Abstract
The widespread use of IoT devices that rely on Radio Frequency IDentification (RFID) technologies has resulted in numerous benefits; however, device connectivity has also created numerous security threats and vulnerabilities. This is due to the nature of the wireless links and the limited computational capabilities of such devices. However, until now, there has not been a noteworthy practical solution to many of the security issues related to the RFID technology. This chapter addresses the major threats and vulnerabilities related to RFID technologies in the IoT environment. In addition, it reviews some of the recently proposed cryptographic solutions as countermeasures for security and privacy issues. These solutions allow devices with limited computational resources to use asymmetric cryptographic encryption techniques in robust cryptographic protocols. In addition, these solutions, through delegation of exponentiation techniques, satisfy four core requirements, viz., correctness, privacy, efficiency, and security. Moreover, they ensure that the probability, which an untrusted server can convince a client (RFID) of an incorrect computational result, is exponentially small (almost equal to zero). This has a significant impact on the adoption of the said technologies in fields and areas where the use of RFID technology has not been considered. The solutions proposed in this chapter enable RFID technology to be more secure and be part of the IoT vision as a trusted technology, which can be adopted in any field globally without having concerns regarding privacy, security, and trust.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ericsson (2016) Ericsson Mobility Report, On the pulse of the networked society, Report, Jun 2016
Kamble A, Malemath VS, Patil D (2017) Security attacks and secure routing protocols in RPL-based Internet of Things: survey. In: International conference on emerging trends & innovation in ICT (ICEI), Pune Institute of Computer Technology, Pune, India, Feb 3–5, 2017
Gartner Inc. (2015) Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015. http://www.gartner.com/newsroom/id/3165317, Nov. 2015. Accessed December 2018
Karnouskos S, Marrn PJ, Fortino G, Mottola L, Martinez JR de Dios (2014) Applications and markets for cooperating objects. Springer Briefs in Electrical and Computer Engineering, Springer
Nokia (2016) A buyers and influencers guide to connected device management, for all things connected in mobile, home and IoT, Strategic Whitepaper, Jul 2016
Statista (2015) Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025 (in billions). https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/. Accessed Dec 2018
Dave E (2011) The Internet of Things: how the next evolution of the internet is changing everything, CISCO. Accessed Dec 2018. http://www.cisco.com/web/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf
Press Release, Strategy Analytics (2014) M2M market will generate $242 billion revenue by 2022. https://www4.strategyanalytics.com/default.aspx?mod=pressreleaseviewer&a0=5468. Accessed on December 2018
Kim S, Mariotti C, Alimenti F, Mezzanotte P, Georgiadis A, Collado A, Roselli L, Tentzeris M (2013) No battery required: Perpetual RFID-enabled wireless sensors for cognitive intelligence applications. Microw Mag IEEE 14(5):66–77
Roselli L et al (2015) Review of the present technologies concurrently contributing to the implementation of the Internet of Things (IoT) paradigm: RFID, green electronics, WPT and energy harvesting. In: IEEE Topical conference on wireless sensors and sensor networks (WiSNet), San Diego, CA, pp 1–3
IoT-A, (2014) Internet of Things – architecture Io-A deliverable D1.3 updated reference model for IoT v1.5. http://cocoa.ethz.ch/downloads/2014/01/1524_D1.3_Architectural_Reference_Model_update.pdf. Accessed Dec 2018
Industrial internet consortium (2015) Industrial internet reference architecture v 1.8, https://www.iiconsortium.org/IIRA.htm. Accessed Dec 2018
ZVEI Die Elektroindutrie (2015) The reference architectural model RAMI 4.0 and the Industrie 4.0 component, https://www.zvei.org/en/subjects/industry-4–0/the-reference-architectural-model-rami-40-and-the-industrie-40-component/. Accessed Dec 2018
Cisco (2014) Building the Internet of Things. https://www.cisco.com/c/dam/global/en_ph/assets/ciscoconnect/pdf/bigdata/jim_green_cisco_connect.pdf. Accessed Dec 2018
Gluhak et al (2011) An architectural blueprint for a real-world internet. The Future Internet, Lecture Notes in Computer Science, vol 6656, pp 67–80
Chaqfeh MA, Mohamed N (2012) Challenges in middleware solutions for the Internet of Things. In: Proceedings of international conference CTS, pp 21–26
Khan R, Khan SU, Zaheer R, Khan S (2012) Future internet: The Internet of Things architecture, possible applications and key challenges. In: Proceedings of 10th international conference FIT, pp 257–260
Tan L, Wang N (2010) Future internet: The Internet of Things. In: Proceedings of 3rd ICACTE, 2010, V5, pp 376–380
Grover A, Berghel H (2011) A survey of RFID deployment and security issues, Korea Science. J Informat Process Syst 7(4)
Weis SA, Sarma SE, Rivest RL, Engels DW (2004) Security and privacy aspects of low-cost radio frequency identification systems. In: Proceedings of 1st international conference security pervasive computing, pp 201–212
Wu M, Lu TJ, Ling FY, Sun J, Du HY (2010) Research on the architecture of Internet of Things. In: Proceedings of 3rd ICACTE, 2010, pp V5-484–V5-487
Yang Z et al (2011) Study and application on the architecture and key technologies for IOT. In: Proceedings of ICMT, pp 747–751
Mitrokotsa A, Rieback MR, Tanenbaum (2010) Classifying RFID attacks and defenses. A.S. Informat Syst Front 12(5):491–505. https://doi.org/10.1007/s10796-009-9210-z
Frustaci M, Pace P, Aloi G, Fortino G (2018) Evaluating critical security issues of the IoT world: present and future challenges. IEEE Internet of Things J 5(4):2483–2495
Lin J, Yu W, Zhang N, Yang X, Zhang H, Zhao W (2017) A survey on internet of things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet of Things J 4(5):1125–1142
Anderson R, Kuhn M (1996) Tamper resistance-a cautionary note. In: Second USENIX workshop on electronic commerce proceedings, Oakland, California, November 18–21, 1996, pp 1–11
Zhao K, Ge L (2013) A Survey on the Internet of Things security. In: 2013 ninth international conference on computational intelligence and security, Leshan, pp 663–667
Weingart SH (2000) Physical security devices for computer subsystems: a survey of attacks and defenses. In: Koç ÇK, Paar C (eds) Cryptographic hardware and embedded systems- CHES 2000. CHES 2000. Lecture Notes in Computer Science, vol 1965. Springer, Berlin, Heidelberg
Mosenia A, Jha NK (2017), A comprehensive study of security of Internet-of-Things. IEEE Trans Emerg Topics Comput 5(4):586–602
C3 Public Wiki (2006) RFID-Zapper (EN). https://events.ccc.de/congress/2005/static/r/f/i/RFID-Zapper(EN)_77f3.html. Accessed Dec 2018
Deogirikar J, Vidhate A (2017) Security attacks in IoT: a survey. In: International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC 2017)
Kashif L, Shamsi JA (2015) A study of security issues, vulnerabilities and challenges in internet of things. Secur Cyber-Phys Syst 221
Lan L (2012) Study on security architecture in the Internet of Things. In: Proceedings of 2012 international conference on measurement, information and control, Harbin, China, pp 374–377
Ahemd MM, Shah MA, Wahid A (2017) IoT security: a layered approach for attacks and defenses. In: International conference on communication technologies (ComTech), Rawalpindi, 2017, pp 104–110
Andrea C Chrysostomou, Hadjichristofi G (2015) Internet of Things: Security vulnerabilities and challenges, IEEE Symposium on Computers and Communication (ISCC). Larnaca 2015:180–187
Syverson P (1994) A taxonomy of replay attacks [cryptographic protocols]. In: Proceedings the computer security foundations workshop VII, Franconia, NH, USA, pp 187–191
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Wiener M (ed) Advances in cryptology CRYPTO’ 99. CRYPTO 1999. Lecture Notes in Computer Science, vol 1666. Springer, Berlin, Heidelberg
Messerges TS, Dabbish EA, Sloan RH (1999) Power analysis attacks of modular exponentiation in smartcards. In: Koç ÇK, Paar C (eds) Cryptographic hardware and embedded systems. CHES 1999. Lecture Notes in Computer Science, vol 1717. Springer, Berlin, Heidelberg
Atamli W, Martin A (2014) Threat-based security analysis for the Internet of Things. International Workshop on Secure Internet of Things, Wroclaw 2014:35–43
Puthal D, Nepal S, Ranjan R, Chen J (2016) Threats to networking cloud and edge data centers in the Internet of Things. In: IEEE cloud computing, vol 3, no 3, pp 64–71
Sopori D, Pawar T, Patil M, Ravindran R (2017) Internet of things: security threats. Int J Advanc Res Comput Eng Technol (IJARCET), 6(3), ISSN 2278 – 1323
Mahmoud R, Yousuf T, Aloul F, Zualkernan I (2015) Internet of Things (IoT) security: current status, challenges and prospective measures. In: the 10th international conference for internet technology and secured transactions (ICITST-2015)
Juels A, Rivest RL, Szydlo M (2003) The blocker tag: Selective blocking of RFID tags for consumer privacy. In: Proceedings of ACM 10th conference on computing and communication security, pp 103–111
Kim DS, Shin TH, Park JS (2006) Access control and authorization for security of RFID multi-domain using SAML and XACML. In: International Conference on Computational Intelligence and Security, Guangzhou, pp 1587–1590
Uttarkar R, Kulkarni R (2014) Internet of things: architecture and security. Int J Comput Appl 3(4):2014
Thakur BS, Chaudhary S (2013) Content sniffing attack detection in client and server side: a survey. Int J Advanc Comput Res (IJACR) 3
Halim T, Islam Md. R, (2012) A study on the security issues in WSN. Int J Comput Appl (0975 – 8887), 53(1)
Khoo B (2011) RFID as an enabler of the internet of things: issues of security and privacy. In: International conference on internet of things and 4th international conference on cyber, physical and social computing, Dalian, pp 709–712
Pedro P, Julio H, Juan T, Li T, Li Y (2010) Vulnerability analysis of RFID protocols for tag ownership transfer. Comput Netw 54(9):1502–1508. Research Collection School of Information Systems
Rieback MR, Crispo B, Tanenbaum AS (2006) Is your cat infected with a computer virus? In: Fourth annual IEEE international conference on pervasive computing and communications (PERCOM’06), Pisa, pp 10–179
Atallah M, Pantazopoulos KN, Rice J, Spafford E (2002) Secure outsourcing of scientific computations. Adv Comput 54:215–272
Hohenberger S, Lysyanskaya A (2005) How to securely outsource cryptographic computations. In: Proceedings of the theory of cryptography conference 2005. Springer, pp 264–282
Benjamin D, Atallah M (2008) Private and cheating-free outsourcing of algebraic computations. In: Sixth annual conference on privacy, security and trust, PST 2008, Fredericton, New Brunswick, Canada, Springer, October 2008, pp 240–245
Gentry C (2009) Fully homomorphic encryption using ideal lattices. In: STOC ’09, 2009, pp 169–178
Atallah M, Frikken K (2010) Securely outsourcing linear algebra computations. In: Proceedings of the 5th ACM symposium on information, computer and communications security. Springer, New York, 2010, pp 48–59
Gennaro R, Gentry C, Parno B (2010) Non-interactive verifiable computing: outsourcing computation to untrusted workers. Advanc Cryptol CRYPTO 2010, Lecture Notes Computer Science 6223, 465– 482
Yao AC (1982) Protocols for secure computations. In: Proceedings of the 23rd annual symposium on foundations of computer science, pp 160–168. IEEE Computer Society
Chung K, Kalaiand Y, Vadhan S (2010) Improved delegation of computation using fully homomorphic encryption. In: Proceedings of 30th annual cryptology conference, Santa Barbara, CA, USA, in: Lect. Notes Computer Science, vol 6223, Springer, August 2010, pp 483–501
Chung K, Kalaiand Y, Liu F (2011) Memory delegation. In: Proceedings of the 31st annual cryptology conference, Santa Barbara, CA, USA. Lecture Notes Computer Science, vol 6841, Springer, pp 151–168
Parno B, Raykova M, Vaikuntanathan V (2012) How to delegate and verify in public: verifiable computation from attribute-based encryption. In: Proceedings of the 9th theory of cryptography conference, TCC 2012, Taormina, Sicily, Italy, in: Lect. Notes Comput. Science, vol 7194, Springer, March 2012, pp 422–439
Di Crescenzo G, Khodjaeva M, Kahrobaei D, Shpilrain V (2017) Computing multiple exponentiations in discrete log and RSA groups: from batch verification to batch delegation. In: Proceedings of 3rd IEEE workshop on security and privacy in the cloud. IEEE
Bellare M, Garay J, Rabin T (1998) Fast batch verification for modular exponentiation and digital signatures. Proc Eurocrypt, Springer, pp 236–250
Wang Y, Wu Q, Wong D, Qin B, Chow S, Liu Z, Tao X (2014) Securely outsourcing exponentiations with single untrusted program for cloud storage. In: Proceedings of computer security-ESORICS 2014. Springer, pp 326–343
Arbit A, Livne Y, Oren Y, Wool A (2015) Implementing public-key cryptography on passive RFID tags is practical. Int J Inf Sec 14(1):85–99
Chen X, Li J, Ma J, Tang Q, Lou W (2012) New algorithms for secure outsourcing of modular exponentiations. In: Computer security–ESORICS 2012, pp 541–556
Ye J, Chen X, Ma J (2015) An improved algorithm for secure outsourcing of modular exponentiations. In: Proceedings of 29th international conference on advanced information networking and applications, March 2015, pp 73–76
Ding Y, Xu Z, Ye J, Choo K (2017) Secure outsourcing of modular exponentiations under single untrusted programme model. J Comput Syst Sci 90, C Academic Press, Inc., 1–13
Cavallo B, Di Crescenzo G, Kahrobaei D, Shpilrain V (2015) Efficient and secure delegation of group exponentiation to a single server. In: International workshop on radio frequency identification: security and privacy issues. Springer, pp 156–173
Di Crescenzo G, Khodjaeva M, Kahrobaei D, Shpilrain V (2018) Efficient and secure delegation to a single malicious server: exponentiation over non-abelian groups.Springer Lecture Notes in Computer Science
Di Crescenzo G, Khodjaeva M, Kahrobaei D, Shpilrain V (2017) Practical and secure outsourcing of discrete log group exponentiation to a single malicious server. In: Proceedings of 9th ACM cloud computing security workshop (CCSW), pp 17–28
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Khodjaeva, M., Obaidat, M., Salane, D. (2019). Mitigating Threats and Vulnerabilities of RFID in IoT Through Outsourcing Computations for Public Key Cryptography. In: Mahmood, Z. (eds) Security, Privacy and Trust in the IoT Environment. Springer, Cham. https://doi.org/10.1007/978-3-030-18075-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-18075-1_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-18074-4
Online ISBN: 978-3-030-18075-1
eBook Packages: Computer ScienceComputer Science (R0)