Otway–Rees protocol

About: Otway–Rees protocol is a research topic. Over the lifetime, 1975 publications have been published within this topic receiving 40569 citations.

Secure and efficient mutual authentication protocol for RFID conforming to the EPC C-1 G-2 standard

Abstract: As low-cost tags based on the EPC C-1 G-2 standard are much limited in storage capacity and computation power, most of the existing authentication protocols are too complicated to be suitable for these tags, and the design of authentication protocols conforming to the EPC C-1 G-2 standard is a big challenge Recently, a mutual authentication protocol for RFID conforming to the EPC C-1 G-2 standard was proposed by Yeh et al, and it is claimed that this protocol has solved all security vulnerabilities in the existing RFID protocols However, in fact, it is proven that this scheme is vulnerable to the tag tracing attack and suffers from the information leakage issue, and the complexity of the successful attack is only 216 To address these issues efficiently, a novel secure RFID authentication protocol conforming to the EPC C-1 G-2 standard is proposed In the new scheme, the attack complexity is raised to 232 without changing the length of any protocol data Analysis shows that our protocol can not only efficiently resist the tag information leakage and the tag tracing attack, but also have a significant advantage in performance over Yeh et al's protocol

Proposing and verifying a security-enhanced protocol for IoT-based communication for medical devices

Abstract: Internet of things technology has recently drawn much attention across industries. IoT technology has gradually been applied to industries and everyday life in general including healthcare, where people can access hospital information systems to view personal health and medical information. Still, due to security vulnerabilities, personal health and medical information is prone to hacking attacks. Thus, concerns over privacy invasion have come to the fore, and at the same time security issues are considered to override information services. This paper proposes a communication protocol based on hash lock, session keys, random numbers and security keys designed to be safe against intruders' hacking attempts in information communication between medical devices. Instead of arguing for the safety of the proposed protocol with mathematical theorem proving as in prior research on protocol proving, this paper verifies the safety of the proposed authentication protocol against a range of attacks using a model checking program, Casper/FDR program. In brief, the proposed communication protocol for medical devices is safe and secure against diverse attacks.

A New RFID Authentication Protocol with Ownership Transfer in an Insecure Communication Environment

Abstract: During recent years, RFID technology raises many privacy and security concerns. However, most previous works provided authentication protocols by the assumption of secure channel between the reader and the database. But this assumption is not suitable for wireless environment. In 2005, Yang et al. proposed a scheme in which the channel between the reader and the database is assumed to be insecure. Unfortunately, Yang et al.’s scheme cannot achieve some critical security requirements. Due to above reason, we propose a new authentication protocol against all possible attacks and this method is secure even if the channel between the reader and the database may suffer from the attacks of interception, eavesdropping and masquerade. Additionally, the proposed scheme also supports the ownership transfer property inspired by Osaka et al.’s and Lei-Cao’s schemes.

LoRaWAN: Vulnerability Analysis and Practical Expoitation

Abstract: Internet of Things (IoT) applications nowadays have a wide impact on people’s daily life while the size of IoT has been increasing rapidly. Millions of devices huge amount of data and different kinds of new protocols can bring many security issues. LoRaWAN is a MAC layer protocol for long-range low-power communication dedicated to the IoT. It can be used to transmit messages between IoT end devices and gateways. However, since the development of LoRaWAN is still at an early stage, the security level of the protocol is not well developed, and the need for analyzing and developing the security level of LoRaWAN is necessary and urgent. This research summarizes the secure features of LoRaWAN in the aspects of activation methods, key management, cryptography, counter management and message acknowledgement. Then, vulnerabilities of LoRaWAN are found and analyzed. 4 Attacks based on these vulnerabilities are designed and described via an attack tree method. These attacks are (1) replay attack, (2) eavesdropping, (3) bit flipping and (4) ACK spoofing. As a poof-of-concept, the attacks are implemented and executed in a LoRaWAN environment. Afterwards, mitigation and secure solutions against attacks are given to protect the security of LoRaWAN networks. The result of this research can be used in developing the security level of LoRaWAN protocol and setting the standard criteria for evaluating security of LoRaWAN devices.

A quantum secure direct communication protocol based on a five-particle cluster state and classical XOR operation

Abstract: In order to transmit secure messages, a quantum secure direct communication protocol based on a five-particle cluster state and classical XOR operation is presented. The five-particle cluster state is used to detect eavesdroppers, and the classical XOR operation serving as a one-time-pad is used to ensure the security of the protocol. In the security analysis, the entropy theory method is introduced, and three detection strategies are compared quantitatively by using the constraint between the information that the eavesdroppers can obtain and the interference introduced. If the eavesdroppers intend to obtain all the information, the detection rate of the original ping-pong protocol is 50%; the second protocol, using two particles of the Einstein-Podolsky-Rosen pair as detection particles, is also 50%; while the presented protocol is 89%. Finally, the security of the proposed protocol is discussed, and the analysis results indicate that the protocol in this paper is more secure than the other two.