Staffordshire University logo
STORE - Staffordshire Online Repository

Effective Protocols for Privacy and Security in RFID Systems Applications

Morshed, Md. Monzur (2012) Effective Protocols for Privacy and Security in RFID Systems Applications. Doctoral thesis, Staffordshire University.

[img]
Preview
Text
PhD Thesis 1896.pdf

Download (7MB) | Preview

Abstract or description

Abstract
Radio Frequency Identification (RFID) is a technology to identify objects or people automatically
and has received many applications recent years. An RFID tag is a small and low-priced device
consisting of a microchip with limited functionality and data storage and antenna for wireless
communication with the readers. RFID tags can be passive, active or semi-active depending on the
powering technique. In general passive tags are inexpensive. They have no on-board power; they
get power from the signal of the interrogating reader. Active tags contain batteries for their
transmission. The low-cost passive RFID tags are expected to become pervasive device in
commerce. Each RFID tag contains a unique identifier to serve as object identity so that this
identity can be used as a link to relate information about the corresponding object. Due to this
unique serial number in an RFID tag it is possible to track the tag uniquely. The challenge raised by
the RFID systems for certain applications is that the information in it is vulnerable to an adversary.
People who carry an object with an RFID tag could be tracked by an adversary without their
knowledge. Also, implementation of conventional cryptography is not possible in a low-cost RFID
tag due to its limited processing capability and memory limitations.
There are various types of RFID authentication protocols for the privacy and security of RFID
systems and a number of proposals for secure RFID systems using one-way hash functions and
random number. Few researchers have proposed privacy and security protocols for RFID systems
using varying identifiers. These are secured against most of the attacks. Due to varying identifiers
they also include the recovery from desynchronization due to incomplete authentication process.
However, due to the hash function of the identifier if one authentication process is unsuccessful, an
adversary can use the responses in the subsequent phase to break the security. In this case the
adversary can use the response for impersonation and replay attack and also can break the location
privacy. Some protocols protect privacy and security using static tag identifier with varying
responses so that they can work in pervasive computing environment. Most of these protocols work
with computationally expensive hash functions and large storage. Since 2001 a number of
lightweight protocols have been proposed by several researchers.
This thesis proposes seven protocols for the privacy and security of the RFID systems. Five of them
use a hash function and a static identifier such as SUAP1, SUAP2, SUAP3 and EMAP. These
iii
protocols are based on challenge-response method using one-way hash function, hash-address and
randomized hash function. The protocols are operable in pervasive environment since the identifier
of the tag is static. Another protocol named ESAP also works with static identifier but it updates the
timestamp that is used with another random number to make the response unidentifiable. The
protocol GAPVI uses varying identifier with hash function to ensure privacy and security of the tag.
It is based on challenge-response method using one-way hash function and randomized hash
function RFID system. Another proposed protocol EHB-MP is a lightweight encryption protocol
which is more suitable for low-cost RFID tag because it does not require comparatively more
computationally expensive hash function. Since 2001 Hopper and Blum developed the lightweight
HB protocol for RFID systems, a number of lightweight protocols have been proposed by several
researchers. This work investigates the possible attacks in the existing light weight protocols HB,
HB+ and HB-MP of RFID systems and proposes a new lightweight authentication protocol that
improves HB-MP protocol and provides the identified privacy and security in an efficient manner
for pervasive computing environment. The validity and performance of the hash-based protocols are
tested using analysis; simulation programs and some cases mathematical proofs have been given to
prove the protection particularly from the special man-in-the attack in the EHB-MP protocol.
Finally this research work investigates the privacy and security problems in few most potential
application areas that are suitable for RFID implementation. The areas are e-passport, healthcare
systems and baggage handling in airport. Suitable RFID authentication protocols are also proposed
for these systems to ensure the privacy and security of the users.
This thesis uses the symmetric cryptography for privacy and security protocols. In the future
asymmetric protocols may be an important research consideration for this area together with
ownership transfer of the tag could be a potential work area for research.

Item Type: Thesis (Doctoral)
Subjects: G900 Others in Mathematical and Computing Sciences
Faculty: PhD
Depositing User: Jane CHADWICK
Date Deposited: 06 May 2014 15:59
Last Modified: 07 May 2014 13:11
URI: http://eprints.staffs.ac.uk/id/eprint/1896

Actions (login required)

View Item View Item

DisabledGo Staffordshire University is a recognised   Investor in People. Sustain Staffs
Legal | Freedom of Information | Site Map | Job Vacancies
Staffordshire University, College Road, Stoke-on-Trent, Staffordshire ST4 2DE t: +44 (0)1782 294000