Privacy and security for RFID Access Control Systems: RFID Access Control Systems without back-end database

Al-Zewairi, Malek; Alqatawna, Ja'far; Al-Kadi, Omar S.

doi:10.1109/aeect.2011.6132520

Cited by 9 publications

(13 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this work, we continue to build on our previous research , in which we proposed an RFID access control system that dispense the use of backend database and rely on the RF subsystem to perform access control functionalities. The RFID tag serves as a memory dump to store encrypted access control information.…”

Section: Previous Designmentioning

confidence: 99%

“…Moreover, it maintains a list of tag identifiers that are in online mode. Data stored on tags and readers are encrypted using a symmetric cipher function as described in . Cryptographic operations are performed on the reader side using either hardware or software implementation.…”

Section: Proposed Designmentioning

confidence: 99%

“…Other systems utilize a serverless approach that omits the role of the enterprise subsystem in providing access control and rely on the RF subsystem, thus, providing better availability assurance .…”

Section: Introductionmentioning

confidence: 99%

“…In this study, we aim to propose a new risk adaptive hybrid RFID access control system to overcome the limitations identified in our previous work . The proposed design combines the best of both serverless and risk adaptive access control systems by dynamically alternating between the two access control modes: online (server‐based) and offline (serverless) to adapt to the level of risk; thus, the name “hybrid”.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Risk adaptive hybrid RFID access control system

Al-Zewairi

Alqatawna

Atoum

2015

Security Comm Networks

Self Cite

View full text Add to dashboard Cite

Dynamic environments pose a challenge for traditional access control models where permissions are granted or revoked merely based on predefined and static access policies making them incapable of dynamically adapting to changing conditions. Risk adaptive access control models have been gaining more attention in the research community as an alternative approach to overcome the limitations of traditional access control models. Radio Frequency Identification (RFID) is an emerging technology widely utilized in both physical and logical access control systems because of its contactless nature, low cost, high read/write speed and long distance operation. Serverless RFID system architecture offers better availability assurance and lower implementation cost, while access rights management is easier in server‐based architecture. In this study, we continue to build on our previous research on the privacy and security of RFID access control systems without a backend database in order to overcome its limitations. We propose a hybrid design for a risk adaptive RFID access control system; that is, dynamically alternating between two access control modes, online (server‐based) and offline (serverless), to adapt to the level of risk depending on rule‐based risk scenarios and current risk value. The proposed design combines features of both serverless and risk adaptive access control systems. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

Section: Previous Designmentioning

confidence: 99%

Section: Proposed Designmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Risk adaptive hybrid RFID access control system

Al-Zewairi

Alqatawna

Atoum

2015

Security Comm Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…Radio frequency identification authentication is a basic method to guarantee security and privacy for an RFID system. If a tag is identified without being authenticated, attackers will be feasible to forge the tag's messages or to replay previous messages, pretending that the tagged object (e.g., an identification smartcard) is present.…”

Section: Introductionmentioning

confidence: 99%

TOA: a tag‐owner‐assisting RFID authentication protocol toward access control and ownership transfer

Xie

Zhang

et al. 2014

Security Comm Networks

View full text Add to dashboard Cite

This paper addresses radio frequency identification (RFID) authentication and ownership transfer in offline scenarios. Four typical related works are reviewed in detail. A series of shortcomings and vulnerabilities of them are pointed out. A new RFID authentication protocol based on a novel tag-owner-assisting architecture is proposed, making a tag's owner an essential participant of the RFID authentication process. The proposed protocol is distinguished from existing works in providing ownership transfer, access control, and mutual authentication without any centralized database neither on a backend server nor in a reader. The security of the proposed protocol is verified by using automated validation of Internet security protocols and applications tool. The proposed protocol is server-less, simple, scalable, untraceable, and device-independent. These features are simultaneously achieved in a single RFID authentication protocol for the first time.

show abstract