Tzu-Chang Yeh

Securing RFID systems conforming to EPC Class 1 Generation 2 standard

RFID, capable of remote automatic identification, is taking the place of barcodes to become electronic tags of the new generation. However, the information transmitted in the air could easily be intercepted and eavesdropped due to its radio transmission nature. On top of this, its prevalence has brought the stress on its security and privacy issues. EPC Class 1 Generation 2 (Gen 2) has served as the most popular standard for passive tags. Passive tags possess limited computation ability and capacity that just makes designing of the security protocol even more challenging. Researchers have proposed quite a few security protocols for RFID, but most of them are just too complicated to be implemented on Gen 2. Chien and Chen (2007) proposed a mutual authentication protocol conforming to this standard. However, it is found vulnerable to DoS attacks. Due to the bad properties of the CRC function used in the protocol, the claimed security objectives are also not met. Moreover, the database must use brute search for each tags authentication. This paper will give demonstrations on what have caused these weaknesses, and more of that, an improved protocol is also proposed which are free from worries of the problems mentioned above. The improved protocol could thus be applied in high security demanding environments.

Improvement of the RFID authentication scheme based on quadratic residues

RFID, with its capability of remote automatic identification, is taking the place of barcodes and becoming the new generation of electronic tags. However, information transmitted through the air is vulnerable to eavesdropping, interception, or modification due to its radio transmission nature; the prevalence of RFID has greatly increased security and privacy concerns. In 2008, Chen et al. proposed an RFID authentication scheme which can enhance security and privacy by using hash functions and quadratic residues. However, their scheme was found to be vulnerable to impersonation attacks. This study further demonstrates that their scheme does not provide location privacy and suffers from replay attacks. An improved scheme is also proposed which can prevent possible attacks and be applied in environments requiring a high level of security.

Securing Bluetooth Communications

Following the increasing confidentiality of data being transferred, many concerns have been raised as to whether Bluetooth transmission is adequately secure. The Bluetooth 2.1 standard introduces a new security mechanism called Secure Simple Pairing (SSP). However, to avoid man-in-the-middle attacks, SSP uses a 6-digit number for authentication. If a human error occurs while conducting visual verification, then data security could be breached. This paper presents an improved protocol to address this problem. This protocol not only secures consumer privacy, but also increases operational efficiency.

An enhanced ultralightweight RFID authentication protocol

RFID is a kind of contactless automatic identification system. As its cost declines and function extends, RFID is gradually replacing the traditional barcode systems. Low-cost RFID tags are anticipated to be widely used in our daily life. However, owing to the radio transmission nature of RFID, the information transmitted in the air could easily be eavesdropped on, intercepted, or modified. Because low-cost RFID tags are with extremely limited resources, traditional security primitives can not be incorporated well. In 2007, Chien proposed the ultralightweight strong authentication and strong integrity (SASI) protocol for low-cost and very low-cost tags. The protocol is a highly efficient RFID authentication protocol using only simple bitwise operations on tags. However, the scheme is found suffering from tracking and denial of service attacks. This paper will give demonstrations on what have caused these weaknesses, and more of that, an improved protocol is also proposed which is free from worries of those possible attacks. The improved protocol could thus be applied in environments demanding high security.

Securing Mobile Commerce Transactions

Lam, Chung, Gu and Sun (2003) proposed a lightweight security mechanism for mobile commerce transactions to meet the security needs in the face of the resource constraints of mobile devices. End-to-end security between the mobile device and the mobile commerce provider is established. However, its security builds on the assumption that customers can confirm every mobile commerce providers public key by themselves before each transaction. Moreover, the mechanism still produces high overhead on the mobile device. This paper elucidates the causes of these drawbacks, and an enhanced mechanism is also proposed to protect mobile commerce transactions more effectively and efficiently.

A comparative study of packet combining based error recovery schemes for wireless networks

To provide reliable communications in wireless environments, two fundamental error control mechanisms, automatic repeat request (ARQ) and forward error correction (FEC) are proposed. However, the ARQ mechanism may suffer frequent retransmissions and the FEC mechanism incurs bandwidth overhead. To reduce the number of retransmissions and support efficient correction, previous studies have proposed numerous packet combining based error recovery schemes. This study investigates the recovery performance of three packet combining based error recovery schemes, including the extended ARQ (EARQ), the merge strategy in the simple packet combining (SPaC-M), and the destination packet (DPC) schemes through the mathematical analysis and simulations. Results present that the EARQ outperforms the SPaC-M and the DPC in recovery speed in case of a large packet length and a high bit error rate. However, the EARQ is not suggested if the space overhead is the major consideration.

Low-Cost RFID Identification Variation

Interests continue to grow in recent years for the adoption of Radio Frequency Identification (RFID) in many different areas including transportation and supply chain management. Those RFID-included objects can be targeted more efficiently by real-time tracking and instant management. However, because of the contact-less type of RFID remote retrieval, the transmission of data in the air is very vulnerable to eavesdropping or appropriation. A primary security concern surrounding RFID technology is the illicit tracking of consumer location and analyzing of their shopping habits or behavior. This paper proposes a more secure and lightweight RFID variation protection protocol which enhances the security of the transmission of information as well as the consumer privacy protection by using randomized control access and two-way identification. In addition, this protocol also improves the overall performance and lowers the cost of RFID tag without any complicated calculation.