Abstract
Radio frequency identification (RFID) technology will become one of the most popular technologies to identify objects in the near future. However, the major barrier that the RFID system is facing presently is the security and privacy issue. In this paper, we are focus on the Caballero-Gil+ protocol which is a mutual authentication RFID security protocol to conform the EPC-C1G2 standard. Fereidoun Moradi analyzed the CG protocol deeply and gave two attack methods. Then they put forward to a CG+ protocol to resist existing attacks, and claimed that the CG+ protocol has high security and the hardware cost is within acceptable limits. However, research shows that the CG+ protocol is not as security as the author said. We propose a de-synchronization attack and a secret key guessing attack scheme to against the CG+ protocol. Finally, we improve the CG+ protocol and propose a Caballero-Gil++ protocol to overcome the weaknesses of the replay attack and guess attack. Mathematical analysis shows that the CG++ protocol has high security.
Similar content being viewed by others
References
Sarma, S. E., et al. (2003). RFID systems and security and privacy implications. In Proceedings of 4th international work-shop on cryptographic hardware and em bedded systems (pp. 454–469).
Ohkubo, M., et al. (2004). Hash-chain based for-ward-secure privacy protection scheme for low-cost RFID. In Proceedings of symposium on cryptography and in-formation security (pp. 149–153).
Molnar, D., & Wagner, D. (2004). Privacy and security in library RFID: issues, practices, and architectures. In Proceedings of 11th ACM conference on computer and communications security (pp. 1–19).
Rhee, K. (2005). Challenge-response based RFID authentication protocol for distributed database environment. In Proceedings of 2nd international conference on security in pervasive computing (pp. 309–316).
Hopper, N. J., & Blum, M. (2001). Secure human identification protocols. In Proceedings of Advances in cryptology—ASIACRYPT2001 (pp. 52–66).
Blurn, A., et al. (1993). Cryptographie primitives based on hard learning problems. In Proceedings of advances in cryptology-CRYPTO (pp. 278–291).
Gilbert, H., et al. (2005). An active attack against HB+: a provably secure lightweight protocol. Electronics Letters, 41, 1169–1170.
Bringer, J., et al. (2006). HB++: A lightweight authentication protocol secure against some attacks. In Proceedings of the IEEE international conference on pervasive services workshop on security (pp. 28–33).
Peris-Lopez, P. (2006). M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In Proceedings of the third int’l conference on ubiquitous intelligence and computing (pp. 1–12).
Peris-Lopez, P. P., et al. (2006). EMAP: An efficient mutual authentication protocol for low-cost RFID tags. In Proceedings of OTM workshops (pp. 352–361).
Peris-Lopez, P. P., et al. (2006). LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In Proceedings of the second workshop RFID security (pp. 1–12).
Chien, H. Y. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transaction of Dependable and Secure Computing, 4, 337–340.
Sun, H. M., et al. (2011). On the security of Chien’s ultralightweight RFID authentication protocol. IEEE Transactions on Dependable and Secure Computing, 8(2), 315–317.
Peris-Lopez, P., et al. (2009). Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In Proceedings of the information security applications: 9th international workshop (pp. 56–68).
G. A. Eslamamal, et al., Lightweight Mutual Authentication Protocol for Low Cost RFID Tags, International Journal of Network Security & Its Applications, 2010, pp. 27-37.
Chen, Y., Chou, J. S., & Sun, H. M. (2008). A novel mutual authentication scheme based on quadratic residues for RFID systems. Computer Networks, 52(12), 2373–2380.
Yeh, T. C., Wu, C. H., & Tseng, Y. M. (2011). Improvement of the RFID authentication scheme based on quadratic residues. Computer Communications, 34(3), 337–341.
Paar, C. (2010). Lightweight cryptography and RFID: Tackling the hidden overhead. KSII Transactions on Internet and Information Systems, 4(2), 98–116.
O’Neill, M., & Robshaw, M. J. B. (2010). Low-cost digital signature architecture suitable for radio frequency identification tags. Computers & Digital Techniques, 4(1), 14–26.
Qin, W., Chen, K., & Bai, Y. (2000). A new Rabin signature scheme. Journal of Software, 11(10), 1333–1337.
Wei, L., Dong, Q., & Ding, W. (2013). A low-cost PKC-based RFID mutual authentication protocol. Telecommunications Science, 29(10), 65–71.
Caballero-Gil, C., Caballero-Gil, P., Peinado-Domínguez, A., et al. (2011). Lightweight authentication for RFID used in VANETs. In Proceedings of the international conference on computer aided systems theory (pp. 493–500). Berlin: Springer.
Moradi, F., Mala, H., & Ladani, B. T. (2015). Security analysis and strengthening of an RFID lightweight authentication protocol suitable for VANETs. Wireless Personal Communications, 83(4), 2607–2621.
Acknowledgements
This work was partially supported by the Aerospace Science Foundation under Grant Nos. 20158054008 and 20148001001.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Gao, L. Security Analysis and Improvement on CG+ Protocol. Wireless Pers Commun 107, 695–705 (2019). https://doi.org/10.1007/s11277-019-06458-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-019-06458-z