Skip to main content

Advertisement

Springer Nature Link
Log in

Cryptanalysis of a Hash Based Mutual RFID Tag Authentication Protocol

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Srivastava et al., recently proposed a hash based mutual RFID authentication protocol. They claimed that the protocol can provide several attractive security features, i.e., the mutual authentication and the resistance against the eavesdropping and tracing attack, the replay attack, the man-in-the-middle attack, and the desynchronization. However, we find that the protocol is vulnerable to a novel forgery attack presented in the paper. The forgery attack undermines the protocol in the mutual authentication and the resistance against both the man-in-the-middle attack and the desynchronization as claimed. In addition to the security vulnerability, the protocol is also inefficient in implementation, because it makes use of the timestamp and random number simultaneously. Therefore, the protocol is not suitable for the wireless security systems. We hope that our cryptanalysis results are useful to design more robust RFID authentication protocols for the wireless security systems in the future.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

References

  1. Juels, A. (2006). RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communications, 24(2), 381–394.

    Article  MathSciNet  Google Scholar 

  2. Vaudenay, S. (2007). On privacy models for RFID. In Proceedings of 13th international conference on the theory and application of cryptology and information security-ASIACRYPT 2007, LNCS 4833 (pp. 68–87). Springer.

  3. Sun, D.-Z., & Zhong, J.-D. (2012). A hash-based RFID security protocol for strong privacy protection. IEEE Transactions on Consumer Electronics, 58(4), 1246–1252.

    Article  MathSciNet  Google Scholar 

  4. Habibi, M. H., & Aref, M. R. (2013). Security and privacy analysis of Song–Mitchell RFID authentication protocol. Wireless Personal Communications, 69(4), 1583–1596.

    Article  Google Scholar 

  5. Safkhani, M., Bagheri, N., & Naderi, M. (2013). Strengthening the security of EPC C-1 G-2 RFID standard. Wireless Personal Communications, 72(2), 1295–1308.

    Article  Google Scholar 

  6. Niu, B., Zhu, X.-Y., Chi, H.-T., & Li, H. (2014). Privacy and authentication protocol for mobile RFID systems. Wireless Personal Communications, 77(3), 1713–1731.

    Article  Google Scholar 

  7. Wang, S.-H., Liu, S.-J., & Chen, D.-W. (2015). Security analysis and improvement on two RFID authentication protocols. Wireless Personal Communications, 82(1), 21–33.

    Article  Google Scholar 

  8. Moradi, F., Mala, H., & Ladani, B. T. (2015). Security analysis and strengthening of an RFID lightweight authentication protocol suitable for VANETs. Wireless Personal Communications, 83(4), 2607–2621.

    Article  Google Scholar 

  9. Srivastava, K., Awasthi, A. K., Kaul, S. D., & Mittal, R. C. (2015). A hash based mutual RFID tag authentication protocol in telecare medicine information system. Journal of Medical Systems, 39(1), 153.

    Article  Google Scholar 

  10. Menezes, A. J., Vanstone, S. A., & Oorschot, P. C. V. (1996). Handbook of applied cryptography (Chapter 10.3). Florida: CRC Press Inc.

    Book  MATH  Google Scholar 

Download references

Acknowledgments

The work of Dr. Da-Zhi Sun was supported in part by the National Natural Science Foundation of China under Grant Nos. 61003306 and 61272106 and in part by the Open Project of Shanghai Key Laboratory of Trustworthy Computing under Grant No. 07dz22304201402.

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Tianjin University, No. 135, Yaguan Road, Tianjin Haihe Education Park, Tianjin, 300350, China

    Da-Zhi Sun

  2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Da-Zhi Sun

  3. Department of Computer Science and Engineering, Tongji University, No. 4800, Caoan Road, Jiading District, Shanghai, 201804, China

    Ji-Dong Zhong

Authors
  1. Da-Zhi Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ji-Dong Zhong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Da-Zhi Sun.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sun, DZ., Zhong, JD. Cryptanalysis of a Hash Based Mutual RFID Tag Authentication Protocol. Wireless Pers Commun 91, 1085–1093 (2016). https://doi.org/10.1007/s11277-016-3513-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3513-4

Keywords