The Inter-Pulse-Interval (IPI) of heart beats has previously been suggested for security in mobile health (mHealth) applications. In IPI-based security, secure communication is facilitated through a security key derived from the time difference between heart beats. However, there currently exists no work which considers the effect on security of imperfect heart-beat (peak) detection. This is a crucial aspect of IPI-based security and likely to happen in a real system. In this paper, we evaluate the effects of peak misdetection on the security performance of IPI-based security. It is shown that even with a high peak detection rate between 99.9% and 99.0%, a significant drop in security performance may be observed (between -70% and -303%) compared to having perfect peak detection. We show that authenticating using smaller keys yields both stronger keys as well as potentially faster authentication in case of imperfect heart beat detection. Finally, we present an algorithm which tolerates the effect of a single misdetected peak and increases the security performance by up to 155%.

Widespread adoption of RFID technology is being slowed down because of increasing public concerns about associated security threats. This paper shows that it is possible to enhance the security of RFID systems by requiring readers to perform a computational effort test. Readers must solve a cryptographic puzzle - one of the components of the Weakly Secret Bit Commitment (WSBC) sent by tags - to obtain the static identifier of the interrogated tag. The method we present is based on a simple concept already used in security applications such as anti-spam or TCP SYN flooding protection, yet original in the RFID context until now. The scheme provides privacy protection while being an effective countermeasure against the indiscriminate disclosure of the whole contents of a large number of tags. Then, we scrutinize the combined use of cryptographic puzzles and distance-bounding protocols. First, a classical and relatively straight-forward solution is presented. Secondly, we introduce a protocol named Noent, that follows a new approach that reduces drawbacks associated with WSBC such as key delegation, whilst gaining all the advantages of employing distancebounding protocols such as the certainty on the distance between a tag and reader.

In RFID protocols, random numbers are mainly required to anonymize tag answers in order to guarantee the privacy of the owner of the transponder. Our analysis looks at the feasibility of RFID tags for supporting Cryptographically Secure Pseudorandom Number Generators (CS-PRNG) on their limited chip. Specifically, we study the implementation of the Blum-Blum-Shub (BBS) pseudorandom number generator for security levels 2³² (160 bits) and 2⁶⁴ (512 bits) respectively, these values being suitable for many RFID applications but not for standard security applications.