Abstract. RFID technology is a ubiquitous technology, and seems destined to become more a more ubiquitous. Traditional cryptographic primitives are not supported on low-cost RFID tags since, at most, 4K gates can be devoted to security-related tasks. Despite this, there are a vast number of proposals based on the use of classical hash functions, an assumption that is not realistic (at least at the present time). Furthermore, none of the published authentication protocols are resistant to active attacks. We try to address these two issues in this work by designing a new authentication protocol, secure against passive and active attacks, inspired by Shieh et al.’s protocol for smart-cards, but adapted to RFID systems. The original Shieh et al.’s scheme is considered one of the most secure an efficient protocols in the smart-card field. Because in this protocol tags should support a hash-function on-board, a new lightweight hash function, named Tav-128, is also proposed. A preliminary security analysis is shown, as well as a study on its hardware complexity, which concludes that its implementation is possible with around 2.6K gates.

Abstract. We propose an application of recent advances in e-cash, anonymous credentials, and proxy re-encryption to the problem of privacy in public transit systems with electronic ticketing. We discuss some of the interesting features of transit ticketing as a problem domain, and provide an architecture sufficient for the needs of a typical metropolitan transit system. Our system maintains the security required by the transit authority and the user while significantly increasing passenger privacy. Our hybrid approach to ticketing allows use of passive RFID transponders as well as higher powered computing devices such as smartphones or PDAs. We demonstrate security and privacy features offered by our hybrid system that are unavailable in a homogeneous passive transponder architecture, and which are advantageous for users of passive as well as active devices. 1

Radio Frequency Identification (RFID) is seeing a surge in awareness across a range of industries as a successor to barcoding. The nature of this technology promises a wide range of benefits but it appears to be at the expense of security. This paper investigates an eavesdropping attack against an EPC RFID system and shows how a simple device may be used to record interactions between both Tag and Readers. The device is used to record and decode signals within range and its output is analysed to verify that the attack was indeed successful. The findings verify previous assertions by other authors that such attacks are viable and acts as a warning to implementers of the standard who expected their transactions to remain private or secure.

Low-cost Radio Frequency Identification (RFID) tags are devices with very limited computational capability, in which only 250-4K logic gates can be devoted to securityrelated tasks. Classical cryptographic primitives such as block ciphers or hash functions are well beyond the computational capabilities of low-cost RFID tags, as ratified by the EPCglobal Class-1 Gen-2 RFID specification. Moreover, the Gen-2 RFID specification does not pay due attention to security. For this reason, an efficient Ultra Light Authentication Protocol (ULAP) is proposed in this paper. This new scheme offers an adequate security level against passive attacks, and is compliant with Gen-2 RFID specification.

Available online at www.sciencedirect.com

Many security and privacy protocols for RFID systems have been proposed [8, 13, 19, 20]. In most cases these protocols are evaluated in terms of security based on some model. Often the model was introduced by the creator of the protocol, in some cases borrowing parameters from the protocol for model parameters. Moreover, the models that are discussed may represent only one aspect of the necessary security services that are needed in an RFID system. Here we describe several of the security requirements that are needed in an RFID system. Further, we model these requirements. These models incorporate security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity. We also construct less restrictive versions of many of these models to reflect the security needed for some less security-intensive RFID applications. Finally, we compare our model to Juels ’ models [13], Avoine’s models [4] and Ohkubo et al.’s models [20].

Low cost RFID tags pose unique security and privacy challenges. There is an unresolved issue however of data tampering. Here we propose a watermarking based tamper detection solution for low cost RFID tags where the Object Class (OC) and the Serial number (SN) field of an RFID tag are used as the cover medium. Additionally, the use of a chaotic map (i.e. Skew Tent Map) in the watermark embedding algorithm makes this solution more secure. Unlike existing watermark based solutions, our proposed solution offers increased security and can detect tampering anywhere in the RFID tag (e.g. both in the EPC Manager and the Object Class field of an RFID tag), not just a portion such as the Object Class or the EPC manager. This proposed solution conforms to the EPC-Class1 Generation2 specification. Key words: watermarking; RFID security; tamper detection; EPC Class1 Gen 2 tag; information hiding. 1.

Paper presents a brief overview of RFID technology and protocols used in it. The paper becomes a foot step in analysis

The research Paper describes security and privacy issues in RFID systems and proposes a new enhanced algorithm. Our proposed protocol is an enhancement over Sang-Soo Yeo and Sung Kwon Kim ‟ protocol and it provides better security and privacy. Comparative analysis of our proposed protocol and Yeo et al. protocol is done on the basis of various parameters like number of tags, length of hash chain, number of groups etc. The simulation is done using Sun Microsystems Java and results are analyzed using visual inspection.