Abstract. This work aims to identify the algebraic problems which enable many attacks on RFID protocols. Toward this goal, three emerging types of attacks on RFID protocols, concerning authentication, untraceability, and secrecy are discussed. We demonstrate the types of attacks by exhibiting previously unpublished vulnerabilities in several protocols and referring to various other flawed protocols.The common theme in these attacks is the fact that the algebraic properties of operators employed by the protocols are abused. While the methodology is applicable to any operator with algebraic properties, the protocols considered in this paper make use of xor, modular addition, and elliptic curve point addition.
Abstract.We give an intuitive formal definition of untraceability in the standard Dolev-Yao intruder model, inspired by existing definitions of anonymity. We show how to verify whether communication protocols satisfy the untraceability property and apply our methods to known RFID protocols. We show a previously unknown attack on a published RFID protocol and use our framework to prove that the protocol is not untraceable.
Abstract. We present a formal model for stateful security protocols. This model is used to define ownership and ownership transfer as concepts as well as security properties. These definitions are based on an intuitive notion of ownership related to physical ownership. They are aimed at RFID systems, but should be applicable to any scenario sharing the same intuition of ownership. We discuss the connection between ownership and the notion of desynchronization resistance and give the first formal definition of the latter. We apply our definitions to existing RFID protocols, exhibiting attacks on desynchronization resistance, secure ownership, and secure ownership transfer.
A number of applications based on personal health records (PHRs) are emerging in the field of health care and wellness. PHRs empower patients by giving them control over their health data. Health data for PHRs can be supplied by patients, wellness providers and health care providers. Health care providers may use the PHRs to provide medical care. Unfortunately, the quality of the health data cannot be guaranteed in all cases (e.g. consider cases where non-professionals such as patients and wellness providers supplied the data).To address this problem, we present in this paper Hedaquin, a system that provides health care professionals with an indication of the quality of health data in a PHR. This indication is based on the reputation of the supplier and on metadata provided by measurement devices. The proposed reputation system mimics the way trust in health data and their suppliers is built in the real world. Hedaquin uses the Beta reputation system as a starting point and extends it in several directions to cover specific PHR requirements. Firstly, Hedaquin supports the automatic calculation of a rating based on a repeated measurement. Secondly, certificates for the user such as diplomas are taken into account. Thirdly, Hedaquin calculates reputation for different scopes in order to discriminate among different tasks the suppliers of health data can perform. Finally, the time difference between the ratings and the calculation of the reputation influences the weight that is given to a rating.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.