Table 5.
List of security criteria.
| Security Criteria | Description |
|---|---|
| Tag Anonymity (R1) | Tag anonymity ensures privacy and prevents unauthorized tracking by concealing the identity of the tag or device that transmits information in a system or protocol. |
| Reply Attack (R2) | A malicious actor intercepts and retransmit legitimate data or actions to deceive a system, thereby compromising its integrity and security. |
| Synchronization Attack (R3) | It occurs when an attacker manipulates the coordination among the different entities to disrupt normal operations or gain unauthorized access. This attack compromises the targeted system’s integrity, availability, or confidentiality by exploiting timing or communication dependencies. |
| Forward Secrecy (R4) | A security vulnerability where the exposure of a long-term secret key does not compromise the privacy of previous communications. This ensures that historical data remains safeguarded, even if the private key is compromised. |
| Mutual Authentication (R5) | Mutual authentication is a security measure where both parties involved in a communication process verify each other’s identities, thereby establishing trust and preventing unauthorized access or impersonation. This ensures that the reader, tag and server confirm each other’s authenticity before establishing a connection. |
| DoS Attack (R6) | An adversary inundates a target system or network with high requests or traffic, thus resulting in service disruption or unavailability for legitimate users. The goal is to deplete system resources and impede its ability to handle legitimate requests. |
| Impersonation Attack (R7) | It occurs when an attacker assumes a false identity by posing as a legitimate user or entity in a cybersecurity breach. By exploiting this deception, the attacker aims to gain unauthorized access, deceive others, and potentially engage in malicious actions such as manipulating or stealing sensitive information while bypassing security measures. |
| Insider Attacker (R8) | It occurs within an organization and involves trusted individuals such as employees or contractors with authorized access. Leveraging their privileged positions, these attacks target system compromises, data theft, or infrastructure damage, thus posing significant risks due to the insider’s knowledge and authorized access. |
| Formal Verification (R9) | Formal verification means the proposed scheme security test uses well-known automated tools such as ProVerif. It also test the correctness of the proposed scheme using BAN Logics. |