M.S. Theses

Permanent URI for this collection

https://digitalarchive.library.bogazici.edu.tr/handle/123456789/11645

Browse

Browsing M.S. Theses by Author "Akgün, Mete."

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    PUF-enhanced scalable RFID security and privacy
    (Thesis (M.S.) - Bogazici University. Institute for Graduate Studies in Science and Engineering, 2021., 2021.) Kurt, Işıl.; Alagöz, Fatih.; Akgün, Mete.
    Radio Frequency ldentification (RFID) is a very promising technology that enables the automatic identification of objects. However, it has some challenging issues such as scalability. Almost all of the existing solutions require the back end server to work linear in the number of tags in order to identify a single tag. There are some proposals providing 0(1) or O(log n) identification complexity, yet, most of them are susceptible to serious attacks including RFID tag corruption attacks. Besides, only a few of them take attacks into consideration for the reader side. Nevertheless, they do not have the desired level of privacy to provide resistance against compromising attacks on both the tag side and the reader side. In this research, we analyze the existing RFID protocols and specify the open problems that cause scalability and privacy concerns. We extend the predefined privacy model of Vaudenay by considering reader side attacks, and then propose a privacypreserving RFID authentication protocol that does not require any search operation in the back end. It provides resistance against tag and reader corruption attacks by using Physically Unclonable Functions (PUFs) as secure storage to keep secrets of the sy stem. Our protocol provides destructive privacy for tag holders in case of reader corruption attacks without any conditions. Additionally, our protocol allows readers to work offiine by transferring the necessary database records to them and still provides destructive privacy in case of corruption of offiine readers. To the best of our knowledge, it is the first protocol providing such a high privacy level without lookup property.
  • Thumbnail Image
    Item
    Security and privacy in radio frequency identification
    (Thesis (M.S.)-Bogazici University. Institute for Graduate Studies in Science and Engineering, 2009., 2009.) Akgün, Mete.; Çağlayan M. Ufuk.; Anarım Emin.
    This thesis studies security and privacy issues of Radio Frequency Identi cation (RFID) technology that enhances ubiquitous computing environment. RFID technology is used to identify many types of objects. Some of the main applications are asset management, tracking, access control and automated payment. Therefore, in the near future, this technology will replace the barcode technology. However, privacy is one of main issues to adopt RFID technology in daily use. Due to resource constraints of low cost RFID tags in terms circuit size, power consumption and memory size, it is very restricted to design a private authentication protocol based on existing cryptographic functions. Therefore new private authentication protocols based on lightweight cryptography are required to use low cost RFID tags in RFID applications. In this thesis, we focus on low cost RFID tags. Our contributions are as follows. Firstly, we propose a new strong privacy model called ACAP for RFID systems and analyze the privacy of a former authentication protocol based on our privacy model. Former proposal assumes that the adversary should miss any reader-to-tag communication ows and claims that their protocol is secure against forward traceability only in such communication environment. We show that even under such an assumption, the former proposed protocol is not secure. We propose a new RFID authentication protocol called ACA. We analyze its security based on our privacy model. The proposed protocol provides better protection against privacy and security threats than those before. It is resistant to server impersonation attack without any assumption and secure against forward traceability, if the adversary misses any reader-to-tag communication ows. Furthermore, we analyze the performance of ACA. It has low computational load on both the tag and the server side. Secondly, we analyze the privacy and security of another former proposal SAPA (Storage Awareness Private Authentication) and discover that SAPA does not provide location and information privacy between successful authentication sessions and does not resist denial of service attacks, forward traceability, and server impersonation. We analyze the weaknesses of SAPA and propose a new tree based RFID authentication protocol called ACAT. ACAT provides better protection against privacy and security threats than those before. It provides tag information privacy and tag location privacy, and resists replay attacks, denial of service attacks, backward traceability, forward traceability (under an assumption), and server impersonation with an e cient keylookup. Furthermore, ACAT has the least computation and communication load on both the tag and the server side compared to other tree based protocols.