- Consider the Protocol for Secure Search in RFID systems, which we discussed in class. The protocol should be clear to you. Here Gn+1 denotes the response of the PUF to input Gn. In this protocol, the RFID tag sends Gn+1 and Gn+2 to the Reader as a response to a challenge in a particular round. The idea is to inform the Reader what the next challenge should be, and what the expected response for that challenge will be. For the next round of authentication, the reader will send this Gn+1 to the tag and will expect this Gn+2 from the Tag, and the process repeats. Assume that the Tag stores Gn+1 and Gn+2. This makes sense because the Tag need not do the PUF computation again to save energy. If an attacker, can somehow read the contents of a Tag (one time), the attacker can then try to clone the tag by copying the stored Gn+1 and Gn+2, along with LFSR, K and ID. The PUF clearly cannot be cloned. Do you see a security threat in such a type of attack? Note again that just because contents of a tag is read, the PUF in the tag cannot be cloned. Be as detailed as possible in identifying the security issues.
On the off chance that the substance of the tag is by one means or another copied to another tag, the new tag won’t have the capacity to emulate the conduct of the first tag, on the grounds that no two PUF circuits act in the very same way. In any case, the reader gazes upward the tuples of all tags by the got ID. When it finds the Gn relating to the ID, it sends back the ID alongside the Gn+1 to the tag. Since the tag knows that exclusive the reader and itself know the Gn+1, it can validate this reader. The situation in the inquiry is likewise comparable and this unquestionably is a worry. To begin with, anybody catching the ID can track the tag later on. Second, anybody can take in the three privileged insights in the wake of catching the greater part of the messages and mimic either the reader or the tag later on. Third, to keep from imitating assaults, the convention can be utilized just once. Basically, the greater part of the issues emerges for the same reason, that is, the messages are not shielded from eavesdropping assaults. The new reader sends a safe solicitation to the TTP, utilizing Gn+1 as confirmation that it has entry rights to the tag. Since the old proprietor of the tag has seen the estimations of Gn, Gn+1 and Gn+2 in past traded messages, he has no learning of the new G’n or G ‘n+1 which are the yields of the PUF function. At the end of the day, without the right estimations of G ‘n and G ‘n+1, the old proprietor can’t get to the tag any more. To secure (G’n, G’n+1) from being listened stealthily from the old proprietor and different noxious busybodies, the tag creates another two arbitrary numbers utilizing PIN:
K’n = LFSR(Kn)
K ‘n = LFSR(Kn’)
2. Recall the schemes for secure incentivization in Vehicular Networks. For the case of n-level dissemination, the scheme presented was based on Onion Vouchers. Consider another scheme below. All terminologies are the same as used in the presentation.
The Ad distribution point S, generates an integer n that denotes the number of levels allowed for dissemination. The term α is a random number. HHnn (αα) means that Hash function HH is applied n times on
α. When a node u gets this message, it disseminates the Ad to node v as follows, and collects receipts.
In the first part of the message, node u decrements n, and sends H(α) to node v, along with the Ad. Node v sends the receipt in the second part of the above message.
If n-1 is still not zero, node v can forward the ad further. Its exchange with node x will look like below. The meaning should be clear.
Essentially, the value of n will decide how long an ad propagates. If its value after a decrement reaches zero, the ad should not be forwarded. This is expected to limit dissemination to n levels only.
a. Explain one security vulnerability of this protocol in detail.
The source ought to confer a settled measure of prize Vr for the weighted remunerating. The vehicles that take an interest in the sending will get an offer of the aggregate prize. Nonetheless, the offer is separated by computed weight rather than direct commitment esteem in this technique. In the tree representation, every hub splashes the bundle to its youngster hubs. To energize showering, we have to interface the youngsters’ commitment while ascertaining a hub’s weight. In light of the commitment estimation, the weighted compensating segment uses a curved function to ascertain every vehicle’s weight and apportion rewards as indicated by the computed weights.
The presence of a power trusted by both the RFID reader and the tags, named the Trusted Third Party (TTP). The principle undertaking of the TTP is to help the reader and the tag to develop another confirmation pair of (G’n, G’n+1), with the end goal that the reader and the tag can begin the shared validation process. The second possession exchange convention includes no outsider, rather, the deviated correspondence between the reader and the tag is expected: the tag-to-reader reach is much littler than the reader to-tag extend, and is accepted not to be blocked/listened in by the enemies. To start the exchange of the tag, the old proprietor gives its put away tuple (IDS, ID, Gn+1) to the new proprietor, then, it illuminates the TTP about the check pair (Gn, Gn+1). A mystery PIN is safely shared between the TTP and the tag. The PIN is preloaded in the tag equipment amid generation and is not open to anybody, e.g., neither the past and the present proprietor of the tag thinks about the estimation of PIN.
The TTP can check if they got Gn+1 from the new reader measures up to the one got from the past proprietor, if yes, then the new reader gets confirmed. At that point the TTP sends Kn ⊕ Gn ⊕ PIN to the reader, where Kn is the LFSR result utilizing PIN as the seed: Kn = LFSR(PIN)