Skip to main content
SpringerLink
Log in

Security Analysis and Improvement on CG+ Protocol

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Radio frequency identification (RFID) technology will become one of the most popular technologies to identify objects in the near future. However, the major barrier that the RFID system is facing presently is the security and privacy issue. In this paper, we are focus on the Caballero-Gil+ protocol which is a mutual authentication RFID security protocol to conform the EPC-C1G2 standard. Fereidoun Moradi analyzed the CG protocol deeply and gave two attack methods. Then they put forward to a CG+ protocol to resist existing attacks, and claimed that the CG+ protocol has high security and the hardware cost is within acceptable limits. However, research shows that the CG+ protocol is not as security as the author said. We propose a de-synchronization attack and a secret key guessing attack scheme to against the CG+ protocol. Finally, we improve the CG+ protocol and propose a Caballero-Gil++ protocol to overcome the weaknesses of the replay attack and guess attack. Mathematical analysis shows that the CG++ protocol has high security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Sarma, S. E., et al. (2003). RFID systems and security and privacy implications. In Proceedings of 4th international work-shop on cryptographic hardware and em bedded systems (pp. 454–469).

  2. Ohkubo, M., et al. (2004). Hash-chain based for-ward-secure privacy protection scheme for low-cost RFID. In Proceedings of symposium on cryptography and in-formation security (pp. 149–153).

  3. Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: issues, practices, and architectures. In Proceedings of 11th ACM conference on computer and communications security (pp. 1–19).

  4. Rhee, K. (2005). Challenge-response based RFID authentication protocol for distributed database environment. In Proceedings of 2nd international conference on security in pervasive computing (pp. 309–316).

  5. Hopper, N. J., & Blum, M. (2001). Secure human identification protocols. In Proceedings of Advances in cryptology—ASIACRYPT2001 (pp. 52–66).

  6. Blurn, A., et al. (1993). Cryptographie primitives based on hard learning problems. In Proceedings of advances in cryptology-CRYPTO (pp. 278–291).

  7. Gilbert, H., et al. (2005). An active attack against HB+: a provably secure lightweight protocol. Electronics Letters, 41, 1169–1170.

    Article  Google Scholar 

  8. Bringer, J., et al. (2006). HB++: A lightweight authentication protocol secure against some attacks. In Proceedings of the IEEE international conference on pervasive services workshop on security (pp. 28–33).

  9. Peris-Lopez, P. (2006). M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In Proceedings of the third int’l conference on ubiquitous intelligence and computing (pp. 1–12).

  10. Peris-Lopez, P. P., et al. (2006). EMAP: An efficient mutual authentication protocol for low-cost RFID tags. In Proceedings of OTM workshops (pp. 352–361).

  11. Peris-Lopez, P. P., et al. (2006). LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In Proceedings of the second workshop RFID security (pp. 1–12).

  12. Chien, H. Y. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transaction of Dependable and Secure Computing, 4, 337–340.

    Article  Google Scholar 

  13. Sun, H. M., et al. (2011). On the security of Chien’s ultralightweight RFID authentication protocol. IEEE Transactions on Dependable and Secure Computing, 8(2), 315–317.

    Article  Google Scholar 

  14. Peris-Lopez, P., et al. (2009). Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In Proceedings of the information security applications: 9th international workshop (pp. 56–68).

  15. G. A. Eslamamal, et al., Lightweight Mutual Authentication Protocol for Low Cost RFID Tags, International Journal of Network Security & Its Applications, 2010, pp. 27-37.

  16. Chen, Y., Chou, J. S., & Sun, H. M. (2008). A novel mutual authentication scheme based on quadratic residues for RFID systems. Computer Networks, 52(12), 2373–2380.

    Article  MATH  Google Scholar 

  17. Yeh, T. C., Wu, C. H., & Tseng, Y. M. (2011). Improvement of the RFID authentication scheme based on quadratic residues. Computer Communications, 34(3), 337–341.

    Article  Google Scholar 

  18. Paar, C. (2010). Lightweight cryptography and RFID: Tackling the hidden overhead. KSII Transactions on Internet and Information Systems, 4(2), 98–116.

    MathSciNet  Google Scholar 

  19. O’Neill, M., & Robshaw, M. J. B. (2010). Low-cost digital signature architecture suitable for radio frequency identification tags. Computers & Digital Techniques, 4(1), 14–26.

    Article  Google Scholar 

  20. Qin, W., Chen, K., & Bai, Y. (2000). A new Rabin signature scheme. Journal of Software, 11(10), 1333–1337.

    Google Scholar 

  21. Wei, L., Dong, Q., & Ding, W. (2013). A low-cost PKC-based RFID mutual authentication protocol. Telecommunications Science, 29(10), 65–71.

    Google Scholar 

  22. Caballero-Gil, C., Caballero-Gil, P., Peinado-Domínguez, A., et al. (2011). Lightweight authentication for RFID used in VANETs. In Proceedings of the international conference on computer aided systems theory (pp. 493–500). Berlin: Springer.

  23. Moradi, F., Mala, H., & Ladani, B. T. (2015). Security analysis and strengthening of an RFID lightweight authentication protocol suitable for VANETs. Wireless Personal Communications, 83(4), 2607–2621.

    Article  Google Scholar 

Download references

Acknowledgements

This work was partially supported by the Aerospace Science Foundation under Grant Nos. 20158054008 and 20148001001.

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, Shenyang Aerospace University, Shenyang, China

    Lijun Gao

Authors
  1. Lijun Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lijun Gao.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gao, L. Security Analysis and Improvement on CG+ Protocol. Wireless Pers Commun 107, 695–705 (2019). https://doi.org/10.1007/s11277-019-06458-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-019-06458-z

Keywords

Search

Navigation