Showing papers by "Jorge Munilla published in 2014"

EPCGen2 pseudorandom number generators: analysis of J3Gen.

Abstract: This paper analyzes the cryptographic security of J3Gen, a promising pseudo random number generator for low-cost passive Radio Frequency Identification (RFID) tags. Although J3Gen has been shown to fulfill the randomness criteria set by the EPCglobal Gen2 standard and is intended for security applications, we describe here two cryptanalytic attacks that question its security claims: (i) a probabilistic attack based on solving linear equation systems; and (ii) a deterministic attack based on the decimation of the output sequence. Numerical results, supported by simulations, show that for the specific recommended values of the configurable parameters, a low number of intercepted output bits are enough to break J3Gen. We then make some recommendations that address these issues.

Improving the Period and Linear Span of the Sequences Generated by DLFSRs

Abstract: Many proposals of pseudorandom sequence generators and stream ciphers employ linear feedback shift registers with dynamic feedback (DLFSR) as the main module to increase the period and linear span of the involved m-sequences. In this paper, we present a theoretical model that allows the design of longer sequences with higher linear span than in previous DLFSR schemes. The model determines the constant relationship between period and linear span for these structures. These more complex sequences here obtained improve the proposals based on LFSR with dynamic feedback found in the literature.

Pre vs Post State Update: Trading Privacy for Availability in RFID

Abstract: Designing lightweight RFID protocols that support strong privacy is a major challenge. For anonymity tags use pseudonyms that are refreshed with every interrogation (whether completed or not). For forward secrecy, the state of tags must be updated and it must be hard to reverse updates. Since the interrogating reader can be adversarial, the adversary may control state updates. It follows that it may not be possible for tags to maintain synchrony with authorized readers. In this letter we analyze a recently proposed RFID protocol and show that there is a fundamental trade-off between privacy and availability. We prove that for lightweight RFID applications strong privacy cannot be achieved in the presence of a Byzantine adversary.

Group-scanning for supply chain management

Abstract: The integrity of shipments in the supply chain may have to be tracked remotely by carriers that are not necessarily trusted We present an RFID framework architecture for applications when multiple scanned tags generate concurrently a proof of “simultaneous” presence that cannot be forged by untrusted carriers

Attacks on Secure Ownership Transfer for Multi-Tag Multi-Owner Passive RFID Environments.

Abstract: Sundaresan et al proposed recently a novel ownership transfer protocol for multi-tag multi-owner RFID environments that complies with the EPC Class1 Generation2 standard. The authors claim that this provides individual-owner privacy and prevents tracking attacks. In this paper we show that this protocol falls short of its security objectives. We describe attacks that allow: a) an eavesdropper to trace a tag, b) the previous owner to obtain the private information that the tag shares with the new owner, and c) an adversary that has access to the data stored on a tag to link this tag to previous interrogations (forward-secrecy). We then analyze the security proof and show that while the first two cases can be solved with a more careful design, for lightweight RFID applications strong privacy remains an open problem.