediate sensor node in our setting, is embedded with a set of searching keywords in encrypted format. Upon receiving an encrypted message, it matches the message with the keywords and then processes the message based on certain policies such as forwarding the original message to the next hop, updating and forwarding it or simply dropping it on detecting a duplicate. The messages are encrypted before being sent out and decrypted only at their destinations. Although the intermediate classifiers can categorize the messages, except for several encrypted keywords, they learn nothing about the encrypted messages, not even statistical information. The scheme is efficient, flexible and resource saving. The performance analysis shows that the computational cost and communication cost are minimized. Furthermore, it is resilient to node capture attack and many other kinds of attacks. We are prototyping the model on our mote testbed.

Quasi-linear cryptanalysis of a secure RFID ultralightweight authentication protocol

In 2010, Yeh, Lo and Winata [1] proposed a process-oriented ultralightweight RFID authentication protocol. This protocol is claimed to provide strong security and robust privacy protection, while at the same time the usage of resources on tags is optimized. Nevertheless, in this paper we show how the protocol does not achieve any of its intended security objectives; the main result is that the most valuable information stored on the tag, that is, the static identifier ID, is easily recovered even by a completely passive attacker in a number of ways. More precisely, we start by presenting a traceability attack on the protocol that allows tags to be traced. This essentially exploits the fact that the protocol messages leak out at least one bit of the static identifier. We then present a passive attack (named Norwegian attack) that discloses ⌊log2 L⌋ bits of the ID, after observing roughly O(L) authentication sessions. Although this attack may seem less feasible in retrieving the full 96-bits of the ID due to the large number of eavesdropped sessions involved, it is already powerful enough to serve as a basis for a very effective traceability attack. Finally, our last attack represents a step forward in the use of a recent cryptanalysis technique (called Tango attack [2]), which allows for an extremely efficient full disclosure attack, capable of revealing the value of the whole ID after eavesdropping only a very small number of sessions.

Weaknesses in two recent lightweight RFID authentication protocols

The design of secure authentication solutions for low-cost RFID tags is still an open and quite challenging problem, though many algorithms have been published lately. In this paper, we analyze two recent proposals in this research area. First, Mitras scheme is scrutinized, revealing its vulnerability to cloning and traceability attacks, which are among the security objectives pursued in the protocol definition [1]. Later, we show how the protocol is vulnerable against a full disclosure attack after eavesdropping a small number of sessions. Then, we analyze a new EPC-friendly scheme conforming to EPC Class-1 Generation-2 specification (ISO/IEC 180006-C), introduced by Qingling and Yiju [2]. This proposal attempts to correct many of the well known security shortcomings of the standard, and even includes a BAN logic based formal security proof. However, notwithstanding this formal security analysis, we show that Qingling et al.s protocol offers roughly the same security as the standard they try to improve, is vulnerable to tag and reader impersonation attacks, and allows tag traceability.

A software-based root-of-trust primitive on multicore platforms

Software-based root-of-trust has been proposed to overcome the disadvantage of hardware-based root-of-trust, which is the high cost in deployment and upgrade (when vulnerabilities are discovered). However, prior research on software-based root-of-trust only focuses on uniprocessor platforms. The essential security properties of such software-based root-of-trust, as analyzed and demonstrated in our paper, can be violated on multicore platforms. Since multicore processors are becoming increasingly popular, it is imperative to explore the feasibility of software-based root-of-trust on them. In this paper, we analyze the challenges of designing software-based root-of-trust on multicore platforms and present two practical attacks that utilize the parallel computing capability to break the existing schemes. We then propose a timing-based primitive, called MT-SRoT, as the first step towards software-based root-of-trust on multicore platforms. MT-SRoT is able to ensure untam-pered execution of a critical security task, such as remote software attestation, on homogeneous shared-memory multicore platforms without the support of tamper-resistant hardware. We implement MT-SRoT and show its effectiveness on both Intel dual-core and quad-core processors.

Dynamic Access Control for Multi-privileged Group Communications

Recently, there is an increase in the number of group communication applications which support multiple service groups of different access privileges. Traditional access control schemes for group applications assume that all the group members have the same access privilege and mostly focus on how to reduce rekeying messages upon user joining and leaving. Relatively little research effort has been spent to address security issues for group communications supporting multiple access privileges. In this paper, we propose a dynamic access control scheme for group communications which support multiple service groups with different access privileges. Our scheme allows dynamic formation of service groups and maintains forward/backward security when users switch service groups.