Improvement of the Hash-Based RFID Mutual Authentication Protocol

Abstract

Radio frequency identification (RFID) is a popular kind of automatic identification technologies that uses radio frequencies. Many security and privacy problems my be raised in the using of RFID due to its radio transmission nature. In 2012, Cho et al. (Comput Math Appl, 2012. doi:10.1016/j.camwa.2012.02.025) proposed a new hash-based RFID mutual authentication protocol to solve these problems. However, this protocol was demonstrated to be vulnerable to DOS attack. This paper further shows that Cho et al.’s protocol is vulnerable to traffic analysis and tag/reader impersonation attacks. An improved protocol is also proposed which can prevent the said attacks.

Appendix

Lemma 1

Let \(a\) and \(b\) be random numbers from the set \(\{0, 1, \ldots , 2^n-1\}\) and \(b>1\). The probability that \(a\le b\) is greater than \(\dfrac{1}{2}\).

Proof

we define

$$\begin{aligned}&\mathcal{A }:=\Big \{(a, b)\;\Big |\;0\le a<2^n,\; 2\le b<2^n,\; \text {and}\; a<b \Big \}\\&\quad =\bigcup ^{2^{n}-1}_{b=2} \{(a, b)\;|\;a=0, 1, \ldots , b\}, \end{aligned}$$

and

$$\begin{aligned} \mathcal{S }:=\Big \{(a, b)\;\Big |\;0\le a<2^n,\;2\le b<2^n\Big \}\cdot \end{aligned}$$

So,

$$\begin{aligned} \mathtt Pr [(a, b)\in \mathcal{A }]&= \frac{|\mathcal{A }|}{|\mathcal{S }|}\\&= \frac{\frac{2^{n}(2^{n}+1)}{2}-3}{2^{n}(2^{n}-2)}\\&= \frac{1}{2}+\frac{3}{2(2^{n}-2)}-\frac{3}{2^{n}(2^{n}-2)}\\&> \frac{1}{2}\cdot \end{aligned}$$

\(\square \)

Lemma 2

Let \(a, b\) and \(c\) be random numbers from the set \(\{0, 1, \ldots , 2^n-1\}\) and \(b>1\). The probability that \(a\oplus c\le b\) is greater than \(1/2\).

Proof

For fixed \(a\) and \(b\), we define

$$\begin{aligned} \mathcal{A }_{(a,b)}:=\Big \{(c,a,b)\;\big |\;c=a\oplus r\; \text {where}\;0\le r\le b \Big \}\cdot \end{aligned}$$

Thus, for each \((c,a,b)\in \mathcal{A }_{(a, b)}\), there exist an \(r\) such that

$$\begin{aligned} a\oplus c= a\oplus a\oplus r =r\le b. \end{aligned}$$

Now, let

$$\begin{aligned} \mathcal{A }:= \bigcup _{\mathop {0\le a<2^n}\limits _{2\le b<2^n}}\mathcal{A }_{(a, b)}\cdot \end{aligned}$$

Hence, the total number of tuples \((c, a, b)\) such that \(a\oplus c\le b\) and \(b>1\) is equal to

$$\begin{aligned} |\mathcal{A }|&= \sum _{b=2}^{2^n-1}\sum _{a=0}^{2^n-1}|\mathcal{A }_{(a, b)}|\\&= \sum _{b=2}^{2^n-1}\sum _{a=0}^{2^n-1}(b+1)\\&= 2^n\sum _{b=2}^{2^n-1}(b+1)\\&= 2^n\left( \dfrac{2^n(2^n+1)}{2}-3\right) \!\!\cdot \\ \end{aligned}$$

On the other hand,

$$\begin{aligned}&\mathcal{S } :=\Big \{(c,a,b)\;\big |\;0\le a,b\le 2^n-1,\; 2\le c\le 2^n-1\Big \},\\&|\mathcal{S }|=2^n2^n(2^n-2)\cdot \\ \end{aligned}$$

Now, the probability that for random \(c, a\) and \(b>1,\,a\oplus b<c\) is equal with

$$\begin{aligned} \mathrm{Pr}[(c,a,b)\in \mathcal{A }]&= \dfrac{|\mathcal{A }|}{|\mathcal S |}\\&= \dfrac{1}{2}+\dfrac{3}{2(2^n-2)}-\dfrac{3}{2^n(2^n-2)}>\dfrac{1}{2}\cdot \end{aligned}$$

\(\square \)