A Privacy Preserving Authentication Protocol for Low Power Devices
ComS/CprE 554 Project Report
Supervised by Dr. Wensheng Zhang

Michael Fong
mcfong@iastate.edu

November 24, 2009

Contents

1 Introduction
 1.1 Threats to Privacy
2 Security Concern
 2.1 Confidentiality
 2.2 Integrity
 2.3 Availability
 2.4 Authenticity
 2.5 Privacy
 2.6 Physical Attack
3 Proposed Protocol
 3.1 Preliminary Assumption
  3.1.1 Hash
  3.1.2 Pseudo-random Number Generator
 3.2 Assumption
 3.3 Set Up Phase
 3.4 Authentication Process
 3.5 Security Analysis
 3.6 Potential Attack
  3.6.1 Improved Scheme
  3.6.2 Tag Compromise Attack
  3.6.3 Misuse of Anonymous Authentication
4 Implementation
 4.1 Performance Analysis
5 Conclusion

Acknowledgements

We would like to thank Chuang Wang for many useful discussions on EC computations, and uses of operations in WM-ECC library.

References

[1]   F. Hu and N. K. Sharma., “Security considerations in ad hoc sensor networks,” Ad Hoc Networks, vol. 3, p. 6989, 2005.

[2]   A. Perrig, J. Stankovic, and D. Wagner, “Security in wireless sensor networks,” Commun. ACM, vol. 47(6), p. p5357, Jun 2004.

[3]   A. Juels, “Rfid security and privacy: a research survey,” Selected Areas in Communications, IEEE Journal on, vol. 24, no. 2, pp. 381–394, 2006.

[4]   F. Stajano and R. Anderson, “The resurrecting duckling: Security issues for ad-hoc wireless networks.,” Security Protocols, 7th International Workshop, Berlin, Heidelberg, 1999. Springer Verlag.

[5]   M. R. Rieback, B. Crispo, and A. S. Tanenbaum, “Keep on blockin’ in the free world: Personal access control for low-cost rfid tags,” in Security Protocols Workshop, pp. 51–59, 2005.

[6]   A. Juels, R. L. Rivest, and M. Szydlo, “The blocker tag: selective blocking of rfid tags for consumer privacy,” in CCS ’03: Proceedings of the 10th ACM conference on Computer and communications security, (New York, NY, USA), pp. 103–111, ACM Press, 2003.

[7]   Y. Nohara, S. Inoue, K. Baba, and H. Yasuura, “Quantitative evaluation of unlinkable id matching schemes,” in WPES ’05: Proceedings of the 2005 ACM workshop on Privacy in the electronic society, (New York, NY, USA), pp. 55–60, ACM, 2005.

[8]   B. Song and C. J. Mitchell, “Rfid authentication protocol for low-cost tags,” in WiSec ’08: Proceedings of the first ACM conference on Wireless network security, (New York, NY, USA), pp. 140–147, ACM, 2008.

[9]   S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, “Security and privacy aspects of low-cost radio frequency identification systems,” in Security in Pervasive Computing, vol. 2802 of Lecture Notes in Computer Science, pp. 201–212, 2004.

[10]   K. Koscher, A. Juels, and T. Kohno, “Epc rfid tags in security applications: Passport cards, enhanced drivers licenses, and beyond,”

[11]   H. Chan, A. Perrig, B. Przydatek, and D. X. Song, “Sia: Secure information aggregation in sensor networks,” Journal of Computer Security, vol. 15, no. 1, pp. 69–102, 2007.

[12]   V. De and S. Borkar, “Technology and design challenges for low power and high performance [microprocessors],” International Symposium on Low Power Electronics and Design (ISLPED) 1999, p. pages 163168, 1999.

[13]   “Tinyos, http://www.tinyos.net/.”

[14]   R. v. B. M. W. E. B. David Gay, Phil Levis and D. Culler, “The nesc language: A holistic approach to networked embedded systems,” In Programming Language Design and Implementation (PLDI), June 2003.

Project Log

5/23/09 - Project web page set up
9/16/09 - Project updates and deliverables uploaded

Source files

ComS554 Project Presentation , presented on 5/6/2009
ComS554 Project Report , submitted on 5/10/2009
NesC Source Code and bundle of required libraries (Available upon request), submitted on 9/16/09