Radio-frequency identification (RFID) systems consist of RFID tags, RFID readers, and a back-end server and they seek to resolve issues concerning privacy infringement and forgery. While as tag authentication protocols facilitate the modules of the RFID system to authenticate tags by processing and exchanging information in accordance with the defined procedure through cryptographic primitives, hash-based mutual authentication protocol work better in resolving privacy infringement and forgery problems such as eavesdropping between a tag and a reader, traffic analysis including brute-force attack, location tracking whereby the attacker gets to identify which tag bears specific information, replay attack where the victim obtains messages from the attacker as a result of regular eavesdropping communication between the reader and tag. Finally, there is a physical and middle-man attack.
Mutual authentication demands that the verification of the objects constituting the RFID system. Therefore, it incorporates counterchecks on the tag and the reader, the reader, and the back-end server, as well as the tag and the back-end server. The one-way property-feature of the hash function facilitates the protection of identification information on the tag through the hash-based schemes that fundamentally have differences in accordance with how the secret value is used and managed. The methods of using and managing the secret value are determined through accounting for the features and security requirements of the tag. The already existing proposed protocols have improved and modified the use and running of the secret value. Despite the fact that hash-based techniques come with high-level security, they are limiting since the efficiency of the back-end server fluctuates and the execution of the tags becomes improbable. Additionally, the technique is highly distinguishable whereby the tags leak crucial information upon the intruders request.
The use of random numbers for authentication purposes as used by many RFID techniques presents a loop of intrusion during synchronization since the numbers are transmitted through radio frequencies without verification. The notation and arithmetic operations technique, however, curbs all issues related to synchronization of random numbers where the communication between the tag and the reader is vulnerable. Under this technique, the secret value s explains the series of each group when random numbers are classified. In that light, secret value s is equal for each tag. For instance, s1 and s2.
STEP 1. Readers request:
Reader generating random number NR +request message:
Tag response:
Random number NT+ M1:
NT+ M1 (where a =M1=h (S NR NT) =RIDNTNR a =h (IDNRNTRIDNTNR)
STEP 2. Reader to the back-end server:
M2 = h (RID NR)
Reader sends M1, M2, NR, and NT to the back-end database (DB)
STEP 3: back-end Database response:
Comparison of a match between NR with NR(old)= A=?B
If they do not match, it formulates and receives the random numbers NR and NT. Comparison whether M1 =? h(S NR NT ) is genuine.
Formulation of: h(RID NR) and receives a random number NR. If reader is legal: M2== h(RID NR)
Formulation of random number NDB and Equation
SE and
S new = h(S NDB NT).
Next, it sends M3 and NDB to the reader.
S new = h(S NDB NT) confirmed!
STEP 4: Readers response:
Sending M3+NDB to the tag
STEP 5: Tags response:
Verification if M3 =? h(ID NDB)=(A=?B)
When tag searching, authentication, and updating of secret values, the message displayed is as shown:
DATAID h(M3 RIDNTNRRIDNTNRi M2 RIDti M1. h(RIDri RIDNTNR ) RIDNTNR M2 NT+M1.
If true:
S new = h(ID NDB NT) confirmed!
Request Removal
If you are the original author of this essay and no longer wish to have it published on the thesishelpers.org website, please click below to request its removal:
- The Smart Parking - Paper Example
- Movie Review Example: Digital Nation
- Research Paper Example: Role of Board Members in Cybersecurity
- Ethical Issues Facing IT Managers and Security Professionals
- Essay Example: Project Management Methodology and Tools
- What Are the Managerial Implications Concerning Information Systems? Coursework Example
- Criminal or Unethical Hackers - Essay Sample