论文信息 - Performance evaluation of a secure Low Level Reader Protocol(LLRP) connection

Performance evaluation of a secure Low Level Reader Protocol(LLRP) connection

Summary The recently ratified Low Level Reader Protocol (LLRP) specifies the interaction between a RFID Reader and Client. It has been of much interest in the RFID community but adoption is being stalled by its lack of formal scrutiny especially with regard to its security. This paper surveys the work that has been undertaken on this protocol, assesses its security vulnerabilities and examines possible security solutions. It then presents the design and implementation of LLRP endpoints that use Transport Layer Security (TLS) to setup a secure LLRP connection. Based on previous performance studies, appropriate metrics are selected to indicate the performance of the resulting TLS-LLRP connection. Specifically, the overhead of securing a LLRP connection using TLS is quantified and a detailed analysis of the results is undertaken to determine the TLS cipher suites and parameters that provide the best compromise between the level of security and performance.

Mohammad Umar Siddiqi | Sana Qadir

[1] Diptikalyan Saha,et al. Securing electronic commerce: reducing the SSL overhead , 2000 .

[2] Debanjan Saha,et al. Transport layer security: how much does it really cost? , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[3] David Hook. Beginning Cryptography with Java , 2005 .

[4] Douglas Stebila,et al. Performance analysis of elliptic curve cryptography for SSL , 2002, WiSE '02.

[5] Binshan Lin,et al. Securing industry-wide EPCglobal Network with WS-Security , 2005, Ind. Manag. Data Syst..

[6] Vipul Gupta,et al. Speeding up Secure Web Transactions Using Elliptic Curve Cryptography , 2004, NDSS.

[7] Eric Rescorla,et al. The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[8] Bodo Möller,et al. Network Working Group Elliptic Curve Cryptography (ecc) Cipher Suites for Transport Layer Security (tls) , 2006 .

[9] Vipul Gupta,et al. Integrating elliptic curve cryptography into the web's security infrastructure , 2004, WWW Alt. '04.