한국통신학회논문지 (The Journal of Korean Institute of Communications and Information Sciences)

  • 제36권8B호
  • /
  • Pages.1028-1037
  • /
  • 2011
  • /
  • 1226-4717(pISSN)
  • /
  • 2287-3880(eISSN)
한국통신학회 (The Korean Institute of Commucations and Information Sciences)
권호 표지
DOI QR코드

DOI QR Code

프라이버시를 제공하고 중계 공격에 안전한 다중-컨텍스트 RFID 상호 인증 프로토콜

Privacy Preserving and Relay Attack Preventing Multi-Context RFID Mutual Authentication Protocol

  • 안해순 (대구대학교 기초교육원 컴퓨터과정) ;
  • 윤은준 (경북대학교 전자전기컴퓨터학부) ;
  • 남인걸 (대구대학교 컴퓨터.IT공학부)
  • 투고 : 2011.03.30
  • 심사 : 2011.07.12
  • 발행 : 2011.08.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

최근 Selim등은 공개키 암호 기반의 프라이버시를 제공하기 위해 다중-컨텍스트 RFID 인증 프로토콜을 제안하였다. 하지만 Selim등이 제안한 프로토콜은 리더와 태그 간의 인증을 수행하는 과정에서 공개키 기반의 암호 알고리즘을 사용하므로 수동형 태그에는 적합하지 않을 뿐만 아니라 상호 인증 부재로 인한 위장 공격에 취약하다. 위와 같은 효율성 문제와 보안 취약점 해결을 위해 본 논문에서는 각각 다른 영역에서 단일 수동형 태그와 다양한 목적을 제공하는 리더들 간의 상호 인증을 제공함으로써 프라이버시 침해와 태그 위장 공격을 방지하며, 중계 공격과 서비스 거부 공격에 안전한 다중-컨텍스트 RFID 상호 인증 프로토콜을 제안한다. 결론적으로 제안한 프로토콜은 RFID 리더로부터 수집된 공간과 시간의 정보를 토대로 안전한 상호 인증이 수행되고, 수동형 태그에 적합하도록 안전한 일방향 해쉬 함수와 대칭키 암호 연산을 수행함으로써 강한 보안성과 높은 연산 효율성을 제공한다.

Recently, Selim et al proposed public key cryptography based privacy preserving multi-context RFID authentication protocol. However Selim et al's proposed protocol not only doesn't fit into passive tag based RFID system because it uses public key based encryption algorithm to perform authentication between reader and tag, but also is insecure to an impersonation attack because it doesn't provide mutual authentication. In order to eliminate the above described efficiency problem and security vulnerabilities, this paper proposes a new multi-context RFID mutual authentication protocol that can prevent privacy invasion and tag impersonation attack through providing mutual authentication between single passive tag which is located different application space and readers which provide multi-context purposes and can secure against relay attack and denial-of-service attack. As a result, the proposed protocol performs secure mutual authentication based on the collected space and time information from the RFID reader and provides strong security and high computation efficiency because if performs secure one-way hash function and symmetric encryption operations suitable to the environments of passive RFID tags.

키워드

참고문헌

  1. I. Satoh. Location-based services in ubiquitous computing environments, Service-Oriented Computing-ICSOC 2003, Springer-Verlag LNCS 2910, pp.527-42, November 2003.
  2. L.Srivastava, "Ubiquitous network societies: The case of Radio Frequency Identification, background paper", International telecommunication union (ITU)new initiatives workshop on ubiquitous network societies, Geneva, Switzerland, 2005.
  3. Choi, Eun Young and Lee, Su Mi and Lee, Dong Hoon, "Efficient RFID Authentication protocol for Ubiquitous Computing Environment" In International Workshop on Security in Ubiquitous Computing Systems - secubiq 2005, Volume 3823 LNCS, pp.945-95.
  4. 안해순, 부기동, 윤은준, 남인길, "RFID/USN 환경을 위한 개선된 인증 프로토콜," 전자공학회논문지, 제46권, 제CI-1호, pp.1-10, 2009.
  5. S.Shepard, "RFID: Radio Frequency Identification", New York, USA: Mc Graw Hill, 2005.
  6. ISO 14443. Identification cards-Contactless integrated circuit cards-Proximity cards. International Organization for Standardization, Geneva.
  7. ISO 15693. Identification cards - Contactless integrated circuit cards-Vicinity cards. International Organization for Standardization, Geneva.
  8. J.E. Bardram, R.E. Kjaer and M.O. Pedersen. Context-aware user authentication-Supporting proximity-based login in pervasive computing, UbiComp 2003, LNCS 2864, pp.107-123, Spring-Verlag 2003.
  9. S. E. Sarma, S. A. Weis, D. W. Engels. "RFID systems, security & privacy implications," White Paper MIT-AUTOID-WH_014, MIT AUTO-ID CENTER, 2002.
  10. K.Finkenzeller, "RFID handbook: fundamentals and applications in Contactless smart cards and identification", (2nd ed.), Munich, Germany: Wiley, 2003.
  11. S. Garfinkel and B. Rosenberg, "RFID applications, security, and privacy", Boston, USA: Addison-Wesley, 2005.
  12. T. Cao and P. Shen, "Cryptanalysis of two RFID authentication protocols", International journal of network security, In press, 2008.
  13. M. Ohkubo, K. Suzuki, and S. Kinoshita, "Hash-chain based forward-secure privacy protection scheme for low-cost RFID," Proceedings of the SCIS 2004, pp.719-724, 2004.
  14. Selim Volkan Kaya, Erkay Savas, Albert Levi and Ozgur Ercetin. Public key cryptography based privacy preserving multi-context RFID infrastructure. Ad Hoc Networks, volume 7, pages 136-152, 2009. https://doi.org/10.1016/j.adhoc.2007.12.004
  15. S. Junichiro, H. Jae-Cheol and S. Kouichi, "Enhancing privacy of universal re-encryption scheme for RFID tags," EUC 2004, Vol. 3207 LNCS, pp.879-890, Springer-Verlag, 2004.
  16. S. A. Weis, S. Sarma, R. Rivest, D. Engels, "Security and privacy aspects of low-cost radio frequency identification systems," Security in Pervasive Computing 2003, LNCS 2802, pp.201-212, Springer-Verlag, 2004.
  17. Weis, S. et al, "Security and Privacy in Radio-Frequency Identification Devices", Massachusetts Institute of Technology, 2003.
  18. A. Juels and R. Pappu, "Squealing euros: privacy protection in RFID-enabled banknotes," In proceedings of Financial Cryptography- FC'03, Vol.2742 LNCS, pp.103-121, Springer- Verlag, 2003.
  19. J. Yang, J. Park, H. Lee, K. Ren, and K. Kim, "Mutual authentication protocol for low-cost RFID", Handout of the Encrypt Workshop on RFID and Lightweight Crypto, 2005.
  20. R. Winternitz, "A secure one-way hash function built from DES," In Proceedings of the IEEE Symposium on Information Security and Privacy, IEEE Press, pp.88-90, 1984.
  21. M. Feldhofer, S. Dominikus, J. Wolkerstorfer, Strong authentication for RFID systems using the AES algorithm, in: M. Joye, J.J. Quisquater (Eds.), CHES 2004, LNCS, vol. 3156, Springer-Verlag, 2004, pp.357-370.
  22. M.S. Hwang, I.C. Lin, and L.H. Li. A Simple Micro-payment Scheme, The Journal of Systems and Software, Vol.55 pp.221-229, 2001. https://doi.org/10.1016/S0164-1212(00)00072-8