Skip to main content
SpringerLink
Log in

Simulation-Based Traceability Analysis of RFID Authentication Protocols

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Nowadays low-cost RFID systems have moved from obscurity into mainstream applications which cause growing security and privacy concerns. The lightweight cryptographic primitives and authentication protocols are indispensable requirements for these devices to grow pervasive. In recent years, there has been an increasing interest in intuitive analysis of RFID protocols. This concept has recently been challenged by formal privacy models. This paper investigates how to analyse and solve privacy problems in formal model. First, we highlight some vague drawbacks especially in forward and backward traceability analysis and extend it in the simulation-based privacy model family. Then, the privacy weaknesses of three new-found RFID authentication protocols are analysed in formal privacy models and three improved protocols are proposed to prevent the aforementioned attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Kulseng, L. S. (2009). Lightweight mutual authentication, owner transfer, and secure search protocols for RFID systems. Msc Thesis in Iowa State University.

  2. Konomi, S., & Roussos, G. (2007). Ubiquitous computing in the real world: Lessons learnt from large scale RFID deployments. Personal and Ubiquitous Computing, 11(7), 507–521.

    Google Scholar 

  3. Koscher, K., Juels, A., Kohno, T., & Brajkovic, V. (2008). EPC RFID tags in security applications: Passport cards, enhanced drivers licenses, and beyond. In 16th ACM conference on computer and communications security (pp. 33–42).

  4. Ouafi, K., & Vaudenay, S. (2009). Pathchecker: An RFID application for tracing products in supply-chains. In RFIDsec.

  5. Chai, Q. (2012). Design and analysis of security schemes for low-cost RFID systems. PhD thesis presented to the University of Waterloo.

  6. Tsudik, G. (2006). YA-TRAP: Yet another trivial RFID authentication protocol. In 4th annual IEEE international conference on pervasive computing and communications workshops (pp. 640–643).

  7. Juels, A. (2005). Strengthening EPC tags against cloning. In Workshop on wireless security (WiSec) (pp. 67–76).

  8. Li, T., & Deng, R. (2008). Scalable RFID authentication and discovery in EPCglobal network. In Communications and networking in China (ChinaCom) (pp. 1138–1142).

  9. Duc, D. N., & Kim, K. (2011). Defending RFID authentication protocols against DoS attacks. Journal of Computer Communications, 34, 384–390.

    Article  Google Scholar 

  10. Cho, J.-S., Yeo, S.-S., & Kim, S. K. (2011). Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value. Journal of Computer Communications, 34, 391–397.

    Article  Google Scholar 

  11. EPCglobal. (2008). EPC radio-frequency identity protocols class-1 generation-2 UHF RFID protocol for communications at 860 MHz 960 MHz, Ver. 1.2.0. Specification for RFID Air Interface EPCglobal 2008.

  12. EPCglobal. (2007). Low level reader protocol (LLRP), Ver. 1.0.1. Ratified Standard, EPCglobal 2007.

  13. Coisel, I., & Martin, T. (2013). Untangling RFID privacy models. Journal of Computer Networks and Communications, 2013, 26. doi:10.1155/2013/710275.

  14. Avoine, G. (2005). Adversarial model for radio frequency identification. Cryptology ePrint archive, report 2005/049. http://eprint.iacr.org/2005/049.

  15. Avoine, G. (2005). Cryptography in radio frequency identification and fair ex-change protocols. Phd Thesis no. 3407, EPFL. http://library.epfl.ch/theses/?nr=3407.

  16. Avoine, G., Dysli, E., & Oechslin, P. (2006). Reducing time complexity in RFID systems. In B. Preneel & S. Tavares (Eds.), SAC 2005. LNCS (Vol. 3897, pp. 291–306). Heidelberg: Springer.

  17. Lim, C.H., & Kwon, T. (2006). Strong and robust RFID authentication enabling perfect ownership transfer. In Eighth international conference on information and communications security (ICICS) (pp. 1–20).

  18. Juels, A., & Weis, S. (2006). Defining strong privacy for RFID. Cryptology ePrint archive, report 2006/137.

  19. Ouafi, K., & Phan, R. C.-W. (2008). Privacy of recent RFID authentication protocols. In L. Chen, Y. Mu, & W. Susilo (Eds.), ISPEC 2008. LNCS (Vol. 4991, pp. 263–277). Heidelberg: Springer.

  20. Ouafi, K., & Phan, R. C.-W. (2008). Traceable privacy of recent provably-secure RFID Protocols. In S. M. Bellovin, et al. (Eds.), ACNS 2008. LNCS (Vol. 5037, pp. 479–489). Berlin, Heidelberg: Springer.

  21. Deng, R. H., Li, Y., Yung, M., & Zhao, Y. (2010). A new framework for RFID privacy. In 15th European symposium on research in computer security (ESORICS) (pp. 1–18).

  22. Moriyama, D., Matsuo, S., & Ohkubo, M. (2012). Relation among the security models for RFID authentication protocol. In 17th European symposium on research in computer security (ESORICS) (pp. 661–678).

  23. Vaudenay, S. (2007). On privacy models for RFID. In K. Kurosawa (Ed.), ASIACRYPT 2007. LNCS (Vol. 4833, pp. 68–87). Heidelberg: Springer.

  24. Paise, R.-I., & Vaudenay, S. (2008). Mutual authentication in RFID: Security and privacy. In The 3rd ACM symposium on information, computer and communications security (ASIACCS) (pp. 292–299).

  25. Fernando, H., & Abawajy, J. (2011). Mutual authentication protocol for networked RFID systems. In IEEE TrustComm.

  26. Zhu, H., Zhao, Y., Ding, S., & Jin, B. (2011). An improved forward-secure anonymous RFID authentication protocol. In Wireless communications, networking and mobile computing (WiCOM) (pp. 1–5).

  27. Fan, X., Gong, G., Engels, D. W. & Smith, E. M. (2011). A lightweight privacy-preserving mutual authentication protocol for RFID systems. In IEEE GLOBECOM workshops (GC Wkshps) (pp. 1083–1087).

  28. Hermans, J., Pashalidis, A., Vercauteren, F. & Preneel, B. (2011). A new RFID privacy model. In V. Atluri, C. Diaz (Eds.), ESORICS 2011. LNCS (Vol. 6879, pp. 568–587).

  29. Ng, C. Y., Susilo, W., Mu, Y., & Safavi-Naini, R. (2010). Practical RFID ownership transfer scheme. In Workshop on RFID security (RFIDSec Asia) volume 4 of cryptology and information security. IOS press.

  30. Ng, C. Y., Susilo, W., Mu, Y., & Safavi-Naini, R. (2009). New privacy results on synchronized RFID authentication protocols against tag tracing. In M. Backes & P. Ning (Eds.), ESORICS 2009. LNCS (Vol. 5789, pp. 321–336). Heidelberg: Springer.

  31. Armknecht, F., Sadeghi, A., Scafuro, A., Visconti, I. & Wachsmann, C. (2010). On RFID privacy with mutual authentication and tag corruption. In Applied cryptography and network security (ACNS) 2010, LNCS (Vol. 6123, pp. 493–510).

  32. Armknecht, F., Sadeghi, A., Scafuro, A., Visconti, I., & Wachsmann, C. (2010). Impossibility results for RFID Privacy notions. In Transactions on computational science XI, LNCS, (Vol. 6480, pp. 39–63).

  33. Habibi, M. H., & Aref, M. R. (2011) Two RFID privacy models in front of a court. Eprint IACR archive. http://eprint.iacr.org/2011/625.

  34. Canard, S., Coisel, I., & Girauld, M. (2010). Security of privacy-preserving RFID systems. In IEEE International conference on RFID-technology and applications (RFID-TA) (pp. 269–274).

  35. Avoine, G., Coisel, I., & Martin, T. (2010). Time measurement threatens privacy-friendly RFID authentication protocols. In RFIDSec. Sprinfer LNCS (Vol. 6370, pp. 138–157).

  36. Lim, C. H., & Kwon, T. (2006). Strong and robust RFID authentication enabling perfect ownership transfer. In 8th international conference of information and communications security (ICICS) Springer-LNCS

  37. Akgün, M., & Çağlayan, M. (2011). Extending an RFID security and privacy model by considering forward untraceability. Security and trust management LNCS, (Vol. 6710, pp. 239–254).

  38. He, L., Jin, S., Zhang, T., & Li, N. (2009). An enhanced 2-pass optimistic anonymous RFID authentication protocol with forward security. In WiCOM (pp. 1–4).

  39. Engels, D., Saarinen, M.-J. O., & Smith, E. M. (2011). The Hummingbird-2 lightweight authenticated encryption algorithm. In RFIDSec 2011.

Download references

Acknowledgments

This work was supported in part by Iran National Science Fund (INSF)-Cryptography chair- and in part by Iran Telecommunication Research Center (ITRC).

Author information

Authors and Affiliations

  1. Department of Electrical Engineering, Shahre Rey Branch, Islamic Azad University, Tehran, Iran

    Mahdi R. Alagheband

  2. Information Systems and Security (ISSL) Laboratory, Electrical Engineering Department, Sharif University of Technology, Tehran, Iran

    Mohammad R. Aref

Authors
  1. Mahdi R. Alagheband
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad R. Aref
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mahdi R. Alagheband.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Alagheband, M.R., Aref, M.R. Simulation-Based Traceability Analysis of RFID Authentication Protocols. Wireless Pers Commun 77, 1019–1038 (2014). https://doi.org/10.1007/s11277-013-1552-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-013-1552-7

Keywords

Search

Navigation