Abstract
Radio frequency identification (RFID) systems suffer many security risks because they use an insecure wireless communication channel between tag and reader. In this paper, we analyze two recently proposed RFID authentication protocols. Both protocols are vulnerable to tag information leakage and untraceability attacks. For the attack on the first protocol, the adversary only needs to eavesdrop on the messages between reader and tag, and then perform an XOR operation. To attack the second protocol successfully, the adversary may execute a series of carefully designed challenges to determine the tag’s identification.
Similar content being viewed by others
References
Juels A. RFID security and privacy: a research survey. IEEE Journal on Selected Areas in Communications, 2006, 24(2): 381–394
Song B, Mitchell C J. RFID Authentication protocol for low-cost tags. In: Proceedings of 1st ACM Conference on Wireless Network Security. 2008, 140–147
Song B. RFID tag ownership transfer. In: Proceedings of 4th Workshop on RFID Security. 2008
van Deursen T, Radomirović S. Attacks on RFID protocols (version 1.1). Technical report, 2009
van Deursen T, Radomirović S. Security of an RFID protocol for supply chains. In: Proceedings of 1st Workshop on Advances in RFID. 2008, 568–573
van Deursen T, Mauw S, Radomirović S. Untraceability of RFID protocols. In: Proceedings of the 2nd IFIP WG 11.2 International Conference on Information Security Theory and Practices: Smart Devices, Convergence and Next Generation Networks. 2008, 1–15
van Deursen T, Mauw S, Radomirović S, Vullers P. Secure ownership and ownership transfer in RFID systems. In: Proceedings of 14th European Symposium on Research in Computer Security. 2009, 637–654
Yu T, Feng Q. A security RFID authentication protocol based on hash function. In: Proceedings of 2009 International Symposium on Information Engineering and Electronic Commerce. 2009, 804–807
Chen Y, Lu J, Chen S, Jan J. A low-cost RFID authentication protocol with location privacy protection. In: Proceedings of 5th International Conference on Information Assurance and Security. 2009, 109–113
Dolev D, Yao A. On the security of public-key protocols. IEEE Transactions on Information Theory, 1983, 29(2): 198–208
Thornton F, Haines B, Das A, Bhargava H, Campbell A. RFID Security. Rockland: Syngress, 2006
Berbain C, Billet O, Etrog J, Gilbert H. An efficient forward private RFID protocol. In: Proceedings of 16th ACM Conference on Computer and Communications Security. 2009, 43–53
Vaudenay S. On privacy models for RFID. In: Proceedings of 13th International Conference on the Theory and Application of Cryptology and Information Security. 2007, 68–87
Juels A, Weis S. Defining strong privacy for RFID. In: Proceedings of 5th Annual IEEE International Conference on Pervasive Computing and Communications Workshops. 2007, 342–347
Paise R, Vaudenay S. Mutual authentication in RFID: security and privacy. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security. 2008, 292–299
Deng R, Li Y, Yung M, Zhao Y. A new framework for RFID privacy. In: Proceedings of 15th European Conference on Research in Computer Security. 2010, 1–18
Author information
Authors and Affiliations
Corresponding author
Additional information
Chao Lv received his BCs degree from Fuzhou University in 2002, MCs degree from Yanshan University in 2006. He is currently a PhD candidate of Xidian University, China. His research interests include cryptography, security protocols, RFID protocols and formal verification.
Dr. Hui Li received his BCs degree from Fudan University in 1990, PhD degree in Communication and Electronic Engineering from Xidian University in 1998. He has published around 30 academic papers in the areas of information security and coding theory. His research interests include information security, coding theory and wireless network security.
Prof. Jianfeng Ma received his BCs degree in Mathematics from Shaanxi Normal University in 1985, and obtained his MCs and PhD degrees in Computer Software and Communications Engineering from Xidian University, China, in 1988 and 1995 respectively. Since 1995 he has been with Xidian University as a lecturer, associate professor and professor. From 1999 to 2001, he was with Nanyang Technological University of Singapore as a research fellow. Currently, Prof. Ma is the director of the Ministry of Education Key Laboratory of Computer Networks and Information Security. His research interests include information security, coding theory and cryptography.
Meng Zhao received his BCs degree from Yanshan University in 2002, MCs degree from Yanshan University in 2006. He is currently an electronic engineer of Yanshan University, China. His research interests include space databases, wireless sensor networks, cryptography, security protocols, RFID protocols and formal verification.
Rights and permissions
About this article
Cite this article
Lv, C., Li, H., Ma, J. et al. Security analysis of two recently proposed RFID authentication protocols. Front. Comput. Sci. China 5, 335–340 (2011). https://doi.org/10.1007/s11704-011-0153-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11704-011-0153-4