KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Attacks on and Countermeasures for an RFID Mutual Authentication Scheme in Pervasive Computing Environment

  • Mohaisen, Abedelaziz (Computer Science and Engineering Department, University of Minnesota-Twin Cities) ;
  • Chang, Ku-Young (Information Security Research Division, Electronics and Telecommunication Research Institute) ;
  • Hong, Do-Won (Information Security Research Division, Electronics and Telecommunication Research Institute)
  • Received : 2011.06.16
  • Accepted : 2011.08.28
  • Published : 2011.09.29
Download PDF
⟨ Previous Next ⟩

Abstract

We show that two protocols for RFID mutual authentication in pervasive computing environments, recently proposed by Kang et al, are vulnerable to several attacks. First, we show these protocols do not preserve the privacy of users' location. Once a tag is authenticated successfully, we show several scenarios where legitimate or illegitimate readers can trace the location of that tag without any further information about the tag's identifier or initial private key. Second, since the communication between readers and the database takes place over an insecure communication channel and in the plaintext form, we show scenarios where a compromised tag can gain access to confidential information that the tag is not supposed get access to. Finally, we show that these protocols are also vulnerable to the replay and denial-of-service attacks. While some of these attacks are due to simple flaws and can be easily fixed, others are more fundamental and are due to relaxing widely accepted assumptions in the literature. We examine this issue, apply countermeasures, and re-evaluate the protocols overhead after taking these countermeasures into account and compare them to other work in the literature.

Keywords

References

  1. S.-Y. Kang, D.-G. Lee, I.-Y. Lee, "A Study on Secure RFID Mutual Authentication Scheme in Pervasive Computing Environment," Computer Communications, vol. 31, no. 18, pp. 4248-4254, 2008. https://doi.org/10.1016/j.comcom.2008.05.006
  2. B. Alomair, L. Lazos, R. Poovendran, "Passive Attacks on a Class of Authentication Protocols for RFID," in Proc. of the 10th International Conference on Information Security and Cryptology, pp. 102-115. 2007.
  3. H.-Y. Chien, C.-W. Huang, "A Lightweight Authentication Protocol for Low-cost RFID," Journal of Signal Processing Systems, vol. 59, no. 1, pp. 95-102.
  4. H.-Y. Chien, C.-S. Laih, "ECC-based Lightweight Authentication Protocol with Untraceability for Low-cost RFID, Journal of Parallel Distributed Computing, vol. 69, no. 10, pp. 848-853, 2009. https://doi.org/10.1016/j.jpdc.2009.07.007
  5. P.D.Arco, A.De Santis, "Weaknesses in a Recent Ultra-lightweight RFID Authentication Protocol," in Proc. of the Cryptology in Africa 1st International Conference on Progress in Cryptology, pp. 27-39, 2008.
  6. C.Y. Ng, W. Susilo, Y. Mu, R. Safavi-Naini, "New Privacy Results on Synchronized RFID Authentication Protocols Against Tag Tracing," in Proc. of 14th European Conference on Research in Computer Security, pp. 321-336, 2009.
  7. T. Yeh, C. Wu, Y. Tseng, "Improvement of the RFID Authentication Scheme based on Quadratic Residues, Computer Communications, vol. 34 no. 3, p. 337-341, Mar. 2011. https://doi.org/10.1016/j.comcom.2010.05.011
  8. T. Yeh, Y. Wang, T. Kuo, S. Wang, Securing RFID Systems Conforming to EPC Class 1 Generation 2 standard," Expert Systems with Applications, vol. 37 no. 12, pp. 7678-7683, Dec. 2010. https://doi.org/10.1016/j.eswa.2010.04.074
  9. B. Song, C.J., Mitchell, "RFID Authentication Protocol for Low-cost Tags, in Proc. of the first ACM Conference on Wireless Network Security, pp. 140-147, 2008.
  10. M. B. Paterson, D. R. Stinson, "Two Attacks on a Sensor Network Key Distribution Scheme of Cheng and Agrawal," Journal of Mathematical Cryptology, vol. 2, pp.393-403, 2008.
  11. D. Molnar, D. Wagner, "Privacy and Security in Library RFID:Issues, Practices, and Architectures, in Proc. of ACM Conference on Computer and Communications Security, pp. 210- 219, 2004.
  12. D. Henrici, P Muller, "Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers, in Proc. of IEEE PerCom Workshops, pp. 149-153, 2004.
  13. T.V. Le, M. Burmester, B. Medeiros, "Universally Composable and Forward-secure RFID Authentication and Authenticated Key Exchange," in Proc. of ACM Symposium on Information, Computer and Communications Security, pp. 242-252, 2007.
  14. J. Yang, J. Park, H. Lee, K. Ren, K. Kim, "Mutual Authentication Protocol for Low-cost RFID, in Proc. of Workshop on RFID and Lightweight Cryptography. pp. 17-24, 2005.