Skip to main content
SpringerLink
Log in

DoS, impersonation and de-synchronization attacks against an ultra-lightweight RFID mutual authentication protocol for IoT

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

In recent years, RFID (radio-frequency identification) systems are widely used in many applications. One of the most important applications for this technology is the Internet of things (IoT). Therefore, researchers have proposed several authentication protocols that can be employed in RFID-based IoT systems, and they have claimed that their protocols can satisfy all security requirements of these systems. However, in RFID-based IoT systems we have mobile readers that can be compromised by the adversary. Due to this attack, the adversary can compromise a legitimate reader and obtain its secrets. So, the protocol designers must consider the security of their proposals even in the reader compromised scenario. In this paper, we consider the security of the ultra-lightweight RFID mutual authentication (ULRMAPC) protocol recently proposed by Fan et al. They claimed that their protocol could be applied in the IoT systems and provide strong security. However, in this paper we show that their protocol is vulnerable to denial of service, reader and tag impersonation and de-synchronization attacks. To provide a solution, we present a new authentication protocol, which is more secure than the ULRMAPC protocol and also can be employed in RFID-based IoT systems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Akgün M, Uekae T, Caglayan MU (2014) Vulnerabilities of RFID security protocol based on chaotic maps. In: 2014 IEEE 22nd International Conference on Network Protocols. IEEE, pp 648–653

  2. Alamr AA, Kausar F, Kim J (2016) A secure ECC-based RFID mutual authentication protocol for internet of things. J Supercomput 1–14. doi:10.1007/s11227-016-1861-1

  3. An R, Feng H, Liu Q, Li L (2016) Three elliptic curve cryptography-based RFID authentication protocols for internet of things. In: International Conference on Broadband and Wireless Computing, Communication and Applications. Springer, pp 857–878

  4. Avoine G, Lauradoux C, Martin T (2009) When compromised readers meet RFID. In: Information Security Applications. Springer pp 36–50

  5. Benssalah M, Djeddou M, Drouiche K (2014) Security enhancement of the authenticated RFID security mechanism based on chaotic maps. Secur Commun Netw 7(12):2356–2372

    Article  Google Scholar 

  6. Chen CL, Jan JK, Chien CF (2010) Based on mobile RFID device to design a secure mutual authentication scheme for market application. In: 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA). IEEE, pp 423–428

  7. Chen Y, Chou JS (2015) ECC-based untraceable authentication for large-scale active-tag RFID systems. Electron Commer Res 15(1):97–120

    Article  Google Scholar 

  8. Cheng ZY, Liu Y, Chang CC, Chang SC (2013) Authenticated RFID security mechanism based on chaotic maps. Secur Commun Netw 6(2):247–256

    Article  Google Scholar 

  9. Chien HY (2007) Sasi: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans Dependable Secure Comput 4(4):337–340

    Article  Google Scholar 

  10. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MathSciNet  MATH  Google Scholar 

  11. Erguler I (2015) A potential weakness in RFID-based internet-of-things systems. Pervasive Mob Comput 20:115–126

    Article  Google Scholar 

  12. EPCglobal Inc. (2008) Class 1 Generation 2 UHF Air Interface protocol standard version 1.09. Available online at http://www.epcglobalinc.org/standardstechnology/specifications.html

  13. Fan K, Ge N, Gong Y, Li H, Su R, Yang Y (2017) An ultra-lightweight RFID authentication scheme for mobile commerce. Peer-to-Peer Netw 10(2):368–376

    Article  Google Scholar 

  14. Fan K, Gong Y, Liang C, Li H, Yang Y (2015) Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for IoT in 5G. Secur Commun Netw 9(16):3095–3104

    Article  Google Scholar 

  15. Finkenzeller K (2010) Fundamentals and applications in contactless smart cards, radio frequency identification and near-field communication. In: RFID Handbook, 3rd edn. Wiley, Hoboken, NJ, USA. doi:10.1002/9780470665121

  16. Grasso J (2004) The EPCglobal network: overview of design, benefits, and security. EPCglobal Inc. Position Paper 24

  17. Grossklags J, Good N (2007) Empirical studies on software notices to inform policy makers and usability designers. In: International Conference on Financial Cryptography and Data Security. Springer, pp 341–355

  18. He D, Zeadally S (2015) An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J 2(1):72–83

    Article  Google Scholar 

  19. Juels A (2006) RFID security and privacy: a research survey. IEEE J Sel Areas Commun 24(2):381–394

  20. Khattab A, Jeddi Z, Amini E, Bayoumi M (2017) RBS RFID security and the internet of things. In: RFID Security. Springer, pp 147–162

  21. Lee JY, Lin WC, Huang YH (2014) A lightweight authentication protocol for internet of things. In: 2014 International Symposium on Next-Generation Electronics (ISNE). IEEE, pp 1–2

  22. Lei H, Yong G, Na-Na L, Zeng-Yu C (2007) A security-provable authentication and key agreement protocol in RFID system. In: 2007 International Conference on Wireless Communications, Networking and Mobile Computing

  23. Li CT, Lee CC, Weng CY, Chen CM (2017) Towards secure authenticating of cache in the reader for RFID-based IoT systems. Peer-to-Peer Networking and Applications, pp 1–11

  24. Liu Z, Liu D, Li L, Lin H, Yong Z (2015) Implementation of a new RFID authentication protocol for EPC Gen2 standard. IEEE Sens J 15(2):1003–1011

    Article  Google Scholar 

  25. Musa A, Dabo AAA (2016) A review of RFID in supply chain management: 2000–2015. Glob J Flex Syst Manag 17(2):189–228

    Article  Google Scholar 

  26. Peris-Lopez P, Hernandez-Castro JC, Tapiador JM, Ribagorda A (2008) Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In: International Workshop on Information Security Applications. Springer, pp 56–68

  27. Prodanoff ZG (2010) Optimal frame size analysis for framed slotted aloha based RFID networks. Comput Commun 33(5):648–653

    Article  Google Scholar 

  28. Safkhani M, Bagheri N (2017) Passive secret disclosure attack on an ultralightweight authentication protocol for internet of things. J Supercomput 73(8):3579–3585

    Article  Google Scholar 

  29. Shen H, Shen J, Khan MK, Lee JH (2016) Efficient RFID authentication using elliptic curve cryptography for the internet of things. Wirel Pers Commun 1–14. doi:10.1007/s11277-016-3739-1

  30. Song B, Mitchell CJ (2008) RFID authentication protocol for low-cost tags. In: Proceedings of the first ACM conference on Wireless Network Security. ACM, pp 140–147

  31. Tewari A, Gupta B (2017) Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. J Supercomput 73(3):1085–1102

    Article  Google Scholar 

  32. Wang KH, Chen CM, Fang W, Wu TY (2017) On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J Supercomput 1–6. doi:10.1007/s11227-017-2105-8

  33. Weinstein R (2005) RFID: a technical overview and its application to the enterprise. IT Prof 7(3):27–33

    Article  Google Scholar 

  34. Yan T, Wen Q (2010) A secure mobile RFID architecture for the internet of things. In: 2010 IEEE International Conference on Information Theory and Information Security (ICITIS). IEEE, pp 616–619

  35. Zhu W, Yu J, Wang T (2012) A security and privacy model for mobile RFID systems in the internet of things. In: 2012 IEEE 14th International Conference on Communication Technology (ICCT). IEEE, pp 726–732

Download references

Acknowledgements

We would like to thank anonymous reviewers for their careful review and constructive suggestions.

Author information

Authors and Affiliations

  1. Department of Information Technology Engineering, Faculty of Computer Engineering, University of Isfahan, Hezar Jerib St., Isfahan, 81746-73441, Iran

    Seyed Farhad Aghili, Maede Ashouri-Talouki & Hamid Mala

Authors
  1. Seyed Farhad Aghili
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maede Ashouri-Talouki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hamid Mala
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Seyed Farhad Aghili.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Aghili, S.F., Ashouri-Talouki, M. & Mala, H. DoS, impersonation and de-synchronization attacks against an ultra-lightweight RFID mutual authentication protocol for IoT. J Supercomput 74, 509–525 (2018). https://doi.org/10.1007/s11227-017-2139-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-017-2139-y

Keywords

Search

Navigation