Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Vulnerability Analysis of Multi-Context RFID Mutual Authentication Protocol

다중 컨텍스트 RFID 상호 인증 프로토콜의 보안 취약점 분석

  • Kim, Young-Back (Electronics and Telecommunications Research Institute) ;
  • Kim, Sung-Soo (Dept. of Mobile Engineering, Kyungwoon University) ;
  • Chung, Kyung-Ho (Dept. of Computer Engineering, Kyungpook National University) ;
  • Kim, Soo-Yong (School of Computer Aided Mechanical Engineering, Yeungjin College) ;
  • Yun, Tae-Jin (Dept. of Mobile Engineering, Kyungwoon University) ;
  • Ahn, Kwang-Seon (Dept. of Computer Engineering, Kyungpook National University)
  • 김영백 (한국전자통신연구원) ;
  • 김성수 (경운대학교 모바일공학과) ;
  • 정경호 (경북대학교 컴퓨터공학과) ;
  • 김수용 (영진전문대학 컴퓨터응용기계계열) ;
  • 윤태진 (경운대학교 모바일공학과) ;
  • 안광선 (경북대학교 컴퓨터공학과)
  • Received : 2013.08.21
  • Accepted : 2013.09.10
  • Published : 2013.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we analyze the security vulnerability through the several attack scenarios for the MCR-MAP(Multi-Context RFID Mutual Authentication Protocol) proposed by Ahn et al. And we propose the secure mutual authentication protocol that improved a prior MCR-MAP. The suggested protocol uses the ID of the legal tag and the timestamp generated by the server, when the tag tries to authenticate. And when the tag creates the credential, we create the new secret key computing the XOR operation between the secret key shared with the server and the tag timestamp generated by the server. As a result, the proposed protocol provides the secure mutual authentication and then is safe to spoofing attack. Also it provides forward-secrecy and then is safe to offline brute-burst attack. In this paper, we compare and verify the security vulnerability of the prior and the proposed protocol through the security analysis.

본 논문에서는 Ahn 등이 제안한 다중 컨텍스트 RFID 상호 인증 프로토콜(MCR-MAP)의 보안 취약점을 공격 시나리오를 통해 분석하고 이를 개선한 MCR-MAP을 제안한다. 제안된 프로토콜은 태그가 인증을 시도할 때 정당한 태그 ID와 서버에서 생성한 타임스탬프를 동시에 요구하도록 개선하였다. 그리고 태그가 신임장(Credential)을 생성할 때 서버와 태그가 공유하는 비밀키와 서버에서 생성한 타임스탬프를 XOR 연산한 값을 비밀키로 사용하도록 개선하였다. 이에 따라 제안된 프로토콜은 안전한 상호 인증을 제공하므로 위장 공격에 안전하며, 전방향 안전성을 제공하므로 오프라인 전수 공격에도 안전하다. 본 논문에서는 안전성 분석을 통해서 기존 프로토콜과 제안된 프로토콜의 보안 안전성을 비교 검증하였다.

Keywords

References

  1. M. Weiser, "Some Computer Science Issues in Ubiquitous Computing," Communications of the ACM, vol. 36, no. 7, pp. 74-84, July 1993.
  2. K. Finkenzeller, "RFID Handbook: Fundamentals and applications in Contactless Smart Cards and Identification," Second Edition, John Wiley &Sons Ltd, pp. 195-219, 2003.
  3. Selim Volkan Kaya, Erkay Savas, Albert Levi and Ozgur Ercetin, "Public key cryptography based privacy preserving multi-context RFID infrastructure," Ad Hoc Networks, Vol. 7, pp. 136-152, Jan. 2009. https://doi.org/10.1016/j.adhoc.2007.12.004
  4. H.S. Ahn, E.J. Yoon, I.G. Nam, "Privacy Preserving and Relay Attack Preventing Multi-Context RFID Mutual Authentication Protocol," Journal of KICS, Vol. 36, No. 8, pp. 1028-1037, Aug. 2011. https://doi.org/10.7840/KICS.2011.36B.8.1028
  5. N. Borselius, "Mobile Agent Security," Electronics and Communication Engineering Journal, vol. 14, no. 5, pp. 211-218, Oct. 2002. https://doi.org/10.1049/ecej:20020504
  6. A. Juels, "RFID Security and Privacy: A Research Survey," IEEE Journal of Selected Areas in Communications, vol. 24, no. 2, pp. 381-394, Feb. 2006. https://doi.org/10.1109/JSAC.2005.861395
  7. A. Juels, R.L. Rivest, M. Szydlo, "The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy," 10th ACM Computer and Communications Security Conference (CCS'03), pp. 103-111, Oct. 2003.
  8. S. Weis, S. Sarma, R. Rivest, and D. Engels, "Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems," In Security in Pervasive Computing, LNCS 2802, pp.201-212, 2005.
  9. M. Ohkubo, K. Suzuki, and S. Kinoshita, "A Cryptographic Approach to "Privacy-Friendly" tag," RFID Privacy Workshop, 2003.
  10. A. Juels, R. Pappu, "Squealing Euros : Privacy protection in RFID-enabled banknotes," Financial cryptography International conference, LNCS 2742, pp.103-123, 2003.
  11. P. Golle, M. Jakobsson, A. Juels, and P. Syverson, "Universal Re-encryption for mixnets," RSA Conference Cryptographers Track '04, LNCS 2964, pp.163-178, 2003.
  12. Y.S. Kang, Y.J. Choi, D.H. Choi, S.Y. Lee, H.S. Lee, "Design Implementation of Lightweight and High Speed Security Protocol Suitable for UHF Passive RFID Systems," Journal of KICS, Vol. 20, No. 4, pp. 117-134, Aug. 2010.
  13. M. Feldhofer, S. Dominikus, and J. Wolkerstorfer, "Strong Authentication for RFID Systems Using the AES Algorithm," Cryptographic Hardware and Embedded Systems, LNCS 3156, pp.85-140, 2004.
  14. T. Good, M. Benaissa, "A low-frequency RFID to challenge security and privacy concerns," Proceedings of IEEE 6th International Conference on Mobile Adhoc and Sensor Systems (MASS'09), pp. 856-863 Oct. 2009.
  15. M. Kim, J. Ryou, Y. Choi and S. Jun, "Low-cost Cryptographic Circuits for authentication in Radio Frequency Identification Systems," Proceedings of International symposium on Consumber Electronics (ISCE'06), pp. 1-5, Jun. 2007.
  16. A. Kerckhoffs, "La cryptographie militaire," Journal des sciences militaires, vol. 9, pp.5-83, Jan. 1883. (http://petitcolas.net/fabien/kerckhoffs/)
  17. EPCTM Generation 1 Tag Data Standards Version 1.1 Rev.1.27, EPCglobal, Standard Specification, May 2005.