Skip to main content
SpringerLink
Log in

Addressing Flaws in RFID Authentication Protocols

  • Conference paper
Progress in Cryptology – INDOCRYPT 2011 (INDOCRYPT 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7107))

Included in the following conference series:

Abstract

The development of RFID systems in sensitive applications like e-passport, e-health, credit cards, and personal devices, makes it necessary to consider the related security and privacy issues in great detail. Among other security characteristic of an RFID authentication protocol, untraceability and synchronization are the most important attributes. The former is strongly related to the privacy of tags and their holders, while the latter has a significant role in the security and availability parameters. In this paper, we investigate three RFID authentication protocols proposed by Duc and Kim, Song and Mitchell, and Cho, Yeo and Kim in terms of privacy and security. We analyze the protocol proposed by Duc and Kim and present desynchronization and traceability attacks. By initiating traceability, backward traceability and desynchronization attacks, we show that the protocol proposed by Song and Mitchell lacks location privacy and availability. In addition, we study the weaknesses in Cho et al.’s protocol and address its defects by applying desynchronization, traceability and backward traceability attacks. We also propose revisions to secure the Cho et al.’s protocol against the cited attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alomair, B., Lazos, L., Poovendran, R.: Passive Attacks on a Class of Authentication Protocols for RFID. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 102–115. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  2. Avoine, G.: Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049 (2005), http://eprint.iacr.org/2005/049

  3. Avoine, G.: Cryptography in radio frequency identification and fair ex-change protocols. Phd Thesis no. 3407, EPFL (2005), http://library.epfl.ch/theses/?nr=3407

  4. Avoine, G., Dysli, E., Oechslin, P.: Reducing Time Complexity in RFID Systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  5. Avoine, G., Oechslin, P.: RFID Traceability: A Multilayer Problem. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  6. Banks, J., Pachano, M., Thompson, L., Hanny, D.: RFID Applied. John Wiley & Sons, Inc., Hoboken (2007)

    Google Scholar 

  7. Burmester, M., Van Le, T., De Medeiros, B., Tsudik, G.: Universally composable RFID identification and authentication protocols. ACM Transactions on Information and Systems Security 12(4) (Article 21) (2009)

    Google Scholar 

  8. Burmester, M., van Le, T., de Medeiros, B.: Universally composable and forward-secure RFID authentication and authenticated key exchange. In: Proc. of ASIACCS, pp. 242–252. ACM Press, New York (2007)

    Google Scholar 

  9. Cho, J.-S., Yeo, S.-S., Kim, S.K.: Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value. Computer Communications 34(3), 391–397 (2011)

    Article  Google Scholar 

  10. Deng, R.H., Li, Y., Yung, M., Zhao, Y.: A New Framework for RFID Privacy. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 1–18. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  11. Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Proceedings of SecureComm 2005, pp. 59–66 (2005)

    Google Scholar 

  12. Duc, D.N., Kim, K.: Defending RFID authentication protocols against DoS attacks. Computer Communications 34(3), 384–390 (2011)

    Article  Google Scholar 

  13. Gilbert, H., Robshaw, M., Sibert, H.: An active attack against HB +  -A provably secure lightweight authentication protocol. Cryptology ePrint Archive, http://eprint.iacr.org/2005/23.pdf

  14. Ha, J., Moon, S.-J., Zhou, J., Ha, J.C.: A New Formal Proof Model for RFID Location Privacy. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 267–281. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  15. Hernandez-Castro, J.C., Peris-Lopez, P., Phan, R.C.-W., Tapiador, J.M.E.: Cryptanalysis of the David-Prasad RFID Ultralightweight Authentication Protocol. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 22–34. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  16. ISO/IEC 17799: Information technology-security techniques-code of practice for information security management. International Organization for Standardization (2005)

    Google Scholar 

  17. Juels, A.: Strengthening EPC tags against cloning. In: The Proceedings of WiSe 2005 (2005)

    Google Scholar 

  18. Juels, A., Weis, S.: Defining strong privacy for RFID. Cryptology ePrint Archive, Report 2006/137 (2006), http://eprint.iacr.org/2006/137

  19. Li, L., Deng, R.H.: Vulnerability analysis of EMAP-An efficient RFID mutual authentication protocol. In: AReS 2007: Second International Conference on Availability, Reliability and Security (2007)

    Google Scholar 

  20. Li, T., Wang, G., Deng, R.H.: Security analysis on a family of ultra-lightweight RFID authentication protocols. Journal of Software 3(3), 1–10 (2008)

    Article  Google Scholar 

  21. Lim, C.H., Kwon, T.: Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  22. Ma, C., Li, Y., Deng, R., Li, T.: RFID privacy: Relation between two notions, minimal condition, and efficient construction. In: ACM CCS (2009)

    Google Scholar 

  23. Mitrokotsa, A., Rieback, M.R., Tanenbaum, A.S.: Classifying RFID attacks and defenses. Information Systems Frontiers - ISF 12(5), 491–505 (2010)

    Article  Google Scholar 

  24. Ng, C.Y., Susilo, W., Mu, Y., Safavi-Naini, R.: New Privacy Results on Synchronized RFID Authentication Protocols Against Tag Tracing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 321–336. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  25. Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient hash-chain based RFID privacy protection scheme. In: Davies, N., Mynatt, E.D., Siio, I. (eds.) UbiComp 2004. LNCS, vol. 3205. Springer, Heidelberg (2004)

    Google Scholar 

  26. Ouafi, K., Phan, R.C.-W.: Privacy of Recent RFID Authentication Protocols. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 263–277. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  27. Ouafi, K., Phan, R.C.-W.: Traceable Privacy of Recent Provably-Secure RFID Protocols. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 479–489. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  28. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: Vulnerability analysis of RFID protocols for tag ownership transfer. Computer Networks 54(9), 1502–1508 (2010)

    Article  MATH  Google Scholar 

  29. Phan, R.C.-W., Wu, J., Ouafi, K., Stinson, D.R.: Privacy analysis of forward and backward untraceable RFID authentication schemes. Wireless Personal Communications 54(2) (2010), doi:10.1007/s11277-010-0001-0

    Google Scholar 

  30. Rizomiliotis, P., Rekleitis, E., Gritzalis, S.: Security analysis of the Song-Mitchell authentication protocol for low-cost RFID tags. IEEE Communications Letters 13(4), 274–276 (2009)

    Article  Google Scholar 

  31. Song, B.: RFID tag ownership transfer. In: Proceedings of Workshop on RFID Security (RFIDsec 2008), Budapest, Hungary (2008)

    Google Scholar 

  32. Song, B., Mitchell, C.J.: RFID authentication protocol for low-cost tags. In: Gligor, V.D., Hubaux, J., Poovendran, R. (eds.) ACM Conference on Wireless Network Security, WiSec 2008, pp. 140–147. ACM Press, USA (2008)

    Google Scholar 

  33. Song, B., Mitchell, C.J.: Scalable RFID pseudonym protocol. In: Proceedings of the Third International Conference on Network and System Security, NSS 2009, pp. 216–224. IEEE Computer Society (2009)

    Google Scholar 

  34. Song, B., Mitchell, C.J.: Scalable RFID security protocols supporting tag ownership transfer. Computer Communications 34(4), 556–566 (2011)

    Article  Google Scholar 

  35. Tsudik, G.: YA-TRAP: Yet Another Trivial RFID Authentication Protocol. In: Proceedings of PerCom 2006, pp. 640–643 (2006)

    Google Scholar 

  36. van Deursen, T., Mauw, S., Radomirović, S.: Untraceability of RFID Protocols. In: Onieva, J.A., Sauveron, D., Chaumette, S., Gollmann, D., Markantonakis, K. (eds.) WISTP 2008. LNCS, vol. 5019, pp. 1–15. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  37. van Deursen, T., Radomirović, S.: Algebraic Attacks on RFID Protocols. In: Markowitch, O., Bilas, A., Hoepman, J.-H., Mitchell, C.J., Quisquater, J.-J. (eds.) WISTP 2009. LNCS, vol. 5746, pp. 38–51. Springer, Heidelberg (2009)

    Google Scholar 

  38. van Deursen, T., Radomirovic, S.: Attacks on RFID protocols. Cryptology ePrint archive, Report 2008/310 (2008), http://eprint.iacr.org/2008/310

  39. Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ISSL Lab, EE Department, Sharif University of Technology, Tehran, Iran

    Mohammad Hassan Habibi & Mohammad Reza Aref

  2. SAFE Lab, Department of Computer and Information Science, University of Michigan-Dearborn, Michigan, USA

    Di Ma

Authors
  1. Mohammad Hassan Habibi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad Reza Aref
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Di Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Illinois at Chicago, 60607–7053, Chicago, IL, USA

    Daniel J. Bernstein

  2. Indian Institute of Science, India

    Sanjit Chatterjee

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Habibi, M.H., Aref, M.R., Ma, D. (2011). Addressing Flaws in RFID Authentication Protocols. In: Bernstein, D.J., Chatterjee, S. (eds) Progress in Cryptology – INDOCRYPT 2011. INDOCRYPT 2011. Lecture Notes in Computer Science, vol 7107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25578-6_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25578-6_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25577-9

  • Online ISBN: 978-3-642-25578-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation