Browse > Article
http://dx.doi.org/10.9708/jksci.2013.18.10.071

A Vulnerability Analysis of Multi-Context RFID Mutual Authentication Protocol  

Kim, Young-Back (Electronics and Telecommunications Research Institute)
Kim, Sung-Soo (Dept. of Mobile Engineering, Kyungwoon University)
Chung, Kyung-Ho (Dept. of Computer Engineering, Kyungpook National University)
Kim, Soo-Yong (School of Computer Aided Mechanical Engineering, Yeungjin College)
Yun, Tae-Jin (Dept. of Mobile Engineering, Kyungwoon University)
Ahn, Kwang-Seon (Dept. of Computer Engineering, Kyungpook National University)
Publication Information
Journal of the Korea Society of Computer and Information / v.18, no.10, 2013 , pp. 71-80 More about this Journal
Abstract
In this paper, we analyze the security vulnerability through the several attack scenarios for the MCR-MAP(Multi-Context RFID Mutual Authentication Protocol) proposed by Ahn et al. And we propose the secure mutual authentication protocol that improved a prior MCR-MAP. The suggested protocol uses the ID of the legal tag and the timestamp generated by the server, when the tag tries to authenticate. And when the tag creates the credential, we create the new secret key computing the XOR operation between the secret key shared with the server and the tag timestamp generated by the server. As a result, the proposed protocol provides the secure mutual authentication and then is safe to spoofing attack. Also it provides forward-secrecy and then is safe to offline brute-burst attack. In this paper, we compare and verify the security vulnerability of the prior and the proposed protocol through the security analysis.
Keywords
Multi-Context; RFID; Mutual Authentication;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 H.S. Ahn, E.J. Yoon, I.G. Nam, "Privacy Preserving and Relay Attack Preventing Multi-Context RFID Mutual Authentication Protocol," Journal of KICS, Vol. 36, No. 8, pp. 1028-1037, Aug. 2011.   과학기술학회마을   DOI   ScienceOn
2 N. Borselius, "Mobile Agent Security," Electronics and Communication Engineering Journal, vol. 14, no. 5, pp. 211-218, Oct. 2002.   DOI   ScienceOn
3 A. Juels, "RFID Security and Privacy: A Research Survey," IEEE Journal of Selected Areas in Communications, vol. 24, no. 2, pp. 381-394, Feb. 2006.   DOI   ScienceOn
4 A. Juels, R.L. Rivest, M. Szydlo, "The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy," 10th ACM Computer and Communications Security Conference (CCS'03), pp. 103-111, Oct. 2003.
5 S. Weis, S. Sarma, R. Rivest, and D. Engels, "Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems," In Security in Pervasive Computing, LNCS 2802, pp.201-212, 2005.
6 M. Ohkubo, K. Suzuki, and S. Kinoshita, "A Cryptographic Approach to "Privacy-Friendly" tag," RFID Privacy Workshop, 2003.
7 A. Juels, R. Pappu, "Squealing Euros : Privacy protection in RFID-enabled banknotes," Financial cryptography International conference, LNCS 2742, pp.103-123, 2003.
8 P. Golle, M. Jakobsson, A. Juels, and P. Syverson, "Universal Re-encryption for mixnets," RSA Conference Cryptographers Track '04, LNCS 2964, pp.163-178, 2003.
9 Y.S. Kang, Y.J. Choi, D.H. Choi, S.Y. Lee, H.S. Lee, "Design Implementation of Lightweight and High Speed Security Protocol Suitable for UHF Passive RFID Systems," Journal of KICS, Vol. 20, No. 4, pp. 117-134, Aug. 2010.   과학기술학회마을
10 M. Feldhofer, S. Dominikus, and J. Wolkerstorfer, "Strong Authentication for RFID Systems Using the AES Algorithm," Cryptographic Hardware and Embedded Systems, LNCS 3156, pp.85-140, 2004.
11 T. Good, M. Benaissa, "A low-frequency RFID to challenge security and privacy concerns," Proceedings of IEEE 6th International Conference on Mobile Adhoc and Sensor Systems (MASS'09), pp. 856-863 Oct. 2009.
12 M. Weiser, "Some Computer Science Issues in Ubiquitous Computing," Communications of the ACM, vol. 36, no. 7, pp. 74-84, July 1993.
13 K. Finkenzeller, "RFID Handbook: Fundamentals and applications in Contactless Smart Cards and Identification," Second Edition, John Wiley &Sons Ltd, pp. 195-219, 2003.
14 Selim Volkan Kaya, Erkay Savas, Albert Levi and Ozgur Ercetin, "Public key cryptography based privacy preserving multi-context RFID infrastructure," Ad Hoc Networks, Vol. 7, pp. 136-152, Jan. 2009.   DOI   ScienceOn
15 EPCTM Generation 1 Tag Data Standards Version 1.1 Rev.1.27, EPCglobal, Standard Specification, May 2005.
16 M. Kim, J. Ryou, Y. Choi and S. Jun, "Low-cost Cryptographic Circuits for authentication in Radio Frequency Identification Systems," Proceedings of International symposium on Consumber Electronics (ISCE'06), pp. 1-5, Jun. 2007.
17 A. Kerckhoffs, "La cryptographie militaire," Journal des sciences militaires, vol. 9, pp.5-83, Jan. 1883. (http://petitcolas.net/fabien/kerckhoffs/)