Abstract
RFID technology continues to flourish as an inherent part of virtually every ubiquitous environment. However, it became clear that the public—implying the industry—seriously needs mechanisms emerging the security and privacy issues for increasing RFID applications. As the nodes of RFID systems mostly suffer from low computational power and small memory size, various attempts which propose to implement the existing security primitives and protocols, have ignored the realm of the cost limitations and failed. In this study, two recently proposed protocols—SSM and LRMAP—claiming to meet the standard privacy and security requirements are analyzed. The design of both protocols based on defining states where the server authenticates the tag in constant time in a more frequent normal state and needs a linear search in a rare abnormal states. Although both protocols claim to provide untraceability criteria in their design objectives, we outline a generic attack that both protocols failed to fulfill this claim. Moreover, we showed that the SSM protocol is vulnerable to a desynchronization attack which prevents a server from authenticating a legitimate tag. Resultantly, we conclude that defining computationally unbalanced tag states yields to a security/scalability conflict for RFID authentication protocols.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Lee Y. K., Sakiyama K., Batina L., Verbauwhede I. (2008) Elliptic curve based security processor for RFID. IEEE Transactions on Computer 57(11): 1514–1527
Chien H., Chen C. (2007) Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards. Computer Standards & Interfaces 29(2): 254–259
Ohkubo, M., Suzuki, K., & Kinoshita, S. (2003). Cryptographic approach to “privacy-friendly” tags. In RFID Privacy workshop. Massachusetts, USA: MIT.
Rhee, K., Kwak, J., Kim, S., & Won, D. (2005). Challenge-response based RFID authentication protocol for distributed database environment. In International conference on security in pervasive computing—SPC 2005, lecture notes in computer science (Vol. 3450, pp. 70–84). Berlin: Springer.
Duc, D. N., Park, J., Lee, H., & Kim, K. (2006). Enhancing security of EPCglobal Gen-2 RFID tag against traceability and cloning. In Symposium on cryptography and information security. Hiroshima, Japan.
Song, B., & Mitchell, C. J. (2008). RFID authentication protocol for low-cost tags. In ACM conference on wireless network security—WiSec08 (pp. 140–147). Virginia, USA: ACM Press.
Dimitriou, T. (2005). A lightweight RFID protocol to protect against traceability and cloning attacks. In Conference on security and privacy for emerging areas in communication networks—SecureComm. Athens, Greece.
Henrici, D., & Müller, P. (2004). Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In International workshop on pervasive computing and communication security—PerSec 2004 (pp. 149–153) Florida, USA: IEEE Computer Society.
Molnar, D., & Wagner, D. (2004). Privacy and security in Library RFID: Issues, practices, and architectures. In Conference on computer and communications security—ACM CCS (pp. 210–219). Washington DC, USA.
Ha, J. C., Moon, S. J., Nieto, J. M. G., & Boyd, C. (2007). Low-cost and strong-security RFID authentication protocol. In EUC workshops, lecture notes in computer science (Vol. 4809, pp. 795–807). Berlin: Springer.
Tsudik, G. (2007). A family of dunces: Trivial RFID identification and authentication protocols. Cryptology ePrint Archive, Report 2006/015, 2007.
Shaoying, C., Li, Y., Li, T., & Deng, R. (2009). Attacks and improvements to an RFID mutual authentication protocol and its extensions. In Proceedings of the second ACM conference on wireless network security—WiSec09. Zurich, Switzerland.
Song, B., & Mitchell, C. J. (2009). Scalable RFID authentication protocol. In 3rd International conference on network & system security—NSS 2009 (pp. 216–224). Gold Coast, Australia: IEEE Computer Society.
Ha, J. C., Ha, J. H., Moon, S. J., & Boyd, C. (2007). LRMAP: Lightweight and resynchronous mutual authentication protocol for RFID system. In ICUCT 2006, lecture notes in computer science (Vol. 4412, pp. 80–89). Berlin: Springer.
van Deursen T., Radomirovic S. (2009) Security of RFID protocols—a case study. Electronic Notes in Theoretical Computer Science 224: 41–52
Avoine, G. (2005). Adversary model for radio frequency identification. Technical Report LASEC-REPORT-2005–001, Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC), Lausanne, Switzerland.
Juels, A., & Weis, S. (2007). Defining strong privacy for RFID. In International conference on pervasive computing and communications—PerCom 2007 (pp. 342–347). New York, USA: IEEE Computer Society Press.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Erguler, I., Anarim, E. Scalability and Security Conflict for RFID Authentication Protocols. Wireless Pers Commun 59, 43–56 (2011). https://doi.org/10.1007/s11277-010-0188-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-010-0188-0