Presentation is loading. Please wait.

Presentation is loading. Please wait.

YA-TRAP: Yet Another Trivial RFID Authentication Protocol Gene Tsudik International Conference on Pervasive Computing and Communications, PerCom 2006.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "YA-TRAP: Yet Another Trivial RFID Authentication Protocol Gene Tsudik International Conference on Pervasive Computing and Communications, PerCom 2006."— Presentation transcript:

1 YA-TRAP: Yet Another Trivial RFID Authentication Protocol Gene Tsudik International Conference on Pervasive Computing and Communications, PerCom 2006. 報告人:陳昱升

2 Abstract The proposed protocol YA-TRAP –A simple technique for inexpensive untraceable identification of RFID tags. –Involves minimal interaction between a tag and a reader –Places low computational burden on the tag and back-end server

3 Introduction RFID tags –Replace barcodes –Their proliferation into our lives Privacy-related concerns –One of the main issues Tracking RFID tags –Unauthorized tracking of RFID tags by rogue readers

4 Operating Environment The legitimate entities are –Tags –Readers A device querying tags for identification information. –Server A trusted entity that knows all information about tags, their assigned keys, etc. Server Tag Reader

5 Operating Environment Assumptions –All communication between server and readers is over private and authentic channels. –A tag has No clock Small amounts of ROM and non-volatile RAM –The adversary can be either passive or active. Its primary goal is to track RFID tags.

6 Non-security Goals Our goals are to minimize every –(1) non-volatile RAM on the tag –(2) ROM on the tag –(3) tag computation –(4) # of messages & rounds in reader-tag interaction –(5) message size in the reader-tag interaction –(6) server real-time computation –(7) server storage The first 3 directly influence tag cost.

7 Modes of Operation Real time –It involves on-line contact between the reader and the server. –Retail or library check-out Batch mode –A reader scans numerous tags, collects replies and later performs their identification in bulk. –Inventory control

8 Tag Requirements Each tag is initialized with –K i Tag identification Cryptographic key –T 0 initial timestamp –T max the top value for the timestamp –Pseudo-Random Number Generator (PRNG) can be solved as an iterated keyed hash (e.g. HMAC) started with a random secret seed and keyed on K i.

9 Main idea Consider anonymous authentication of mobile users who move between domains. –A remote user identifies itself to the host domain by means of an ephemeral userid. –An ephemeral userid is computed as a collision- resistant one-way hash of current time and a secret permanent userid. –Server maintains a periodically updated hash table where each row corresponds to a traveling user. row: (permanent userid, ephemeral userid) –Server may precompute the current hash table and waits for requests to come in.

10 permanent userid ephemeral userid table of time T ephemeral userid ephemeral userid = hash (T, permanent userid) Server looks up (secret)

11 YA-TRAP Protocol previous timestamp current timestamp

12 Advantage Server can precompute the hash table of time T r. In batch mode, the reader interrogates a multitude of tags, at a later time, off-loads the collected responses along with the corresponding T r values. Only needs O(n) operations to identify n tags. (Compared to the MSW protocol which requires O(n*logn) operations of pseudo-random functions.)

13 Drawbacks Susceptible to DoS attack –the adversary sends a wildly inaccurate T r. A tag can not be authenticated more than once within the same interval. –a possible solution: k-traceable allow tags to response the same time value k times.

14 Efficiency/Cost considerations For a tag –a single HMAC or PRNG For the server –precompute the table at any time –a simple table look-up Cost –our requirement for non-volatile RAM elevate the cost above that of cheapest tags, i.e., less than $0.1 per tag. –Comparing: MSW protocols use non-volatile RAM, but need a physical random number generator.

15 Conclusion YA-TRAP protocol YA-TRAP protocol inexpensive untraceable identification of RFID tags. inexpensive untraceable identification of RFID tags.

Download ppt "YA-TRAP: Yet Another Trivial RFID Authentication Protocol Gene Tsudik International Conference on Pervasive Computing and Communications, PerCom 2006."

Similar presentations

Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University,

Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University,
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
1 An Ultra-lightweight Authentication Protocol in RFID Speaker: 魏家惠.

1 An Ultra-lightweight Authentication Protocol in RFID Speaker: 魏家惠.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Presenter: Nguyen Ba Anh HCMC University of Technology Information System Security Course.

Presenter: Nguyen Ba Anh HCMC University of Technology Information System Security Course.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.
Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.

Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.
TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Environmental Key Generation towards Clueless Agents James Riordan School of Mathematics University of Minnesota. Bruce Schneier Counterpane Systems. Published:

Environmental Key Generation towards Clueless Agents James Riordan School of Mathematics University of Minnesota. Bruce Schneier Counterpane Systems. Published:
On The Cryptographic Applications of Random Functions Oded Goldreich Shafi Goldwasser Silvio Micali Advances in Cryptology-CRYPTO ‘ 84 報告人 : 陳昱升.

On The Cryptographic Applications of Random Functions Oded Goldreich Shafi Goldwasser Silvio Micali Advances in Cryptology-CRYPTO ‘ 84 報告人 : 陳昱升.

Similar presentations

Ads by Google