Security of RFID Tokens

Mansor, H., Markantonakis, K., Mayes, K.: CAN Bus Risk Analysis Revisit. In: Naccache, D. and Sauveron, D. Information Security Theory and Practice. Securing the Internet of Things. p. 170–179. Springer (2014). WebsiteAbstract
In automotive design process, safety has always been the main concern. However, in modern days, security is also seen as an important aspect in vehicle communication especially where connectivity is very widely available. In this paper, we are going to discuss the threats and vulnerabilities of a CAN bus network. After we have considered a number of risk analysis methods, we decided to use FMEA. The analysis process allowed us to derive the security requirements of a CAN bus. Experimental setup of CAN bus communication network were implemented and analysed.
Abughazalah, S., Markantonakis, K., Mayes, K.: Secure Improved Cloud-Based RFID Authentication Protocol. To be published in the 9th DPM International Workshop on Data Privacy Management. Springer, Berlin Heidelberg (2014).Abstract
Although Radio Frequency IDentifi cation (RFID) systems promise a fruitful future, security and privacy concerns have affected the adoption of the RFID technology. Several studies have been proposed to tackle the RFID security and privacy concerns under the as- sumption that the server is secure. In this paper, we assume that the server resides in the cloud, which might be insecure. Hence, the tag's data might be prone to privacy invasion and attacks. Xie et al. proposed a new scheme called cloud-based RFID authentication, which aimed to address the security and privacy concerns of RFID tag's data in the cloud. In this paper, we showed that Xie et al. protocol is vulnerable to reader impersonation attacks, location tracking and tag's data privacy invasion. Therefore, we proposed a new protocol that guarantees that the tag's data in the cloud are anonymous, and cannot be compro- mised. Furthermore, the proposed protocol achieves mutual authentication between all the entities participating in a communication session, such as a cloud server, a reader and a tag. Finally, we analysed the proposed protocol informally and formally using a privacy model and CasperFDR. The results indicate that the proposed protocol achieves data secrecy and authentication for RFID tags.
Abughazalah, S., Markantonakis, K., Mayes, K.: Enhancing the Key Distribution Model in the RFID-Enabled Supply Chains. The Proceedings of The 8th IEEE International Symposium on Security and Multimodality in Pervasive Environment (SMPE-2014), in conjunction with The 28th IEEE International Conference on Advanced Information Networking and Applications (AINA-2014) (2014).Abstract
In this paper, we point out the use of secret sharing strategies as a promising solution for managing the key distribution and recovery in the Radio Frequency IDentification (RFID) enabled supply chains. To this end, we designed a new model based on a secret sharing approach to solve the key distribution issue within the supply chains. We further proposed a secret key update protocol incorporating a resynchronisation capability to counter the disruptive effects of location tracking, replay attacks, and desynchronisation attacks. Compared with relevant approaches, our work demonstrates a number of advantages in terms of security and performance.
Poulopoulos, G., Markantonakis, K., Mayes, K.: A Secure and Efficient Mutual Authentication Protocol for Low-Cost RFID Systems. Availability, Reliability and Security, ARES-09. International Conference on. p. 706-711. IEEE Computer Society, Fukoka, Japan (2009).Abstract
In this work we propose a mutual authentication protocol for RFID (Radio Frequency Identification) systems incorporating low-cost RFID tags. These tags, due to their limited computational capabilities do not incorporate advanced cryptographic primitives. As a result, there are various threats against userspsila privacy and against the security of such systems. Our protocol, PMM, utilizes a hash function and a pseudorandom number generator that can be hardware implemented in a low-cost RFID tag. As we will demonstrate, our protocol offers a high level of security by preventing replay attacks, Denial-of-Service attacks, tracking attacks, tag spoofing and by offering forward security and an enhanced protection of user privacy.