Abstract
Radio frequency identification (RFID) is a popular kind of automatic identification technologies that uses radio frequencies. Many security and privacy problems my be raised in the using of RFID due to its radio transmission nature. In 2012, Cho et al. (Comput Math Appl, 2012. doi:10.1016/j.camwa.2012.02.025) proposed a new hash-based RFID mutual authentication protocol to solve these problems. However, this protocol was demonstrated to be vulnerable to DOS attack. This paper further shows that Cho et al.’s protocol is vulnerable to traffic analysis and tag/reader impersonation attacks. An improved protocol is also proposed which can prevent the said attacks.
Similar content being viewed by others
References
Chen, Y., Chou, J. S., & Sun, H. M. (2008). A novel mutual-authentication scheme based on quadratic residues for RFID systems. Computer Networks, 52(12), 2373–2380.
Cho, J.-S., Yeo, S.-S., & Kim, S. K. (2011). Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value. Computer Communications, 34, 391–397.
Cho, J.-S., Jeong, Y.-S., & Oh Park, S. (2012). Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol. Computers and Mathematics with Applications. doi:10.1016/j.camwa.2012.02.025.
Curty, J.-P., Declercq, M., Dehollain, C., & Joehl, N. (2006). Design and optimization of passive UHF RFID systems. New York: Springer.
Dimitriou, T. (2005). A lightweight RFID protocol to protect against traceability and cloning attack. In Proceedings of SECURECOMM’05 (pp. 59–66).
Habibi, M. H., Aref, M. R., & Ma, D. (2011). Addressing flaws in RFID authentication protocols. In D. J. Bernstein & S. Chatterjee (Eds.), Proceedings of INDOCRYPT 2011. LNCS (Vol. 7107, pp. 216–235). Heidelberg: Springer.
Han, S., Potgar, V., & Chang, E. (2007). Mutual authentication protocol for RFID tags based on synchronized secret information with monitor. In O. Gervasi & M. Gavrilova (Eds.), Proceedings of ICCSA 2007, LNCS (Vol. 4707, pp. 227–238). Heidelberg: Springer.
Kim, H. (2012). Desynchronization attack on hash-based RFID mutual authentication protocol. Journal of Security Engineering, 9(4), 357–365.
Lee, S., Asano, T., & Kim, K. (2006). RFID mutual authentication scheme based on synchronized secret information. In Proceedings of the 2006 symposium on cryptography and information security.
Lee, Y.-C., Hsieh, Y.-C., You, P.-S., & Chen, T.-C. (2008). An improvement on RFID authentication protocol with privacy protection. In Third international conference on convergence and hybrid information technology (ICCIT 2008) (Vol. 2, pp. 569–573).
Lim, J., Oh, H., & Kim, S. (2008). A new hash-based RFID mutual authentication protocol providing enhanced user privacy protection. In L. Chen, Y. Mu, & W. Susilo (Eds.), Proceedings of ISPEC 2008, LNCS (Vol. 4991, pp. 278–289). Heidelberg: Springer.
Ohkubo, M., Suzuki, K., & Kinoshita, S. (2003). Cryptographic approach to privacy-friendly tag. In RFID privacy workshop. MA, USA: MIT.
Piramuthu, S. (2011). RFID mutual authentication protocols. Decision Support Systems, 50, 387–393.
Safkhani, M., Peris-Lopez, P., Hernandez-Castro, J. C., Bagheri, N., & Naderi, M., (2011). Cryptanalysis of Cho et al’.s protocol, a hash-based mutual authentication protocol for RFID systems. Cryptology ePrint Archive, Report 2011/311. http://eprint.iacr.org/2011/331.pdf.
Yang, J., Park, J., Lee, H., Ren, K., & Kim, K. (2005). Mutual authentication protocol for low-cost RFID. In Proceedings of the workshop on RFID and lightweight cryptography (pp. 17–24).
Yeh, T.-C., Wua, C.-H., & Tseng, Y.-M. (2011). Improvement of the RFID authentication scheme based on quadratic residues. Computer Communications, 34, 337–341.
Yoon, E.-J. (2012). Improvement of the securing RFID systems conforming to EPC class 1 generation 2 standard. Expert Systems with Applications, 39(1), 1589–1594.
Yu, S., Ren, K., & Lou, W. (2007). A privacy-preserving lightweight authentication protocol for low-cost RFID tags. In IEEE MILCOM (pp. 1–7).
Author information
Authors and Affiliations
Corresponding author
Appendix
Appendix
Lemma 1
Let \(a\) and \(b\) be random numbers from the set \(\{0, 1, \ldots , 2^n-1\}\) and \(b>1\). The probability that \(a\le b\) is greater than \(\dfrac{1}{2}\).
Proof
we define
and
So,
\(\square \)
Lemma 2
Let \(a, b\) and \(c\) be random numbers from the set \(\{0, 1, \ldots , 2^n-1\}\) and \(b>1\). The probability that \(a\oplus c\le b\) is greater than \(1/2\).
Proof
For fixed \(a\) and \(b\), we define
Thus, for each \((c,a,b)\in \mathcal{A }_{(a, b)}\), there exist an \(r\) such that
Now, let
Hence, the total number of tuples \((c, a, b)\) such that \(a\oplus c\le b\) and \(b>1\) is equal to
On the other hand,
Now, the probability that for random \(c, a\) and \(b>1,\,a\oplus b<c\) is equal with
\(\square \)
Rights and permissions
About this article
Cite this article
Dehkordi, M.H., Farzaneh, Y. Improvement of the Hash-Based RFID Mutual Authentication Protocol. Wireless Pers Commun 75, 219–232 (2014). https://doi.org/10.1007/s11277-013-1358-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-013-1358-7