The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

A Light-Weight RFID Distance Bounding Protocol

경량 RFID 경계 결정 프로토콜

  • 안해순 (대구대학교 기초교육원 컴퓨터과정) ;
  • 부기동 (경일대학교 컴퓨터공학과) ;
  • 윤은준 (경북대학교 전자전기컴퓨터학부) ;
  • 남인길 (대구대학교 컴퓨터.IT공학부)
  • Received : 2010.02.24
  • Accepted : 2010.05.18
  • Published : 2010.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, it is proved that contactless smart-card based RFID tags, which is used for proximity authentication, are vulnerable to relay attacks with various location-based attacks such as distance fraud, mafia fraud and terrorist fraud attacks. Moreover, distance bounding protocols have been researched to prevent these relay attacks that can measure the message transmitted round-trip time between the reader and the tag. In 2005, Hancke and Kuhn first proposed an RFID distance bounding protocol based on secure hash function. However, the Hancke-Kuhn protocol cannot completely prevent the relay attacks because an adversary has (3/4)$^n$ attack success probability. Thus, this paper proposes a new distance-bounding protocol for light-weight RFID systems that can reduce to (5/8)$^n$ for the adversary's attack success probability. As a result, the proposed protocol not only can provide high-space efficient based on a secure hash function and XOR operation, but also can provide strong security against the relay attacks because the adversary's attack success probability is optimized to (5/8)$^n$.

최근 근접 인증에 사용되는 비접촉식 스마트카드와 같은 RFID 태그들이 경계 위조(distance fraud) 공격, 마피아 위조(mafia fraud) 공격, 테러리스트 위조(terrorist fraud) 공격과 같은 다양한 위치 기반 공격인 중계 공격(relay attack)들에 매우 취약함이 증명되었다. 더 나아가 이러한 중계 공격들을 방지하기 위해 리더와 태그사이의 메시지 송수신 왕복 시간을 측정하는 경계 결정(distance-bounding) 프로토콜이 한 해결책으로 연구되고 있다. 2005년에 Hancke과 Kuhn은 처음으로 해쉬 함수 기반의 RFID 경계 결정 프로토콜을 제안하였다. 하지만 Hancke-Kuhn 프로토콜은 공격자에게 n번의 왕복에서 (3/4)$^n$의 성공 확률을 제공하여 중계 공격을 완벽히 방어할 수 없다. 본 논문에서는 공격자에게 n번의 왕복에서 (5/8)$^n$의 성공 확률을 제공하는 새로운 경량 RFID 경계 결정 프로토콜을 제안한다. 연구 결론으로 제안한 프로토콜은 안전한 해쉬 함수와 XOR 연산을 기반으로 하여 높은 저장 공간 효율성을 제공할 뿐만 아니라, 공격자의 성공 확률을 (5/8)$^n$으로 최적화하여 중계 공격에 대해서도 더욱 더 안전하다.

Keywords

References

  1. S. Capkun and J. Hubaux. Secure positioning of wireless devices with application to sensor networks, IEEE INFOCOM 2005. http://lcawww.epfl.ch/capkun/secpos.pdf
  2. I. Satoh. Location-based services in ubiquitous computing environments, Service-Oriented Computing-ICSOC 2003, Springer-Verlag LNCS 2910, pp 527-42, November 2003. https://doi.org/10.1007/978-3-540-24593-3_36
  3. J.E. Bardram, R.E. Kjær and M.O. Pedersen. Context-aware user authentication-Supporting proximity-based login in pervasive computing, UbiComp 2003, LNCS 2864, pp.107-123, Spring-Verlag 2003.
  4. ISO 14443. Identification cards-contactless integrated circuit cards-proximity cards. International Organization for Standardization, Geneva.
  5. ISO 15693. Identification cards-contactless integrated circuit cards-vicinity cards. International Organization for Standardization, Geneva.
  6. ISO 18092 (ECMA-340). Information technology-telecommunications and information exchange between systems -near field communication-interface and protocol (NFCIP-1). Int. Organization for Standardization, Geneva, 2004.
  7. G.P. Hancke. A practical relay attack on ISO 14443 proximity cards. http://www.cl.cam.ac.uk/˜h275/relay.pdf
  8. G. Hancke and M. Kuhn, An RFID distance bounding protocol, In the 1st International Conference on Security and Privacy for Emergin Areas in Communications Networks (SECURECOMM’05), pages 67-73. IEEE Computer Society, 2005.
  9. Y. Desmedt. Major security problems with the “Unforgeable” (Feige)-Fiat-Shamir proofs of identity and how to overcome them. In SecuriCom'88, pp.15-17, 1988.
  10. Samy Bengio, Gilles Brassard, Yvo Desmedt, Claude Goutier, and Jean-Jacques Quisquater. Secure implementation of identification systems. Journal of Cryptology, 4(3):175-183, 1991.
  11. Thomas Beth and Yvo Desmedt, Identification tokens-or: Solving the chess grandmaster problem. In CRYPTO, pages 169-177. Springer Verlag, 1990.
  12. S. Brands and D. Chaum, Distance-bounding protocols, Advances in Cryptology EUROCRYPT’03, Springer-Verlag LNCS 765, pp 344-59, May, 1993.
  13. Y.-J. Tu and S. Piramuthu, RFID distance bounding protocols, In the 1st International EURASIP Workshop in RFID Technology. Vienna, Austria.
  14. J. Reid, J. Nieto, T. Tang, and B. Senadji, Detecting relay attacks with timing-based protocols, Proceedings of the 2nd ACM Symposium on Information, Computer, and Communications Security, pp.204-213, 2007.
  15. C. Meadows, R. Poovendran, D. Pavlovic, L.W. Chang, and P. Syverson. Distance bounding protocols: authentication logic analysis and collusion attacks. Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks, pp.279-298, Springer-Verlag, 2007.
  16. D. Singelee and B. Preneel, Distance bounding in noisy environments. In: F. Stajano et al., Editors, ESAS 2007, LNCS vol. 4572, Springer, Heidelberg (2007), pp.101-115.
  17. J. Munilla and A. Peinado, Attacks on a distance bounding protocol, Computer Communications, Vol.33, No.7, 2010, pp.884-889. https://doi.org/10.1016/j.comcom.2010.01.002
  18. V. Nikov and M. Vauclair. Yet another secure distancebounding protocol. Available at http://eprint.iacr.org/2008/319. An earlier version appears in SECRYPT 2008.
  19. C. Kim, G. Avoine, F. Koeune, F, Standaert, and O. Pereira, Pereira, The swiss-knife RFID distance bounding protocol, Information Security and Cryptology-ICISC 2009, pp.98-115, Springer-Verlag, 2009.