ecc-based lightweight authentication protocol with un-traceability for low-cost rfid
DESCRIPTION
ECC-Based Lightweight Authentication Protocol with Un-traceability for Low-Cost RFID. Authors: Hung-Yu, Chi-Sung Laih Sources: Journal of Parallel and Distributed Computing, Accepted Speaker: C. H. Wei. Outline. The problem Authentication protocol Security analysis, and performance analysis - PowerPoint PPT PresentationTRANSCRIPT
1
ECC-Based Lightweight Authentication Protocol with Un-traceability for Low-Cost RFID
Authors: Hung-Yu, Chi-Sung Laih
Sources: Journal of Parallel and Distributed Computing, Accepted
Speaker: C. H. Wei
2
Outline
• The problem
• Authentication protocol
• Security analysis, and performance analysis
• Conclusion
• Comments
3
The Problem
• Only a few of the previous RFID authentication schemes consider anonymity and un-traceability
• In some schemes, the tags do not respond to identification-related information– A server must search the whole database – About perform computation, per tag in order to
identify the communicating tag, which is not efficient.
4
Hamming code1
0
1
10
01
(1)
(2)
(3)
(4)
send 1101
Received 1101010
e
5
Initialization
• The server randomly chooses a secret linear code C(n, k, d), length n, dimension k and minimum distance d
• The server assigns row vectors G[j] to the tag, where
j=(i-1)*s+1,…i*s
6
Ti, Ki, g( ), G[j]Ti, Ki, G
ci =mi*G
G*HT=0
7
Security Analysis
• Mutual authentication– Only the genuine server can compute
– Only the genuine tag can compute Vs
• Privacy– The value seem random to an
attacker who does not have the private parameters.
8
Security Analysis (cont.)
• Anonymity and un-traceability– Attacker eavesdrop two or more sessions (c1+e1,
…, ci+ei)
• Compromise of tags– The attacker could derive the row vectors and k
ey inside the tag– The scheme does not provide the forward secre
cy
9
Security Analysis (cont.)
• Performance analysis– Only the server is required to be equipped with
the decoding algorithms.– The tag require the pseudo-random generator a
nd simple bit operations• The number of row vectors per tag being l, the space
requirement per tag is l*n+|Ki|
• ex. (n=128,k=64,d=22), l=3, 64/3=21 tags, length of key is 32, space=3*128+32=416 bits
10
Comments
–之前的論文在解決 traceability和 anonymity都需要將資料庫全部搜尋一次,才能確認對方身份
–此論文建議的方法使用 linear error correction codes 可以達到 low-cost and better performance
–缺點:不適合用在有大量的 tag環境下因為每個 tag需要用到的儲存空間很大
11
• A binary K-tuple m can be encoded to an N-bit codeword c=m*G, where G is an K-by-N generator matrix. An error vector e added to the codeword ci results in a vector
• r can be decoded in to c based on the syndrome vector s=r*HT, where H is an (N-K)-by-N parity-check matrix such that G*HT=0