Chaojing Tang

Yi Liu, Xingtong Liu, Lei Zhang et al.

Electronic payment protocols play a vital role in electronic commerce security, which is essential for secure operation of electronic commerce activities. Formal method is an effective way to verify the security of protocols. But current formal method lacks the description and analysis of timeliness in electronic payment protocols. In order to improve analysis ability, a novel approach to analyze security properties such as accountability, fairness and timeliness in electronic payment protocols is proposed in this paper. This approach extends an existing logical method by adding a concise time expression and analysis method. It enables to describe the event time, and extends the time characteristics of logical inference rules. We analyzed the Netbill protocol with the new approach and found that the fairness of the protocol is not satisfied, due to timeliness problem. The result illustrates the new approach is able to analyze the key properties of electronic payment protocols. Furthermore, the new approach can be introduced to analyze other time properties of cryptographic protocols.

Wei Xie, Chen Zhang, Quan Zhang et al.

This paper address a new problem in RFID authentication research for the first time. That is, existing RFID authentication schemes generally assume that the backend server is absolutely secure, however, this assumption is rarely tenable in practical conditions. It disables existing RFID authentication protocols from being safely applied to a reallife scenario in which the backend server is actually vulnerable, compromised or even malicious itself. We propose an RFID authentication scheme against an unsecure backend server. It is based on hash chain, searching over encrypted data, and coprivacy, defending against the privacy revealing to the backend server. The proposed scheme is scalable, resistant to desynchronization attacks, and provides mutual authentication in only three frontend communication steps. Moreover, it is the first scheme meeting the special security and privacy requirement for a cloud-based RFID authentication scenario in which the backend server is untrustworthy to readers held by cloud clients.

Wei Xie, Chen Zhang, Quan Zhang et al.

Along with the development of internet of things and pervasive computing, researchers are increasingly focusing on server-less RFID authentication and searching protocols, which utilize mobile RFID readers. However, revealing privacy of mobile reader holders is a widely neglected problem in current research. This paper concentrates on preserving privacy of mobile reader holders in server-less RFID authentication and searching protocols. We propose a detailed requirement as a principle for future protocol designs, and a scheme to enhance most current protocols. We apply our scheme to two classical protocols. The comparisons between the original and our enhanced protocols show that our scheme is secure and effective.