On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags

Wang, King-Hang; Chen, Chien‐Ming; Fang, Wu; Wu, Tsu-Yang

doi:10.1007/s11227-017-2105-8

Cited by 114 publications

(36 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, XMPP and AMQP can also use the Simple Authentication and Security Layer (SASL) protocol to authenticate devices [42,43]. However, for all these protocols and the existing works related to the IoT field [37,31,63,62] is recommendable to verify the suitability of the approach taking into account the technical restrictions of the IIoT devices together with control requirements as specified in [7].…”

Section: Mpdp-fog: Modules and Functionalitymentioning

confidence: 99%

Secure Interconnection of IT-OT Networks in Industry 4.0

Alcaraz

2019

Advanced Sciences and Technologies for Security Applications

View full text Add to dashboard Cite

Increasingly, the society is witnessing how today's industry is adapting the new technologies and communication protocols to offer more optimal and reliable services to end-users, with support for inter-domain communication belonging to diverse critical infrastructures. As a consequence of this technological revolution, interconnection mechanisms are required to offer transparency in the connections and protection in the different application domains, without this implying a significant degradation of the control requirements. Therefore, this book chapter presents a reference architecture for the new Industry 4.0 where the interconnection core is mainly concentrated in the Policy Decision Points (PDP), which can be deployed in high volume data processing and storage technologies such as cloud and fog servers. Each PDP authorizes actions in the field/plant according to a set of factors (entities, context and risks) computed through the existing access control measures, such as RBAC+ABAC+Risk-BAC (Role/Attribute/Risk-Based Access Control, respectively), to establish coordinated and constrained accesses in extreme situations. Part of these actions also includes proactive risk assessment measures to respond to anomalies or intrusive threats in time.

show abstract

Section: Mpdp-fog: Modules and Functionalitymentioning

confidence: 99%

Secure Interconnection of IT-OT Networks in Industry 4.0

Alcaraz

2019

Advanced Sciences and Technologies for Security Applications

View full text Add to dashboard Cite

show abstract

“…Tewari and Gupta in [14], following the method used by previous protocols, proposed another rotation based protocol. This time, the reports such as [21,22] were released on the vulnerability of this protocol against various attacks. Another example is ULRMAPC protocol [15] which [23] proved its vulnerability against DoS, impersonation and de-synchronization attacks.…”

Section: Related Workmentioning

confidence: 99%

“…However, as it is shown in Table 4, it costs to implement an encryption/decryption function, although this is a cost we should pay to achieve a promising security. × [18,30] × [19] × [18,30] × [16] Gossamer [13] × [20] × [20] × [20] ULRMAPC [15] × [23] × [23] × [23] Tewari and Gupta [14] × [21,22] × [21,22] × [21,22] × [21,22] ULRAS [24] ×(in this paper, [25] ) × [25] ×(in this paper) Aghili and Mala [25] ×(in this paper) ×(in this paper) ×(in this paper) ×(in this paper) UEAP Table 4. Computational cost comparison of the UEAP protocol with other protocols, where L denotes the length of each parameter in protocols…”

Section: Comparisonmentioning

confidence: 99%

“…Many protocols have been proposed in the literature [12][13][14][15] that have attempted to address CIA security principles, but unfortunately, there have been several reports of attacks [16][17][18][19][20][21][22][23] against them that indicate they have failed to provide the desired security. Hence, efforts to design a secure protocol are still ongoing and the new attacks that are developing provide designers with new insight on how to (not) design a protocol.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

On the Security of Rotation Operation Based Ultra-Lightweight Authentication Protocols for RFID Systems

2018

View full text Add to dashboard Cite

Passive Radio Frequency IDentification (RFID) tags are generally highly constrained and cannot support conventional encryption systems to meet the required security. Hence, designers of security protocols may try to achieve the desired security only using limited ultra-lightweight operations. In this paper, we show that the security of such protocols is not provided by using rotation functions. In the following, for an example, we investigate the security of an RFID authentication protocol that has been recently developed using rotation function named ULRAS, which stands for an Ultra-Lightweight RFID Authentication Scheme and show its security weaknesses. More precisely, we show that the ULRAS protocol is vulnerable against de-synchronization attack. The given attack has the success probability of almost ‘1’, with the complexity of only one session of the protocol. In addition, we show that the given attack can be used as a traceability attack against the protocol if the parameters’ lengths are an integer power of 2, e.g., 128. Moreover, we propose a new authentication protocol named UEAP, which stands for an Ultra-lightweight Encryption based Authentication Protocol, and then informally and formally, using Scyther tool, prove that the UEAP protocol is secure against all known active and passive attacks.

show abstract

“…Due to a few reasons, we should not use generic authentication key agreement protocols [5] or lightweight protocols for the general purpose short distance communications [6] in WBANs. Firstly, the specific architecture of the WBAN includes three tiers with multiple first level nodes whose most generic protocols are not optimized in this setting.…”

Section: Introductionmentioning

confidence: 99%

An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors in Wireless Body Area Networks

Chen

Xiang

et al. 2018

Applied Sciences

Self Cite

View full text Add to dashboard Cite

Abstract:The advancement of Wireless Body Area Networks (WBAN) have led to significant progress in medical and health care systems. However, such networks still suffer from major security and privacy threats, especially for the data collected in medical or health care applications. Lack of security and existence of anonymous communication in WBAN brings about the operation failure of these networks. Recently, Li et al. proposed a lightweight protocol for wearable sensors in wireless body area networks. In their paper, the authors claimed that the protocol may provide anonymous mutual authentication and resist against various types of attacks. This study shows that such a protocol is still vulnerable to three types of attacks, i.e., the offline identity guessing attack, the sensor node impersonation attack and the hub node spoofing attack. We then present a secure scheme that addresses these problems, and retains similar efficiency in wireless sensors nodes and mobile phones.

show abstract

On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags

Cited by 114 publications

References 10 publications

Secure Interconnection of IT-OT Networks in Industry 4.0

Secure Interconnection of IT-OT Networks in Industry 4.0

On the Security of Rotation Operation Based Ultra-Lightweight Authentication Protocols for RFID Systems

An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors in Wireless Body Area Networks

Contact Info

Product

Resources

About