Degree Name

Master of Computer Science - Research


School of Computer Science and Software Engineering


Radio Frequency Identi cation (RFID) has been widely applied in various applications in the modern world. For example, it can be used in supply chain management, automated payment systems and other daily applications as an essential technology to enhance lives of human beings. However, RFID systems are vulnerable to many malicious attacks against security and privacy. To solve these problems, cryptography must be applied. Our research work in this thesis mainly focuses on designing secure RFID authentication schemes with untraceability. We review a number of recent proposed RFID authentication protocols as well as related cryptographic techniques, and then de ne the security and privacy requirements for our RFID systems. Our main contributions in this thesis consist of two proposed RFID authentication schemes.

The first scheme is a symmetric-key-based authentication scheme for low-cost RFID tags. RFID systems used in this scheme conform to EPCglobal Class-1 Generation-2 RFID Speci cation. The work is an improvement of the protocol proposed by Yeh, Wang, Kuo and Wang (YWKW) in 2010. We investigate the YWKW protocol and present the man-in-the-middle attack and the strong tracing attack on their protocol. Our scheme successfully overcomes these drawbacks without impacting the performance advantage. Besides, our scheme achieves both backward untraceability and forward untraceability.

In last few years, some basic operations on elliptic curves have been proved applicable for low-cost RFID tags, which make elliptic-curve-based cryptography possible for RFID protocols. We proposed our second scheme constructed on elliptic curves using public-key cryptography. We prove the unforgeability for our scheme in the random oracle model. The security of our scheme is based on the hardness of the Gap Diffie-Hellman problem. We provide a rigorous privacy proof for our scheme based on the Vaudenay's privacy model. To our knowledge, it is the rst secure elliptic-curve-based authentication protocol that achieves both narrow-destructive and wide-forward privacy. Our scheme is also scalable for large-scale deployment in practice.



Unless otherwise indicated, the views expressed in this thesis are those of the author and do not necessarily represent the views of the University of Wollongong.