Recall the concept of Physically Unclonable Functions, which are an importantcomponent of hardware based security. Here is a simple scenario and simple protocol usingPUFs for authenticating a tag. In the protocol below, the Reader stores ALL possiblecombinations of Challenge-Response pairs for every tag it needs to authenticate. Duringauthentication, the Reader broadcasts the ID of the tag, and a greeting (Gn ). Every tag maysee this message, but only the one with the right ID will process the message. The right tagwith the ID in the message will then feed the greeting to its PUF and compute the responseSn. The response is then sent to the Reader. This should be clear from the Figure below. Forthe next round of authenticating the same Tag, the process repeats with a new Greeting(G n+1 ). Since the Reader has the responses, authentication is straightforward. Recall thatChallenges and Responses are typically 128 or 256 bit strings for RFIDs.From the protocol, and class, it should be clear that eavesdropping attacks are ineffective inthis protocol, since the attacker will be able to snoop on challenge response pairs for oneround. But this pair will not be used again, attackers gain no practical advantage. Also, sincethe PUF is not cloneable, attackers will not be able to generate the response expected. Thismuch should be clear. I agree that the Tag ID is sent in plaintext. Let us assume that privacyof the tag being searched is not a requirement (to keep it simple).Give one or two reasons as to why you will NOT recommend this protocol if you are in-chargeof securing RFID tags. Do not mention Plain Text Response, Replay Attacks, Man in theMiddle and Jamming attacks. These attacks are a problem, but I am looking for moreproblems, and importantly, problems unique to this protocol compared to what we saw inclass. Please think carefully. Be as descriptive as possible. If you see multiple problems, writeand describe them also.The conclusions you draw will ideally be general enough to apply to many challenge-response based security mechanisms.
Recall the concept of Physically Unclonable Functions, which are an importantcomponent of hardware based security. Here is a simple scenario and simple protocol usingPUFs for authenticating a tag. In the protocol below, the Reader stores ALL possiblecombinations of Challenge-Response pairs for every tag it needs to authenticate. Duringauthentication, the Reader broadcasts the ID of the tag, and a greeting (Gn ). Every tag maysee this message, but only the one with the right ID will process the message. The right tagwith the ID in the message will then feed the greeting to its PUF and compute the responseSn. The response is then sent to the Reader. This should be clear from the Figure below. Forthe next round of authenticating the same Tag, the process repeats with a new Greeting(G n+1 ). Since the Reader has the responses, authentication is straightforward. Recall thatChallenges and Responses are typically 128 or 256 bit strings for RFIDs.From the protocol, and class, it should be clear that eavesdropping attacks are ineffective inthis protocol, since the attacker will be able to snoop on challenge response pairs for oneround. But this pair will not be used again, attackers gain no practical advantage. Also, sincethe PUF is not cloneable, attackers will not be able to generate the response expected. Thismuch should be clear. I agree that the Tag ID is sent in plaintext. Let us assume that privacyof the tag being searched is not a requirement (to keep it simple).Give one or two reasons as to why you will NOT recommend this protocol if you are in-chargeof securing RFID tags. Do not mention Plain Text Response, Replay Attacks, Man in theMiddle and Jamming attacks. These attacks are a problem, but I am looking for moreproblems, and importantly, problems unique to this protocol compared to what we saw inclass. Please think carefully. Be as descriptive as possible. If you see multiple problems, writeand describe them also.The conclusions you draw will ideally be general enough to apply to many challenge-response based security mechanisms.
Related questions
Question
Recall the concept of Physically Unclonable Functions, which are an important
component of hardware based security. Here is a simple scenario and simple protocol using
PUFs for authenticating a tag. In the protocol below, the Reader stores ALL possible
combinations of Challenge-Response pairs for every tag it needs to authenticate. During
authentication, the Reader broadcasts the ID of the tag, and a greeting (Gn ). Every tag may
see this message, but only the one with the right ID will process the message. The right tag
with the ID in the message will then feed the greeting to its PUF and compute the response
Sn. The response is then sent to the Reader. This should be clear from the Figure below. For
the next round of authenticating the same Tag, the process repeats with a new Greeting
(G n+1 ). Since the Reader has the responses, authentication is straightforward. Recall that
Challenges and Responses are typically 128 or 256 bit strings for RFIDs.
From the protocol, and class, it should be clear that eavesdropping attacks are ineffective in
this protocol, since the attacker will be able to snoop on challenge response pairs for one
round. But this pair will not be used again, attackers gain no practical advantage. Also, since
the PUF is not cloneable, attackers will not be able to generate the response expected. This
much should be clear. I agree that the Tag ID is sent in plaintext. Let us assume that privacy
of the tag being searched is not a requirement (to keep it simple).
Give one or two reasons as to why you will NOT recommend this protocol if you are in-charge
of securing RFID tags. Do not mention Plain Text Response, Replay Attacks, Man in the
Middle and Jamming attacks. These attacks are a problem, but I am looking for more
problems, and importantly, problems unique to this protocol compared to what we saw in
class. Please think carefully. Be as descriptive as possible. If you see multiple problems, write
and describe them also.
The conclusions you draw will ideally be general enough to apply to many challenge-
response based securitymechanisms.
component of hardware based security. Here is a simple scenario and simple protocol using
PUFs for authenticating a tag. In the protocol below, the Reader stores ALL possible
combinations of Challenge-Response pairs for every tag it needs to authenticate. During
authentication, the Reader broadcasts the ID of the tag, and a greeting (Gn ). Every tag may
see this message, but only the one with the right ID will process the message. The right tag
with the ID in the message will then feed the greeting to its PUF and compute the response
Sn. The response is then sent to the Reader. This should be clear from the Figure below. For
the next round of authenticating the same Tag, the process repeats with a new Greeting
(G n+1 ). Since the Reader has the responses, authentication is straightforward. Recall that
Challenges and Responses are typically 128 or 256 bit strings for RFIDs.
From the protocol, and class, it should be clear that eavesdropping attacks are ineffective in
this protocol, since the attacker will be able to snoop on challenge response pairs for one
round. But this pair will not be used again, attackers gain no practical advantage. Also, since
the PUF is not cloneable, attackers will not be able to generate the response expected. This
much should be clear. I agree that the Tag ID is sent in plaintext. Let us assume that privacy
of the tag being searched is not a requirement (to keep it simple).
Give one or two reasons as to why you will NOT recommend this protocol if you are in-charge
of securing RFID tags. Do not mention Plain Text Response, Replay Attacks, Man in the
Middle and Jamming attacks. These attacks are a problem, but I am looking for more
problems, and importantly, problems unique to this protocol compared to what we saw in
class. Please think carefully. Be as descriptive as possible. If you see multiple problems, write
and describe them also.
The conclusions you draw will ideally be general enough to apply to many challenge-
response based security
AI-Generated Solution
AI-generated content may present inaccurate or offensive content that does not represent bartleby’s views.
Unlock instant AI solutions
Tap the button
to generate a solution