A Lightweight Authentication and Encryption Protocol for Secure Communications Between Resource-Limited Devices Without Hardware Modification: Resource-Limited Device Authentication

Introduction

Resource-Limited Wireless Device use is growing rapidly. This growth rate is expected to rise even higher when RFID transponders begin to replace Barcodes on a larger scale (Tanwar & Kumar, 2017). Some of the applications of these devices pose a security threat which can be addressed using cryptographic techniques (Kumawat et al., 2017). Most of the currently used cryptographic solutions are predicated on the existence of ample processing power and memory. These demands cannot be met by most ubiquitous computing devices, thus there is a need to apply lightweight cryptography primitives that meet security demands when considering devices with low resources.

A Risk Analysis of threats associated with the usage of Wireless Sensor Networks or RFID systems for the item-level stock control and temperature monitoring include the following:

• •

  Tag/Sensor Cloning: A serious threat related to the counterfeiting of medicines with a high likely-hood of occurrence (Juels, 2005). Can be addressed with a strong encryption and authentication system.

• •

  Tag/Sensor Tracing: A threat related to unauthorised Track & Trace of a Sensor/Tag movement throughout a given area, which has negative privacy implications. It can be addressed with a proper Authentication system that does not allow the disclosure of a Tag's/Sensor's unique ID (Sing et al., 2017).

• •

  Data Eavesdropping: Unauthorized retrieval of sensor/tag data. A strong encryption algorithm provides a counter-measure to this threat (McBrearty et al., 2016).

• •

  Denial of Service Attack: Affects the operation of the entire network or a group of Tags/Sensors. The likely-hood of occurrence can be regarded as medium. Such an attack would require appropriate hardware and in-depth knowledge of the radio protocol used. A proper Authentication system provides counter-measures to this threat.

• •

  Rogue-Data Injection: An adversary can inject malicious data into the network causing improper configuration of the sensors for example. The probability of occurrence can be low as this kind of attack is not valuable to an adversary in most cases. A Mutual-Authentication system prevents accepting rogue data from unknown sources.

• •

  Cryptanalysis Attack: Secret key discovery through a cryptanalysis attack on the authentication and/or encryption system’s secret data. Such an attack compromises the whole security and leads to a full disclosure of all data. The likelihood of such an event is very low if the encryption key-space is large enough to prevent brute-force attacks (assumes unbreakable algorithm).

Figure 1.

Risk Analysis Example for the Pharmaceutical Industry