Master of Computer Science - Research
School of Computer Science and Software Engineering
Cheng, Shu, Security and authentication schemes in RFID, Master of Computer Science - Research thesis, School of Computer Science and Software Engineering, University of Wollongong, 2011. http://ro.uow.edu.au/theses/3340
Radio Frequency Identi cation (RFID) has been widely applied in various applications in the modern world. For example, it can be used in supply chain management, automated payment systems and other daily applications as an essential technology to enhance lives of human beings. However, RFID systems are vulnerable to many malicious attacks against security and privacy. To solve these problems, cryptography must be applied. Our research work in this thesis mainly focuses on designing secure RFID authentication schemes with untraceability. We review a number of recent proposed RFID authentication protocols as well as related cryptographic techniques, and then de ne the security and privacy requirements for our RFID systems. Our main contributions in this thesis consist of two proposed RFID authentication schemes.
The first scheme is a symmetric-key-based authentication scheme for low-cost RFID tags. RFID systems used in this scheme conform to EPCglobal Class-1 Generation-2 RFID Speci cation. The work is an improvement of the protocol proposed by Yeh, Wang, Kuo and Wang (YWKW) in 2010. We investigate the YWKW protocol and present the man-in-the-middle attack and the strong tracing attack on their protocol. Our scheme successfully overcomes these drawbacks without impacting the performance advantage. Besides, our scheme achieves both backward untraceability and forward untraceability.
In last few years, some basic operations on elliptic curves have been proved applicable for low-cost RFID tags, which make elliptic-curve-based cryptography possible for RFID protocols. We proposed our second scheme constructed on elliptic curves using public-key cryptography. We prove the unforgeability for our scheme in the random oracle model. The security of our scheme is based on the hardness of the Gap Diffie-Hellman problem. We provide a rigorous privacy proof for our scheme based on the Vaudenay's privacy model. To our knowledge, it is the rst secure elliptic-curve-based authentication protocol that achieves both narrow-destructive and wide-forward privacy. Our scheme is also scalable for large-scale deployment in practice.