Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Mutual Authentication Protocol using One Time Password for Mobile RFID System

OTP를 이용한 모바일 RFID 상호인증 프로토콜

  • Sung, Jong-Yeop (Department of Information and Communication Engineering, Chosun University) ;
  • Lee, Sang-Duck (Department of Information and Communication Engineering, Chosun University) ;
  • Ryu, Chang-Ju (Department of Information and Communication Engineering, Chosun University) ;
  • Han, Seung-Jo (Department of Information and Communication Engineering, Chosun University)
  • Received : 2014.03.17
  • Accepted : 2014.04.22
  • Published : 2014.07.31
Download PDF
⟨ Previous Next ⟩

Abstract

Mobile RFID system, that consists of the existing RFID reader mounted on the mobile devices such as smartphones, is able to provide the users a variety of services and convenience. But security of mobile RFID system is too weak like the existing RFID system. In this paper, the mobile RFID mutual authentication protocol with high level of security is proposed to overcome the troubles such as cryptographic protocols in the existing RFID system responding with the same value in every authentication procedure and the exposure in the exchange of messages. The proposed protocol exchanges messages unexposed by using the random numbers generated in the mutual authentication between the tag and the reader and making numbers coded with the symmetric key. Besides, the protocol uses the mutual authentication utilizing OTP by considering the characteristics of the reader embedded in mobile devices in the mutual authentication process between the reader and the server. Because changed message in every authentication, which produces safe from spoofing attacks and replay attacks, etc.

모바일 단말기와 RFID(Radio Frequency Identification)통신 기능을 결합한 모바일 RFID는 객체에 대한 정보 확인 및 관련 응용 서비스를 쉽게 이용할 수 있는 기술이다. 모바일 RFID는 기존 RFID와 마찬가지로 보안 기능이 취약해 많은 보안적 위협에 노출되어있다. 본 논문에서는 통신에 참여하는 각 요소들이 생성한 임의의 난수와 대칭키 암호화 알고리즘 OTP(One time Password)를 이용하여 보다 강력한 보안성을 갖는 상호인증 프로토콜을 제안한다. 제안한 프로토콜은 매 인증시 메시지가 변경되기 때문에 기존 프로토콜과 비교하여 스푸핑 공격 및 재전송 공격 등에 안전하다.

Keywords

References

  1. Deborah Platt Majoras, "Radio Frequency Identification : Applications and Implications for Consumers," Workshop Report from the staff of the Federal Trade Commission, Mar. 2005.
  2. S. M. Lee, E. H. Kim, M. S. Jun, "Design of RFID Mutual Authentication Protocol for Mobile," Journal of the Institute of Communication and Information Sciences of Korea, Vol.33, no.2, pp183-190, Feb. 2010.
  3. Hung-Yu Chien and Che-Hao Chen, "Mutual Authentication Protocol for RFID Conforming to EPC Class 1 Generation 2 Standards," Computer Standards & Interfaces, Vol 29 No 2, pp.254-259, Feb. 2007. https://doi.org/10.1016/j.csi.2006.04.004
  4. H. Y. Chien, "Secure Access Control Schemes for RFID System with Anonymity," In Proceedings of 1005 national Workshop on Future Mobile and Ubiquitous Information Technologies. 2006.
  5. Martin Feldhofer, Sandra Dominikus and Johannes Wolkerstorfer. "Strong authentication for RFID systems using the AES algorithm," Workshop on Cryptographic Hardware and Embedded Systems, Lecture Notes in Computer Science, pp. 357-370, 2004.
  6. D.N. Duc, J.M. Park, H.R. Lee and K.J. Kim, "Enhancing Security of EPCglobal GEN-2 RFID Tag against Traceability and Cloning," Symposium on Cryptography and Information Security, 2006.
  7. H. C. Yoon, J. K. Kim, J. Y. Park, J. U. Bum, "Passive RFID Sensor Tag," The Journal of Korean Institute of Electromagnetic Engineering and Science, Vol.16, no.3, pp. 16-25, 2005.
  8. IETF RFC 1760, "The S/KEY One-Time Password System," Feb. 1995.

Cited by

  1. A Study on the Security Technology of Real-time Biometric Data in IoT Environment vol.21, pp.1, 2014, https://doi.org/10.9708/jksci.2016.21.1.085
  2. 인원 출입 권한과 연계한 스마트폰 카메라 제어 시스템 vol.8, pp.11, 2014, https://doi.org/10.15207/jkcs.2017.8.11.093