An Enhanced RFID Confidentiality Protection Model ...

4 downloads 6082 Views 773KB Size Report
major components, a Tag, Reader and a Host Server. Furthermore ... management that leaders in this industry are Walmart or Metro [2], retailing, monitoring and tracking, healthcare, finance, human ..... toward a Fake DNS Server in a LAN.
An Enhanced RFID Confidentiality Protection Model Based on Trusted Authentication Maryam Gharooni, Mazdak Zamani, Mehdi Mansourizadeh, Mojtaba Alizadeh

An Enhanced RFID Confidentiality Protection Model Based on Trusted Authentication 1

Maryam Gharooni, 2Mazdak Zamani, 3Mehdi Mansourizadeh, 4Mojtaba Alizadeh 1 Advanced Informatics School, Universiti Teknologi Malaysia, Malaysia, [email protected] 2 Advanced Informatics School, Universiti Teknologi Malaysia, Malaysia, [email protected] 3 Facualty of Management, Multimedia University, Malaysia, [email protected] 4 Malaysia-Japan International Institute of Technology, Universiti Teknologi Malaysia, [email protected]

Abstract This paper is going to explore privacy protection and significant security attacks in RFID systems. Even though the previous related works have their own strength and weaknesses, Cloning and spoofing attacks have not been pointed out. This mutual authentication based model is proposed to prevent Denial of Service, Spoofing, Tracking, Cloning and Replay attacks. In this model, a session timer as a new additional privacy authentication step is proposed to resist Cloning attack. DES function is established for preventing spoofing attack. This confidential RFID model can be used in e-ID and ePassport to prevent unauthorized access.

Keywords: RFID Mutual Authentication, DES Function, XOR Operation 1. Introduction For the reason that we are living in the world which is progressing rapidly, new technology has a major effect in our machinery life. Radio Frequency Identification (RFID) is a new and emerging technology that has been using in different applications. An RFID system is a combination of three major components, a Tag, Reader and a Host Server. Furthermore, Middleware is defined as a software layer for establishing communication between Reader and Database. “Tag or transponder which is classified as passive, semi-passive and active, works as an electronic database and can be attached to or embedded in to an item. Reader or interrogator and its antenna can establish communicate with the tag without requiring a line of sight. Host server is responsible for managing the RFID System [1]”. RFID technology was arisen in the 1950s and the commercial applications of RFID have been established in the 1990s. Recently RFID application areas are: manufacturing and supply chain management that leaders in this industry are Walmart or Metro [2], retailing, monitoring and tracking, healthcare, finance, human identification, traffic control, transportation, ticking, intelligent and digital general public, for instance universities, hospitals, and libraries. These days we can see the rapid growing use of electronic identification (e-ID), from issuing e-Passport to secure air traffic, for using national ID card to better administrator local and national programs, correctly identifying people is an important step in many processes [3].

1.1. Background of the Problem Private information which is embedded into tags, such as passport and e-ID, privacy will be more vulnerable. Not only protection solutions, prevention data from faking and detection threats are the popular issues in RFID technique but also authentication through insecure wireless channel and unauthorized access are the sensitive challenges. When a fake reader or attacker attempt to capture sensitive information, tag as a major component in RFID systems, should be protected from these threads. Privacy threats are attacks that influence confidentiality in authentication and communication sector can be grouped in several categories which are growing dramatically. The five major of them are [4]: · Denial Of Service (DOS) attack · Spoofing attack

International Journal of Advancements in Computing Technology(IJACT) Volume5, Number13, September 2013

61

An Enhanced RFID Confidentiality Protection Model Based on Trusted Authentication Maryam Gharooni, Mazdak Zamani, Mehdi Mansourizadeh, Mojtaba Alizadeh

· Tracking attack (backward traceability and forward traceability) · Cloning · Replay attack According to the expected outcome of this paper, proposed model is going to explore information leakage and privacy protection in a mutual authentication. This model addresses mentioned attacks through distinguishing legitimate and fake reader by embedding limited session timer. DES function, XOR operation, PRNG and a session timer function are collaborated in this presented model to achieve confidentiality. Approach secure authentication between tag and reader is the major goal of this model.

2. Related Works RFID ubiquitous systems are vulnerable in privacy and security areas because of range of threats and malicious attacks array. Researchers have tried to use functions in order to mitigate risk of authentication between tags and reader. Authentication that is established between server and legitimate tag has been broadly submitted by researchers as mutual authentication which usually uses random ID, hash or cryptography. Lim and Kwon [5] present an RFID authentication strategy which is useful for against both forward and backward traceability. Tag ownership maybe transfer via one party to another, in this situation new owner of tag should be assured that it will not be able to read by the old owner. The secrets that are stored have been defined as deterministic evolution and probabilistic evolution sequentially for updating and refreshing. If an authentication has successful and complete procedure, it means that both server and tag refresh their secrets through exchanged random numbers. Duc et al.'s scheme [6] proposed a strategy which is comply with GEN-2 RFID tags, and Duc et al.'s scheme uses only PRNG operation and CRC operations. The explained security scheme and some weaknesses of it can be issued. At the beginning, tag's EPC code, the tag's access PIN and an initial key (this key will be updated after each successful authentication) are shared by backend server share and each tag. Resisting of DOS attack against tags and readers, as well as detecting impersonate of tags and providing forward secrecy are some problems that cannot solve in Duc et al.'s scheme. Song and Mitchell [7] proposed a protocol that could be defined as an authentication protocol. In their scheme bitwise XOR operation, right-left shifts as simple functions are needed. The scheme is designed for tags which are able to generate random strings and execute hash function and a keyed hash function. This protocol as they claimed, can oppose tag information leakage, denial of service attacks, tracking of tag location, replay attacks, backward traceability, forward traceability and server impersonation. Weakness of this method is this scheme is vulnerable to attacks such as server impersonation attack and tag impersonation attack. Song [8] Introduced solution for tag ownership transfer. It was an authentication protocol that meets new and old owner privacy as well as authorization recovery. These items are mentioned as three requirements for protecting security and privacy of tag ownership transfer. New owner privacy could be defined as recognizing and managing a tag should be done by just the new owner. Identifying or tracing the tag must be prevented from previous owner. Zhang et al., [9] proposed tag-reader RFID mutual authentication scheme. Proposed strategy tries to use a new symmetric key encryption technique to encrypt all messages transferred during the authentication process between tags and readers. This encryption method is lightweight and intelligible also a session specific random numbers is combined with this method. Lehtonen et al., [10] proposed a synchronized secrets method, in which rewritable memory of tags is used. Whenever the tag is called, a random number is changed. For detecting the synchronization errors, a back-end server observes these numbers on any tag and keeps track of the numbers. When a tag is read, the tag’s static identifier is verified by back-end server. Burmester and Munilla [11] suggested a novel mutual authentication RFID protocol. Through exchanging a few numbers (3 or 5) from the Pseudo-Random Number Generator (PRNG), the protocol approach to authentication. One of the characteristics of this RFID protocol is that tag is able to precompute the response to server challenges; consequently online man-in-the-middle relay attacks can be detected by server. Kim et al. [12] presented an anti-cloning method that is implementing in a product authentication service. In this service key refreshment process for re- synchronization data between a reader and a tag

62

An Enhanced RFID Confidentiality Protection Model Based on Trusted Authentication Maryam Gharooni, Mazdak Zamani, Mehdi Mansourizadeh, Mojtaba Alizadeh

is executed by tag. Attacker can imitate a legitimate reader and be able to achieve a transcript from a target tag and use the transcript to be authenticated as a legitimate reader and key refreshment will be done by attacker with the target tag. Hence, key will be shared between victim tag and attacker instead of legitimate reader.

3. Proposed Model In “Fig. 1”, new confidential RFID model for preventing unauthorized access is illustrated [13]. r Random number Ni An identity and next generated number by PRNG ⨁ XOR operator τ A session timer DES A cryptography function Ni+1 New Ni

Figure 1. Proposed confidential RFID model In “Fig. 1” proposed model uses DES, a cryptography function, and random number generator which is the most important attribute of the model. Furthermore a session timer function is mentioned as a necessary process to achieve the goal. In confidential RFID model to prevent unauthorized access and significant RFID attacks, seven steps are defined. These steps explain how data will be transfer between tag and reader in secure channel.

3.1. Pre-process According to “Fig. 1”, some processes need to be done prior to start steps in developing a confidential RFID model. In this phase, Ni (first identity) and data are stored in tag. Meanwhile specific time (10 seconds) will be stored in server. Key has the great role in this process, because encryption and decryption function is implemented in proposed model. In this phase, Ni is clarified for tag and reader connection in order to use for XOR and decryption of DES algorithm (cryptography function). Stored number (Ni) will be changed in next connections by Pseudo Random Number Generator (PRNG).

63

An Enhanced RFID Confidentiality Protection Model Based on Trusted Authentication Maryam Gharooni, Mazdak Zamani, Mehdi Mansourizadeh, Mojtaba Alizadeh

3.1.1. Step1: Random Number Generation Reader sends random number (r) to tag in order to start communication, as shown in “Fig. 1”. In this phase, initial connection will be operated which can be defined as first step for mutual authentication. In this model, tag and the reader mutual authentication is one of the necessary processes that is mentioned by using random number r. Pseudorandom Number Generator (PRNG) is established for generating random number. In fact for any transaction between reader and tag, r will be produced as a first step and must be changed in next connection by using PRNG. 3.1.2. Step2: Encryption Function and Session Timer In tag, by using Data Encryption Standard (DES) function and XOR, code encryption will be processed. The encrypted code is sent to reader through tag. At the same time tag sends new random number request to the server. Responding should have delay from server until Ni will be verified and proven in step six. In this step, Ei will be received by reader after sending r. Tag is able to calculate r ⨁ Ni which r is sent by reader and Ni has been reserved inside tag during pre-process phase. Besides the timer function that is embedded in server will be started in order to compute session duration. This function is called session timer (τ). DES as a cryptography algorithm will be affected on the result of XOR. Consequently, Ei can be defined as an outcome and encrypted message (Ei =DES(r ⨁ Ni)). Privacy and confidentiality would be guaranteed since the tag information received by reader has been encrypted. The specific session time for encryption, decryption and transaction is computed in server by using τ function. Then the result will be compared with the initial stored definition time. After that we should check whether there is any difference or not. If the server finds any difference in total duration time, it will consider the reader as a fake reader and stop the connection by generating and rewriting new Ni. Session timer (τ) as a functional calculation can prevent cloning attacks in RFID systems through identifying session duration time. In this additional security step legitimate and fake reader will be recognized. 3.1.3. Step3: Sending Encryption Result and Decryption Function Reader sends r and cipher code (Ei) to the server in this step. DES decryption process as the most important function in proposed model will be accomplished. In server DES decryption function is established. The result of decryption is XOR outcome and Ni will be obtained from XOR function. Consequently Ni is clarified in server. 3.1.4. Step4: Tag Identity (Ni) Is Sent To Reader Generated Ni that was prepared by decryption function in server will be sent to reader. In fact in server, DES has been decrypted and Ni which was reserved in tag and used for XOR is the outcome of this step. Reader receives Ni and step five will be started. 3.1.5. Step5: Transferring Tag Identity (Ni) To Tag This previous Ni is transferred by reader to tag in this step. The obtained Ni should check with tag memory if it is legal or not because this Ni has been stored in tag in Pre-process phase. So reader sends this identity to tag in order to verification. 3.1.6. Step6: Verification and Session Time Computation Tag executes the Ni verification to detect the legitimate reader. This part is another significant step that gained Ni should check with the cached one, if contrast will be discovered, identity cannot be verified and link will be closed. On the other hand, session timer is stopped in this step and Ni (tag identity and the generated number from decryption function in server) will not be verified unless elapsed time for executing several actions (encryption, transaction of r and Ni, decryption and generated Ni, sending Ni from server to reader as well as reader to tag) is less than τ (τ=10 seconds). So time is the main factor in this model. If elapsed time is more than 10 seconds (specific time for τ),

64

An Enhanced RFID Confidentiality Protection Model Based on Trusted Authentication Maryam Gharooni, Mazdak Zamani, Mehdi Mansourizadeh, Mojtaba Alizadeh

Ni will be renewed and rewrite by PRNG in the tag memory. It means Ni cannot be verified and the session will be stopped. On the other hand Ni must be verified in 10 seconds in order to pass this step. 3.1.7. Step7: Tag’s Identity Reseting and Data Sending In this phase after verifying identity, Ni+1 as a new identity for rewriting on tag’s memory is manufactured in server by Pseudorandom Number Generator (PRNG). Stored data will be sent to the reader by tag and simultaneously server rewrites new generated random number on tag for next authentication. Authorized access will be accrued in this step if session timer operates correctly in Encryption function and session timer step and Ni is proven in Verification and session time computation step. Data as tag information privacy is read and clarified.

3.2. Comparison

Proposed Confidential Model

Spoofing

× × √

Cloning

Song and Michell (2008) Burmester and Munilla (2009)

Backward Traceability

√ √

Forward Traceability

Lim and Kwon (2006) Song (2008)

× √ √

√ √

√ √

× ×

× √

√ √







× × √

× × √

Dos Attack

Protocol

Replay Attack

In Table 1, new model is compared with the protocols and models that introduced in this chapter (literature review). Comparison with the Lim and Kwon, Song and Mitchell, Chen and Deng, Song schemes as well as Burmester’s protocol is considered in following. Replay attack, DOS attack, tracking, cloning and spoofing attack are allocated in this table. √ : provided × : not provided TABLE I. COMPRESSION TABLE AND RELATED WORK



× √

According to Table 1, weaknesses of previous models in prevented attacks are mentioned. In security point of view cloning and spoofing attacks are the considerable attacks in RFID systems that proposed models and protocols could not prevent them. This paper is going to explore privacy protection and security attacks in RFID systems. The confidential model is proposed to provide secure authentication and fulfill the weaknesses of previously presented models specially spoofing and cloning attacks. However, there are other works [14-65] related to security issues yet can be compared to the proposed work and get idea to improve it.

3.3. Proposed Model Evaluation In this new confidential model all significant attacks that mentioned as replay, DOS, forward traceability, backward traceability, cloning and spoofing are considered as important attacks. In order to prevent unauthorized access this model should follow these privacy and security properties. The contributions of this research are described in following: · In DOS attack situation, through storing recent and current Ni in server’s database, resynchronization will be happened between server and tag. Therefore DOS attack is prevented.

65

An Enhanced RFID Confidentiality Protection Model Based on Trusted Authentication Maryam Gharooni, Mazdak Zamani, Mehdi Mansourizadeh, Mojtaba Alizadeh

· Performing authentication and using encryption (DES function), are solutions for spoofing attack. · Tracking will be prevented by Ei (Ei = DES(r ⨁ Ni)) which is response of the tag. Eavesdropper is not able to distinguish the tag’s previous and new responses because of one usage key. So forward and backward traceability is influenced. · Replay attack is prevented by using r as a random number. In other communication r will be changed and authentication is established base on new generated r. · Tag cloning and impersonation attack can be achieved when attacker can decrypt and compute the function to a reader query. In the proposed model, session timer, which is defined as τ function, can prevent cloning attack. If attacker cannot verify Ni (the one usage identity) in 10 seconds, the session between tag and reader will be stopped by generating new identity Ni. Consequently encrypted message will be changed. Ni verification is depends on executing encryption and decryption in specific time.

4. Conclusion In this model, two necessary processes are mentioned, first, tag and the reader mutual authentication by using either random number or executing DES function. Second, privacy and confidentiality would be guaranteed since the tag information received by reader has been encrypted. Decryption is based on getting one key. The tag that is used in this underlined synchronization should have rewritable memory and an identity (a random number in tag) would be changed by Pseudorandom Number Generator (PRNG) which it will be used for the next authentication. XOR function is used as well as DES function that is defined as a cryptography algorithm in this model which uses r and generated key Ni to create the encrypted message. Additional authentication in RFID technology which could be called privacy authentication is proposed. The specific session time for taking and using Ni (one usage identity) is calculated in server as defined τ function. Then the result will be compared with the initial stored definition time. Ni verification will be done in tag by considering session timer (τ) when it is obtained through decryption function and received by tag. It can prevent unauthorized access in RFID systems through identifying duration time and comparing with demarcate time. In this additional security step legitimate and fake reader will be recognized. Privacy of tag information will be achieved, spoofing; tracking and DOS attacks are prevented in this model. Furthermore replay attack is mentioned by implementing random number generator. The significant attack as tag cloning and impersonation attack can be achieved when attacker can decrypt and compute the function to a reader query. In the proposed model session timer, which is defined as τ function, can prevent cloning attack. If attacker cannot break the cipher code in specific time, the session between tag and reader will be stopped by generating new identity Ni.

5. Acknowledgment The authors would like to express greatest appreciation to Ministry of High Education (MOHE) Malaysia through Prototype Development Research Grant Scheme (R.K130000.7338.4L622) for financial support and also this work is part of research done with support from Advanced Informatics School (AIS), Universiti Teknologi Malaysia (UTM).

6. References [1] Barjis, J. and Fosso Wamba, S. Organizational and business impacts of RFID technology. Proc. Business Process Management Journal. 2010. Vol. 16 No (6): 897-903. [2] Melià-Seguí, J., Garcia-Alfaro, J. and Herrera-Joancomartí, J. RFID EPC-Gen2 for Postal Applications: A Security and Privacy Survey. Proceedings of Program for theIEEE International Conference on RFID-Technology and Applications. June 17-19, 2010. Guangzhou, China. [3] Nguyen Duc, D., Lee, H., Konidala, D. M. and Kim, K. Open Issues in RFID Security. Proceedings of International Conference for Internet Technology and Secured Transactions. November 9-12, 2009. London.

66

An Enhanced RFID Confidentiality Protection Model Based on Trusted Authentication Maryam Gharooni, Mazdak Zamani, Mehdi Mansourizadeh, Mojtaba Alizadeh

[4] Mitrokotsa, A., Rieback, M. R. and Tanenbaum, A. S. Classification of RFID attacks. Proceedings of 10th International Conference on Enterprise Information Systems. June, 12-16, 2008. Barcelona, Spain. [5] Weis, S.A., Sarma, S.E., Rivest, R.L. and Engels, D.W. Security and privacy aspects of low-cost radio frequency identification systems, The Proceedings of the First Security in Pervasive Computing, LNCS, vol. 2802, 2003, pp. 201–212. [6] Duc, D. N., Park, J., Lee, H. and Kim, K. Enhancing security of EPCglobal GEN-2 RFID tag against traceability and cloning. Proceedings of the 2006 Symposium on Cryptography and Information Security. Jan. 17-20, 2006. Hiroshima, Japan. [7] Song, B. and Mitchell, C. J. RFID Authentication Protocol for Low-cost Tags. Proceedings of First ACM Conference on Wireless Network Security (WiSec’08). March 31- April 2, 2008. Alexandria, Virginia, USA. [8] Song, B. RFID Tag Ownership Transfer, 4th workshop on RFID Security (RFID Sec 08), Budaperst, Hungary, July 2008. [9] Zhang, Y., Li, D., Zhu, Z. An Efficient RFID Tag-Reader Mutual Authentication Scheme. Proceedings of 4th International Conference on Wireless Communications, Networking and Mobile Computing. October 12-1, 2008. Dalian, China. [10] Lehtonen, M., Ostojic, D., Illic, A. and Michachelles, F. Securing RFID Systems by Detecting Tag Cloning. Proceedings of Seventh International Conference on Pervasive Computing, May 1114, 2009. Nara, Japan. [11] Burmester, M. and Munilla, J. A Flyweight RFID Authentication Protocol. Proceedings of RFID. Sec09, the 5th Workshop on RFID Security. 2009. Leuven, Belgium. [12] Kim, J., Yang, C. and Jeon, J. A research on issues related to RFID security and privacy. Proceedings of IFIP international federation for information processing. 2007. Volume 252: 412420 [13] Maryam, G., Mazdak, Z. and Mehdi, M., A Confidential RFID Model to Prevent Unauthorized Access, The 3rd International Conference on Information Science and Engineering (ICISE2011), Sep.29th to Oct.1st, 2011 in Yangzhou, China. [14] Saman Shojae Chaeikar, Azizah Bt Abdul Manaf and Mazdak Zamani. Comparative analysis of Master-key and Interpretative Key Management (IKM) frameworks. Cryptography and Security in Computing, ISBN: 978-953-51-0179-6. Publisher online InTech. 2012. [15] Shohreh Honarbakhsh, Mazdak Zamani, Roza Honarbakhsh. Dynamic Monitoring in Ad hoc Network. Applied Mechanics and Materials. Vols. 229-231 (2012). pp 1481-1486. (2012) Trans Tech Publications, Switzerland. ISSN: 1660-9336. [16] Hamed Taherdoost, Mazdak Zamani, Meysam Namayandeh, Maslin Masrom, Alaeddin Kalantari. Investigation of User Awareness Influence on Smart Card Technology Acceptance. Journal of Open Problems in Science and Engineering. Vol 1, Issue: 1. Oct 2009. Pg 6-10. [17] Hossein Rouhani Zeidanloo, Azizah Abdul Manaf, Rabiah Bt Ahmad, Mazdak Zamani and Saman Shojae Chaeikar. A Proposed Framework for P2P Botnet Detection. IACSIT International Journal of Engineering and Technology. Vol.2, No.2, April 2010. 161-168. [18] Maziar Janbeglou, Mazdak Zamani, Suhaimi Ibrahim. Improving the Security of Protected Wireless Internet Access from Insider Attacks. Advances in information Sciences and Service Sciences. Volume4, Number12, July 2012. ISSN: 2233-9345. [19] Mojtaba Alizadeh, Mazdak Zamani, Ali Rafiei Shahemabadi, Jafar Shayan, Ahmad Azarnik. A Survey on Attacks in RFID Networks. Open International Journal of Informatics. 1 (2012). [20] Mojtaba Alizadeh, Wan Haslina Hassan, Mazdak Zamani, Sasan Karamizadeh, Eghbal Ghazizadeh. Implementation and Evaluation of Lightweight Encryption Algorithms Suitable for RFID. Journal of Next Generation Information Technology, Vol. 4, No. 1, pp. 65-77, 2013. [21] Keyvan Mohebbi, Suhaimi Ibrahim, Mazdak Zamani. A Pre-matching Filter to Improve the Query Response Time of Semantic Web Service Discovery. Journal of Next Generation Information Technology. 2013. ISSN: 2233-9388. [22] Saman Shojae Chaeikar, Mazdak Zamani, Christian Sunday Chukwuekezie, Mojtaba Alizadeh, "Electronic Voting Systems for European Union Countries", JNIT: Journal of Next Generation Information Technology, Vol. 4, No. 5, pp. 16 - 26, 2013. ISSN: 2233-9388.

67

An Enhanced RFID Confidentiality Protection Model Based on Trusted Authentication Maryam Gharooni, Mazdak Zamani, Mehdi Mansourizadeh, Mojtaba Alizadeh

[23] Mojtaba Alizadeh, Wan Haslina Hassan, Mazdak Zamani, Touraj Khodadadi, Saman Shojae Chaeikar. A Prospective Study of Mobile Cloud Computing. Journal of Next Generation Information Technology, Vol. 4, No. 1, pp. 65-77, 2013. ISSN: 2233-9388. [24] Hamed Taherdoost, Mazdak Zamani, and Meysam Namayandeh. “Study of Smart Card Technology and Probe User Awareness about It: A Case Study of Middle Eastern Students”. The 2009 International Conference on Management Technology and Applications. ISBN: 978-1-42444520-2. Volume 5. Pages 334-338. 8-11 August 2009. Beijing, China. [25] Saman Shojae Chaeikar, Shukor Abd Razak, Shohreh Honarbakhsh, Hossein Rouhani Zeidanloo, Mazdak Zamani and Farhang Jaryani. Interpretative Key Management (IKM), A Novel Framework. 2010 International Conference on Computer Research and Development (ICCRD 2010). May 7 - 9, 2010. 265- 269. Kuala Lumpur, Malaysia. [26] Hossein Rouhani Zeidanloo, Azizah Abdul Manaf, Payam Vahdani Amoli, Farzaneh Tabatabaei and Mazdak Zamani “Botnet Detection Based on Traffic Monitoring”. IEEE, International Conference on Networking and Information Technology. 97-101. 2010. [27] Hossein Rouhani Zeidanloo, Mohammad Jorjor Zadeh shooshtari, Payam Vahdani Amoli, M. Safari and Mazdak Zamani, “A Taxonomy of Botnet Detection Techniques”. International Conference on Computer Science and Information Technology. 158-162. China, July 2010. [28] Maziar Janbeglou, Mazdak Zamani, and Suhaimi Ibrahim. Redirecting Network Traffic toward a Fake DNS Server on a LAN. 3rd IEEE International Conference on Computer Science and Information Technology. July 9-11, 2010. 429-433.Chengdu, China. [29] Maziar Janbeglou, Mazdak Zamani, and Suhaimi Ibrahim. Redirecting Outgoing DNS Requests toward a Fake DNS Server in a LAN. IEEE International Conference on Software Engineering and Service Science. 29-32. July 16-18, 2010, Beijing, China. [30] Farnaz Arab, Harihodin Selamat, and Mazdak Zamani. An Overview of Success Factors for CRM. 2010 2nd IEEE International Conference on Information and Financial Engineering. 17 – 19 September 2010. Chongqing, China. [31] Farnaz Arab, Harihodin Selamat, Suhaimi Ibrahim, and Mazdak Zamani. A Survey of Success Factors for CRM. International Conference on Computer Science and Applications (ICCSA'10). 20-22 October 2010. San Francisco, USA. [32] Shima Beigzadeh, Mazdak Zamani, Suhaimi Ibrahim, and Maslin Masrom. Design and Implementation of a Web-Based Database-Centric Management Information System for a Social Community. 2011 International Conference on Information Systems and Computational Intelligence. V2-207 - V2-212. January 18, 2011. Harbin, Northeastern China. [33] Shima Beigzadeh, Mazdak Zamani, Suhaimi Ibrahim. Development of a Web-Based Community Management Information System. The Fourth International Conference on Information and Computing (ICIC2011). Pp 3-6. 25-27 April 2011. Phuket, Thailand. [34] Saeed Yazdanpanah, Saman Shojae Chaeikar, Mazdak Zamani and Reza Kourdi. Security Features Comparison of Master Key and IKM Cryptographic Key Management for Researchers and Developers. 2011 3rd International Conference on Software Technology and Engineering (ICSTE 2011). 365- 369. Kuala Lumpur, Malaysia August 12-13, 2011. [35] Somayeh Nikbakhsh, Mazdak Zamani, Azizah Abdul Manaf, and Maziar Janbeglou. A Novel Approach for Rogue Access Point Detection on the Client-Side. The 26th IEEE International Conference on Advanced Information Networking and Applications. Japan, 2012. [36] Mojtaba Ali Zadeh, Mazleena Salleh, Mazdak Zamani, Jafar Shayan, Sasan Karamizadeh. “Security and Performance Evaluation of Lightweight Cryptographic Algorithms in RFID”. 16th WSEAS International Conference on Communications. Greece. July 14-17, 2012. [37] Eghbal Ghazizadeh, Mazdak Zamani, Jamalul-Lail Ab Manan and Abolghasem Pashang. A Survey on Security Issues of Federated Identity in the Cloud Computing. The 4th IEEE International Conference on Cloud Computing Technology and Science. 562-565. 2012. [38] Eghbal Ghazizadeh, Mazdak Zamani, Jamalul-lail Ab Manan, Reza Khaleghparast, Ali Taherian. A Trust Based Model for Federated Identity Architecture to Mitigate Identity Theft. 7th International Conference for Internet Technology and Secured Transactions. 10-12 Dec 12. [39] Mojtaba Ali Zadeh, Mazdak Zamani, Jafar Shayan, Touraj Khodadadi. Code analysis of lightweight encryption algorithms using in RFID systems to improve cipher performance. The 2012 IEEE Conference on Open Systems. Kuala Lumpur, Malaysia. 21st – 24th October 2012.

68

An Enhanced RFID Confidentiality Protection Model Based on Trusted Authentication Maryam Gharooni, Mazdak Zamani, Mehdi Mansourizadeh, Mojtaba Alizadeh

[40] Sara Farahmandian, Mazdak Zamani, Ahad Akbarabadi, Joobin Moghimi Zadeh, Seyed Mostafa Mirhosseini, Sepideh Farah Mandian. A Survey on Methods to Defend against DDoS Attack in Cloud Computing. 12th WSEAS International Conference on Software Engineering, Parallel and Distributed Systems. Cambridge, UK. February 20-22, 2013. [41] Ahad Akbarabadi, Mazdak Zamani, Sarah Farahmandian, Joobin Moghimi Zadeh, Seyed Mostafa Mirhosseini. An Overview on Methods to Detect Port Scanning Attacks in Cloud Computing. 12th WSEAS International Conference on Software Engineering, Parallel and Distributed Systems (SEPADS '13). Cambridge, UK. February 20-22, 2013. [42] Tanya Koohpayeh Araghi, Mazdak Zamani, Azizah Bt Abdul Manaf, Shahidan M. Abdullah, Hoda Soltanian Bojnord, Sagheb Kohpayeh Araghi. A Secure Model for Prevention of Black Hole Attack in Wireless Mobile Ad Hoc Networks. 12th WSEAS International Conference on Applied Computer and Applied Computational Science. Malaysia. April 2-4, 2013. [43] Tanya Koohpayeh Araghi, Mazdak Zamani, Azizah Bt Abdul Manaf, Shahidan M. Abdullah, Sanam Ghorbani Lyastani, Sagheb Kohpayeh Araghi. A Survey for Prevention of Black Hole Attacks in Wireless Mobile AdHoc Networks Using Cryptographic Techniques. 12th WSEAS International Conference on Applied Computer and Applied Computational Science (ACACOS '13). Kuala Lumpur, Malaysia. April 2-4, 2013. [44] Tanya Koohpayeh Araghi, Mazdak Zamani, Azizah Bt Abdul Manaf, Shahidan M. Abdullah, Hoda Soltanian Bojnord, Sagheb Kohpayeh Araghi. A Survey for Prevention of Black Hole Attacks in Wireless Mobile Adhoc Networks Using IDS Agents. 12th WSEAS International Conference on Applied Computer and Applied Computational Science, Malaysia. 2013. [45] Tanya Koohpayeh Araghi, Mazdak Zamani, Azizah Bt Abdul Manaf, Shahidan M. Abdullah, Sanam Ghorbani Lyastani, Sagheb Kohpayeh Araghi. A Survey for Prevention of Black Hole Attacks in Wireless Mobile AdHoc Networks Using Trusted Neighbor Nodes. 12th WSEAS International Conference on Applied Computer and Applied Computational Science. Malaysia. April 2-4, 2013. Pages 176-191. [46] Hamidreza Mohajeri, Mazdak Zamani, Wardah Zainal-Abidin. 13th WSEAS International Conference on Applied Computer Science. VoIP Architecture and Cost Optimization in UTM. Morioka City, Iwate, Japan. April 23-25, 2013. [47] Hamidreza Mohajeri, Mazdak Zamani, Wardah Zainal-Abidin. Current issues of VoIP adoption in UTM. 13th WSEAS International Conference on Applied Computer Science. Morioka City, Iwate, Japan. April 23-25, 2013. Pages 124-129. [48] A Taxonomy of SQL Injection Detection and Prevention Techniques. Amirmohammad Sadeghian, Mazdak Zamani, Azizah Abd. Manaf. International Conference on Informatics and Creative Multimedia 2013 (ICICM’13). Kuala Lumpur. September 3-6, 2013. [49] Security Threats in Online Social Networks. Amirmohammad Sadeghian, Mazdak Zamani, Bharanidharan Shanmugam. International Conference on Informatics and Creative Multimedia 2013 (ICICM’13). Kuala Lumpur. September 3-6, 2013. [50] SQL Injection Is Still Alive: A Study on SQL Injection Signature Evasion Techniques. Amirmohammad Sadeghian, Mazdak Zamani, Suhaimi Ibrahim. International Conference on Informatics and Creative Multimedia 2013 (ICICM’13). Kuala Lumpur. September 3-6, 2013. [51] A Taxonomy of SQL Injection Attacks. Amirmohammad Sadeghian, Mazdak Zamani, Shahidan M. Abdullah. International Conference on Informatics and Creative Multimedia 2013 (ICICM’13). Kuala Lumpur. September 3-6, 2013. [52] Performance Analysis in Reactive Routing Protocols in Wireless Mobile Ad Hoc Networks Using DSR, AODV and AOMDV. Tanya Koohpayeh Araghi, Mazdak Zamani, Azizah BT Abdul Mnaf. International Conference on Informatics and Creative Multimedia 2013 (ICICM’13). Kuala Lumpur. September 3-6, 2013. [53] Abdullah, S. M., Manaf, A. A., & Zamani, M. (2010). Capacity and quality improvement in reversible image watermarking approach. 6th International Conference on Networked Computing and Advanced Information Management, NCM 2010, 81-85. [54] Abokhdair, N. O., Manaf, A. B. A., & Zamani, M. (2010). Integration of chaotic map and confusion technique for color medical image encryption. 6th International Conference on Digital Content, Multimedia Technology and its Applications, IDC2010, 20-23.

69

An Enhanced RFID Confidentiality Protection Model Based on Trusted Authentication Maryam Gharooni, Mazdak Zamani, Mehdi Mansourizadeh, Mojtaba Alizadeh

[55] Jaryani, F., Zandi, B., Sahibudin, S., Salehy, S., Masrom, M., & Zamani, M. (2010). Framework of a reflective e-portfolio supported by outcome based education and problem based learning. 2nd International Conference on Computer Research and Development, ICCRD 2010, 270-273. [56] Taherdoost, H., Namayandeh, M., Jalaliyoon, N., Ahmadi, K., & Zamani, M. (2010). Study of internet protocol television in Iran. 2010 3rd IEEE International Conference on Computer Science and Information Technology, ICCSIT 2010, 9 715-718. [57] Zamani, M., Abdul Manaf, A. B., & Daruis, R. (2012). Azizah technique for efficiency measurement in steganography. ICIDT 2012, 8th International Conference on Information Science and Digital Content Technology, 3 480-484. [58] Zamani, M., Azizah, B. A. M., Shahidan, M. A., & Shojae, C. S. (2012). Mazdak technique for PSNR estimation in audio steganography. [59] Zamani, M., Manaf, A. B. A., & Abdullah, S. M. (2012). An overview on audio steganography techniques. International Journal of Digital Content Technology and its Applications, 6(13), 107122. [60] Zamani, M., Manaf, A. B. A., Ahmad, R. B., Jaryani, F., Chaeikar, S. S., & Zeidanloo, H. R. (2010). Genetic audio watermarking. [61] Zamani, M., Manaf, A. B. A., Ahmad, R. B., Jaryani, F., Taherdoost, H., & Zeki, A. M. (2009). A secure audio steganography approach. International Conference for Internet Technology and Secured Transactions, ICITST 2009. [62] Zamani, M., Manaf, A. B. A., Ahmad, R. B., & Zeki, A. M. (2009). An approach to improve the robustness of substitution techniques of audio steganography. 2009 2nd IEEE International Conference on Computer Science and Information Technology, ICCSIT 2009, 5-9. [63] Zamani, M., Manaf, A. B. A., Ahmad, R. B., Zeki, A. M., & Magalingam, P. (2009). A novel approach for audio watermarking. 5th International Conference on Information Assurance and Security, IAS 2009, 2 83-86. [64] Zamani, M., Taherdoost, H., Manaf, A. A., Ahmad, R. B., & Zeki, A. M. (2009). Robust audio steganography via genetic algorithm. 2009 International Conference on Information and Communication Technologies, ICICT 2009, 149-154. [65] Zeki, A. M., Manaf, A. A., Ibrahim, A. A., & Zamani, M. (2011). A robust watermark embedding in smooth areas. Research Journal of Information Technology, 3(2), 123-131.

70