Skip to main content
SpringerLink
Log in

Mitigating Threats and Vulnerabilities of RFID in IoT Through Outsourcing Computations for Public Key Cryptography

  • Chapter
  • First Online:
Security, Privacy and Trust in the IoT Environment

Abstract

The widespread use of IoT devices that rely on Radio Frequency IDentification (RFID) technologies has resulted in numerous benefits; however, device connectivity has also created numerous security threats and vulnerabilities. This is due to the nature of the wireless links and the limited computational capabilities of such devices. However, until now, there has not been a noteworthy practical solution to many of the security issues related to the RFID technology. This chapter addresses the major threats and vulnerabilities related to RFID technologies in the IoT environment. In addition, it reviews some of the recently proposed cryptographic solutions as countermeasures for security and privacy issues. These solutions allow devices with limited computational resources to use asymmetric cryptographic encryption techniques in robust cryptographic protocols. In addition, these solutions, through delegation of exponentiation techniques, satisfy four core requirements, viz., correctness, privacy, efficiency, and security. Moreover, they ensure that the probability, which an untrusted server can convince a client (RFID) of an incorrect computational result, is exponentially small (almost equal to zero). This has a significant impact on the adoption of the said technologies in fields and areas where the use of RFID technology has not been considered. The solutions proposed in this chapter enable RFID technology to be more secure and be part of the IoT vision as a trusted technology, which can be adopted in any field globally without having concerns regarding privacy, security, and trust.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ericsson (2016) Ericsson Mobility Report, On the pulse of the networked society, Report, Jun 2016

    Google Scholar 

  2. Kamble A, Malemath VS, Patil D (2017) Security attacks and secure routing protocols in RPL-based Internet of Things: survey. In: International conference on emerging trends & innovation in ICT (ICEI), Pune Institute of Computer Technology, Pune, India, Feb 3–5, 2017

    Google Scholar 

  3. Gartner Inc. (2015) Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015. http://www.gartner.com/newsroom/id/3165317, Nov. 2015. Accessed December 2018

  4. Karnouskos S, Marrn PJ, Fortino G, Mottola L, Martinez JR de Dios (2014) Applications and markets for cooperating objects. Springer Briefs in Electrical and Computer Engineering, Springer

    Google Scholar 

  5. Nokia (2016) A buyers and influencers guide to connected device management, for all things connected in mobile, home and IoT, Strategic Whitepaper, Jul 2016

    Google Scholar 

  6. Statista (2015) Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025 (in billions). https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/. Accessed Dec 2018

  7. Dave E (2011) The Internet of Things: how the next evolution of the internet is changing everything, CISCO. Accessed Dec 2018. http://www.cisco.com/web/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf

  8. Press Release, Strategy Analytics (2014) M2M market will generate $242 billion revenue by 2022. https://www4.strategyanalytics.com/default.aspx?mod=pressreleaseviewer&a0=5468. Accessed on December 2018

  9. Kim S, Mariotti C, Alimenti F, Mezzanotte P, Georgiadis A, Collado A, Roselli L, Tentzeris M (2013) No battery required: Perpetual RFID-enabled wireless sensors for cognitive intelligence applications. Microw Mag IEEE 14(5):66–77

    Article  Google Scholar 

  10. Roselli L et al (2015) Review of the present technologies concurrently contributing to the implementation of the Internet of Things (IoT) paradigm: RFID, green electronics, WPT and energy harvesting. In: IEEE Topical conference on wireless sensors and sensor networks (WiSNet), San Diego, CA, pp 1–3

    Google Scholar 

  11. IoT-A, (2014) Internet of Things – architecture Io-A deliverable D1.3 updated reference model for IoT v1.5. http://cocoa.ethz.ch/downloads/2014/01/1524_D1.3_Architectural_Reference_Model_update.pdf. Accessed Dec 2018

  12. Industrial internet consortium (2015) Industrial internet reference architecture v 1.8, https://www.iiconsortium.org/IIRA.htm. Accessed Dec 2018

  13. ZVEI Die Elektroindutrie (2015) The reference architectural model RAMI 4.0 and the Industrie 4.0 component, https://www.zvei.org/en/subjects/industry-4–0/the-reference-architectural-model-rami-40-and-the-industrie-40-component/. Accessed Dec 2018

  14. Cisco (2014) Building the Internet of Things. https://www.cisco.com/c/dam/global/en_ph/assets/ciscoconnect/pdf/bigdata/jim_green_cisco_connect.pdf. Accessed Dec 2018

  15. Gluhak et al (2011) An architectural blueprint for a real-world internet. The Future Internet, Lecture Notes in Computer Science, vol 6656, pp 67–80

    Chapter  Google Scholar 

  16. Chaqfeh MA, Mohamed N (2012) Challenges in middleware solutions for the Internet of Things. In: Proceedings of international conference CTS, pp 21–26

    Google Scholar 

  17. Khan R, Khan SU, Zaheer R, Khan S (2012) Future internet: The Internet of Things architecture, possible applications and key challenges. In: Proceedings of 10th international conference FIT, pp 257–260

    Google Scholar 

  18. Tan L, Wang N (2010) Future internet: The Internet of Things. In: Proceedings of 3rd ICACTE, 2010, V5, pp 376–380

    Google Scholar 

  19. Grover A, Berghel H (2011) A survey of RFID deployment and security issues, Korea Science. J Informat Process Syst 7(4)

    Article  Google Scholar 

  20. Weis SA, Sarma SE, Rivest RL, Engels DW (2004) Security and privacy aspects of low-cost radio frequency identification systems. In: Proceedings of 1st international conference security pervasive computing, pp 201–212

    Chapter  Google Scholar 

  21. Wu M, Lu TJ, Ling FY, Sun J, Du HY (2010) Research on the architecture of Internet of Things. In: Proceedings of 3rd ICACTE, 2010, pp V5-484–V5-487

    Google Scholar 

  22. Yang Z et al (2011) Study and application on the architecture and key technologies for IOT. In: Proceedings of ICMT, pp 747–751

    Google Scholar 

  23. Mitrokotsa A, Rieback MR, Tanenbaum (2010) Classifying RFID attacks and defenses. A.S. Informat Syst Front 12(5):491–505. https://doi.org/10.1007/s10796-009-9210-z

    Article  Google Scholar 

  24. Frustaci M, Pace P, Aloi G, Fortino G (2018) Evaluating critical security issues of the IoT world: present and future challenges. IEEE Internet of Things J 5(4):2483–2495

    Article  Google Scholar 

  25. Lin J, Yu W, Zhang N, Yang X, Zhang H, Zhao W (2017) A survey on internet of things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet of Things J 4(5):1125–1142

    Article  Google Scholar 

  26. Anderson R, Kuhn M (1996) Tamper resistance-a cautionary note. In: Second USENIX workshop on electronic commerce proceedings, Oakland, California, November 18–21, 1996, pp 1–11

    Google Scholar 

  27. Zhao K, Ge L (2013) A Survey on the Internet of Things security. In: 2013 ninth international conference on computational intelligence and security, Leshan, pp 663–667

    Google Scholar 

  28. Weingart SH (2000) Physical security devices for computer subsystems: a survey of attacks and defenses. In: Koç ÇK, Paar C (eds) Cryptographic hardware and embedded systems- CHES 2000. CHES 2000. Lecture Notes in Computer Science, vol 1965. Springer, Berlin, Heidelberg

    Chapter  Google Scholar 

  29. Mosenia A, Jha NK (2017), A comprehensive study of security of Internet-of-Things. IEEE Trans Emerg Topics Comput 5(4):586–602

    Article  Google Scholar 

  30. C3 Public Wiki (2006) RFID-Zapper (EN). https://events.ccc.de/congress/2005/static/r/f/i/RFID-Zapper(EN)_77f3.html. Accessed Dec 2018

  31. Deogirikar J, Vidhate A (2017) Security attacks in IoT: a survey. In: International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC 2017)

    Google Scholar 

  32. Kashif L, Shamsi JA (2015) A study of security issues, vulnerabilities and challenges in internet of things. Secur Cyber-Phys Syst 221

    Google Scholar 

  33. Lan L (2012) Study on security architecture in the Internet of Things. In: Proceedings of 2012 international conference on measurement, information and control, Harbin, China, pp 374–377

    Google Scholar 

  34. Ahemd MM, Shah MA, Wahid A (2017) IoT security: a layered approach for attacks and defenses. In: International conference on communication technologies (ComTech), Rawalpindi, 2017, pp 104–110

    Google Scholar 

  35. Andrea C Chrysostomou, Hadjichristofi G (2015) Internet of Things: Security vulnerabilities and challenges, IEEE Symposium on Computers and Communication (ISCC). Larnaca 2015:180–187

    Google Scholar 

  36. Syverson P (1994) A taxonomy of replay attacks [cryptographic protocols]. In: Proceedings the computer security foundations workshop VII, Franconia, NH, USA, pp 187–191

    Google Scholar 

  37. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Wiener M (ed) Advances in cryptology CRYPTO’ 99. CRYPTO 1999. Lecture Notes in Computer Science, vol 1666. Springer, Berlin, Heidelberg

    Chapter  Google Scholar 

  38. Messerges TS, Dabbish EA, Sloan RH (1999) Power analysis attacks of modular exponentiation in smartcards. In: Koç ÇK, Paar C (eds) Cryptographic hardware and embedded systems. CHES 1999. Lecture Notes in Computer Science, vol 1717. Springer, Berlin, Heidelberg

    Chapter  Google Scholar 

  39. Atamli W, Martin A (2014) Threat-based security analysis for the Internet of Things. International Workshop on Secure Internet of Things, Wroclaw 2014:35–43

    Google Scholar 

  40. Puthal D, Nepal S, Ranjan R, Chen J (2016) Threats to networking cloud and edge data centers in the Internet of Things. In: IEEE cloud computing, vol 3, no 3, pp 64–71

    Article  Google Scholar 

  41. Sopori D, Pawar T, Patil M, Ravindran R (2017) Internet of things: security threats. Int J Advanc Res Comput Eng Technol (IJARCET), 6(3), ISSN 2278 – 1323

    Google Scholar 

  42. Mahmoud R, Yousuf T, Aloul F, Zualkernan I (2015) Internet of Things (IoT) security: current status, challenges and prospective measures. In: the 10th international conference for internet technology and secured transactions (ICITST-2015)

    Google Scholar 

  43. Juels A, Rivest RL, Szydlo M (2003) The blocker tag: Selective blocking of RFID tags for consumer privacy. In: Proceedings of ACM 10th conference on computing and communication security, pp 103–111

    Google Scholar 

  44. Kim DS, Shin TH, Park JS (2006) Access control and authorization for security of RFID multi-domain using SAML and XACML. In: International Conference on Computational Intelligence and Security, Guangzhou, pp 1587–1590

    Google Scholar 

  45. Uttarkar R, Kulkarni R (2014) Internet of things: architecture and security. Int J Comput Appl 3(4):2014

    Google Scholar 

  46. Thakur BS, Chaudhary S (2013) Content sniffing attack detection in client and server side: a survey. Int J Advanc Comput Res (IJACR) 3

    Google Scholar 

  47. Halim T, Islam Md. R, (2012) A study on the security issues in WSN. Int J Comput Appl (0975 – 8887), 53(1)

    Google Scholar 

  48. Khoo B (2011) RFID as an enabler of the internet of things: issues of security and privacy. In: International conference on internet of things and 4th international conference on cyber, physical and social computing, Dalian, pp 709–712

    Google Scholar 

  49. Pedro P, Julio H, Juan T, Li T, Li Y (2010) Vulnerability analysis of RFID protocols for tag ownership transfer. Comput Netw 54(9):1502–1508. Research Collection School of Information Systems

    Google Scholar 

  50. Rieback MR, Crispo B, Tanenbaum AS (2006) Is your cat infected with a computer virus? In: Fourth annual IEEE international conference on pervasive computing and communications (PERCOM’06), Pisa, pp 10–179

    Google Scholar 

  51. Atallah M, Pantazopoulos KN, Rice J, Spafford E (2002) Secure outsourcing of scientific computations. Adv Comput 54:215–272

    Article  Google Scholar 

  52. Hohenberger S, Lysyanskaya A (2005) How to securely outsource cryptographic computations. In: Proceedings of the theory of cryptography conference 2005. Springer, pp 264–282

    Google Scholar 

  53. Benjamin D, Atallah M (2008) Private and cheating-free outsourcing of algebraic computations. In: Sixth annual conference on privacy, security and trust, PST 2008, Fredericton, New Brunswick, Canada, Springer, October 2008, pp 240–245

    Google Scholar 

  54. Gentry C (2009) Fully homomorphic encryption using ideal lattices. In: STOC ’09, 2009, pp 169–178

    Google Scholar 

  55. Atallah M, Frikken K (2010) Securely outsourcing linear algebra computations. In: Proceedings of the 5th ACM symposium on information, computer and communications security. Springer, New York, 2010, pp 48–59

    Google Scholar 

  56. Gennaro R, Gentry C, Parno B (2010) Non-interactive verifiable computing: outsourcing computation to untrusted workers. Advanc Cryptol CRYPTO 2010, Lecture Notes Computer Science 6223, 465– 482

    Google Scholar 

  57. Yao AC (1982) Protocols for secure computations. In: Proceedings of the 23rd annual symposium on foundations of computer science, pp 160–168. IEEE Computer Society

    Google Scholar 

  58. Chung K, Kalaiand Y, Vadhan S (2010) Improved delegation of computation using fully homomorphic encryption. In: Proceedings of 30th annual cryptology conference, Santa Barbara, CA, USA, in: Lect. Notes Computer Science, vol 6223, Springer, August 2010, pp 483–501

    Google Scholar 

  59. Chung K, Kalaiand Y, Liu F (2011) Memory delegation. In: Proceedings of the 31st annual cryptology conference, Santa Barbara, CA, USA. Lecture Notes Computer Science, vol 6841, Springer, pp 151–168

    Google Scholar 

  60. Parno B, Raykova M, Vaikuntanathan V (2012) How to delegate and verify in public: verifiable computation from attribute-based encryption. In: Proceedings of the 9th theory of cryptography conference, TCC 2012, Taormina, Sicily, Italy, in: Lect. Notes Comput. Science, vol 7194, Springer, March 2012, pp 422–439

    Google Scholar 

  61. Di Crescenzo G, Khodjaeva M, Kahrobaei D, Shpilrain V (2017) Computing multiple exponentiations in discrete log and RSA groups: from batch verification to batch delegation. In: Proceedings of 3rd IEEE workshop on security and privacy in the cloud. IEEE

    Google Scholar 

  62. Bellare M, Garay J, Rabin T (1998) Fast batch verification for modular exponentiation and digital signatures. Proc Eurocrypt, Springer, pp 236–250

    Google Scholar 

  63. Wang Y, Wu Q, Wong D, Qin B, Chow S, Liu Z, Tao X (2014) Securely outsourcing exponentiations with single untrusted program for cloud storage. In: Proceedings of computer security-ESORICS 2014. Springer, pp 326–343

    Google Scholar 

  64. Arbit A, Livne Y, Oren Y, Wool A (2015) Implementing public-key cryptography on passive RFID tags is practical. Int J Inf Sec 14(1):85–99

    Article  Google Scholar 

  65. Chen X, Li J, Ma J, Tang Q, Lou W (2012) New algorithms for secure outsourcing of modular exponentiations. In: Computer security–ESORICS 2012, pp 541–556

    Chapter  Google Scholar 

  66. Ye J, Chen X, Ma J (2015) An improved algorithm for secure outsourcing of modular exponentiations. In: Proceedings of 29th international conference on advanced information networking and applications, March 2015, pp 73–76

    Google Scholar 

  67. Ding Y, Xu Z, Ye J, Choo K (2017) Secure outsourcing of modular exponentiations under single untrusted programme model. J Comput Syst Sci 90, C Academic Press, Inc., 1–13

    Google Scholar 

  68. Cavallo B, Di Crescenzo G, Kahrobaei D, Shpilrain V (2015) Efficient and secure delegation of group exponentiation to a single server. In: International workshop on radio frequency identification: security and privacy issues. Springer, pp 156–173

    Google Scholar 

  69. Di Crescenzo G, Khodjaeva M, Kahrobaei D, Shpilrain V (2018) Efficient and secure delegation to a single malicious server: exponentiation over non-abelian groups.Springer Lecture Notes in Computer Science

    Google Scholar 

  70. Di Crescenzo G, Khodjaeva M, Kahrobaei D, Shpilrain V (2017) Practical and secure outsourcing of discrete log group exponentiation to a single malicious server. In: Proceedings of 9th ACM cloud computing security workshop (CCSW), pp 17–28

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Cybercrime Studies, John Jay College of Criminal Justice, The City University of New York, New York, USA

    Matluba Khodjaeva, Muath Obaidat & Douglas Salane

Authors
  1. Matluba Khodjaeva
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muath Obaidat
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Douglas Salane
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Matluba Khodjaeva .

Editor information

Editors and Affiliations

  1. Northampton University, Northampton, UK

    Zaigham Mahmood

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Khodjaeva, M., Obaidat, M., Salane, D. (2019). Mitigating Threats and Vulnerabilities of RFID in IoT Through Outsourcing Computations for Public Key Cryptography. In: Mahmood, Z. (eds) Security, Privacy and Trust in the IoT Environment. Springer, Cham. https://doi.org/10.1007/978-3-030-18075-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-18075-1_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-18074-4

  • Online ISBN: 978-3-030-18075-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation