In this paper we analyze the security of SEAS Protocol. The only security goal of this Protocol is to authenticate the RFID tag to the RFID reader which, in this paper, we show that the Protocol does not satisfy this property. Hence, we do not recommend this Protocol to be employed in any application. In this paper we present a tag impersonation attack against it. Tag impersonation attack is a forgery attack in which the reader authenticates the attacker as a legitimate tag. Our tag impersonation attack’s success probability, which is the first attack against the SEAS Protocol to the best of our knowledge, is “1” and its complexity is only two runs of Protocol.

Authentication Protocols are tools used to ensure the identity of the parties in cyberspace. If these Protocols are compromised، the cyber security is threatened. These threats are of paramount importance in military applications. Recently، in [1] an Authentication Protocol، called SPRS has been considered and several attacks such as secret disclosure attack، tag impersonation attack and tag traceability attack have been applied on it. In addition، authors of that paper، presented the improved version of the Protocol and claimed the improved Protocol، unlike its predecessor، is secure against the attacks applied on the predecessor version and also other active and passive attacks. In this paper، we show that unfortunately، the security claims of authors do not hold and the improved Protocol is also vulnerable against secret disclosure attack and tag traceability attack. We offer two versions of the secret disclosure attack which are offline and online versions. The basis of the attacks presented in this paper is that given Y=PRNG(X) and PRNG function is a public function and X and Y are 16 bits، performing an exhaustive search to find X as a pre-image of Y with a maximum of 216 off-line evaluations of PRNG function is possible. The offline version of the attack with the complexity of one run of Protocol eavesdropping and doing 233 evaluations of PRNG function can disclose 4 secret values of Protocol i. e. Ki، Pi، NT and EPCS which are 16 bits and the online version of the attack with the complexity of two times impersonating the reader and doing 217 evaluations of PRNG function can disclose these 4 secret values of Protocol. Given these secret disclosure attacks، the improved Protocol is not secure against other active and passive attacks as well. In addition، we propose a tag traceability attack to trace a given tag which does not depend on the length of the output of the PRNG function. Given this attack، an adversary can trace a given tag between any two sessions with the reader.

RFID (Radio Frequency Identification) is a new technology which is used in many applications. Security and privacy are two concerns of RFID technology. To address these concerns, many Protocols have been proposed, which each of them has advantages and disadvantages. In this paper after introducing three lightweight matrixes based RFID Authentication Protocols, the feasibility of some attacks such as de-synchronization attack, reader impersonation attack and tag traceability attack against these Protocols have been investigated. In addition, we also have tried to address disadvantages of theses Protocols by proposing an improved Authentication Protocol.In an improved Protocol we exploit two lightweight pseudorandom number generators (AKARI-1 and AKARI-2) with maximum 128 bit and 64 bit. Hence, proposed Protocol is still conforming to EPC Class-1 Gen-2 standard and can provide its requirements.

The smart home is an important Internet of Things applications. Due to the smartphones development, expansion of their network, and growing the data transfer rate, security in personal life has become a dramatic challenge. Therefore, it is essential to secure such a system to create a sense of relaxation in the lives of users and homeowners to deal with possible occurrences. The integration of technologies for the automation of home affairs with the Internet of things means that all physical objects can be accessed on cyberspace; therefore, the concerns raised by users about the lack of privacy and security are serious arguments that science and technology should answer. Therefore, addressing security issues is a crucial necessity for the development of the smart homes. Although Authentication Protocols have been proposed based on smart cards for multi-server architectures, their schemes cannot protect the system against stolen smart cards and dictionary attacks in the login phase and do not satisfy perfect forward secrecy. To overcome these limitations, this paper proposes an anonymous, secure Protocol in connected smart home environments, using solely lightweight operations. The proposed Protocol in this paper provides efficient Authentication, key agreement, and enables the anonymity of devices and unlinkability. It is demonstrated that the computation complexity of the Protocol is low as compared to the existing schemes, while security has been significantly improved. This Protocol ensures that even if the stakeholder’ s device or the IoT device is attacked, they are robust against them.

Nowadays, RFID technology is using widely in our daily lives. This technology is used in many applications such as healthcare, military, identifying friend or foe of fighter-aircraft and etc. In order to provide security and privacy of RFID systems, different Authentication Protocols have been proposed. Pang proposed a RFID Authentication Protocol based on EPC C-1 G-2 standard. They claimed that their Protocol is secure against various attacks and provides user privacy. It is shown that Protocol proposed by pang is not safe and suffer from attacks such as tag ID exposure, tag impersonation, reader impersonation and de-synchronization. Also to enhance security of RFID users, an improved version of this Protocol is proposed, showing that it is secure against aforementioned attacks. In addition, complexity and efficiency of the improved Protocol is compared with some similar ones and it is shown that the improved Protocol is completely secure. Eventually, security of the improved Protocol is compared with some existed Protocols.

In recent years, cyber security has become one of the main objectives of military organizations. On the other hand, forces identification, Authentication and their security have become one of the basic needs of military centers. Although data encryption prevents user access to data contents, an attacker can forges exchanged data by access to communications channels. As a result, providing secure Protocols for Authentication systems, to prevent different attacks is very important. In this paper, we cryptanalyze a mutual RFID Authentication Protocol (SPRS) that presented in 2013. Unlike climes of the designers of Protocol, we show that their Protocol has some weaknesses yet and does not secure against some attacks such as rival secret values, tag impersonation and tractability. Then, an improved version of SPRS Protocol is proposed that eliminates SPRS weaknesses. Also, the security and the privacy of proposed Protocol are compared with some mutual Authentication Protocols that proposed recently.

Today, with the ever-expanding IoT, information technology has led the physical world to interact more with stimuli, sensors, and devices. The result of this interaction is communication "anytime, anywhere" in the real world. A research gap that can be felt in addition to providing a multi-layered and highly secure Protocol (a Protocol that simultaneously performs Authentication) and at the same time has a low computational burden. Therefore, in the field of health and treatment and for the purpose of remote monitoring of patients with physical and mental disabilities (such as patients with cerebral palsy and spinal cord amputation) there is an urgent need for a very safe Protocol. The Protocol we propose in this study is a two-layer Protocol called "Identification-Authentication" which is based on EEG and fingerprint. Also, our Authentication step is the modified Diffie-Hellman algorithm. This algorithm needs to be modified due to a security problem (the presence of a third person) that the proposed method is able to authenticate the patient with very high accuracy and high speed by receiving the patient's fingerprint and EEG signal. The proposed Protocol was evaluated using data from 40 patients with spinal cord injury. The implementation results show more security of this Protocol, Validity of the proposed Protocol is checked and the processing time of Authentication stage is decrease to 0. 0215 seconds.

In recent years, the Internet of Things (IoT) networks have extensively been used in various practical field, one of the most important of which is medical Internet of Things (MIoT). In these networks, radio frequency identification (RFID) is one of the main technologies in creating an Authentication system that is able to efficiently identify and identify medical equipment and patients. Therefore, researchers in this field have proposed different Authentication Protocols for RFID-based MIOT systems and claimed that they are resistant to active and passive attacks. Contrary to their claims, most of these Protocols are not resistant to conventional attacks. Fan et al. have recently proposed a lightweight RFID Authentication scheme for cloud-based RFID health-care systems and claimed that it is sufficiently efficient and secure. In this paper, we analyzed the Fan et al Protocole and demonstrated that their Protocol is vulnerable to replay, reader impersonation, tag tracking, and de-synchronization attacks. Moreover, we show how the similarity of some of their Protocol messages causes attack. Then, we propose an improved Protocol (LRAMP) that is resistant to these and other known attacks in RFID Authentication Protocol. According to security analysis, we can see that the LRAPM Protocol has a high level of security. This high security can only be achieved by adding a new message and changing other messages. A comparison of the performance of the LRAPM Protocol shows that this Protocol is comparable to similar Protocols in terms of computational costs, storage costs and communication costs.