Browse > Article
http://dx.doi.org/10.3837/tiis.2011.09.011

Attacks on and Countermeasures for an RFID Mutual Authentication Scheme in Pervasive Computing Environment  

Mohaisen, Abedelaziz (Computer Science and Engineering Department, University of Minnesota-Twin Cities)
Chang, Ku-Young (Information Security Research Division, Electronics and Telecommunication Research Institute)
Hong, Do-Won (Information Security Research Division, Electronics and Telecommunication Research Institute)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.5, no.9, 2011 , pp. 1684-1697 More about this Journal
Abstract
We show that two protocols for RFID mutual authentication in pervasive computing environments, recently proposed by Kang et al, are vulnerable to several attacks. First, we show these protocols do not preserve the privacy of users' location. Once a tag is authenticated successfully, we show several scenarios where legitimate or illegitimate readers can trace the location of that tag without any further information about the tag's identifier or initial private key. Second, since the communication between readers and the database takes place over an insecure communication channel and in the plaintext form, we show scenarios where a compromised tag can gain access to confidential information that the tag is not supposed get access to. Finally, we show that these protocols are also vulnerable to the replay and denial-of-service attacks. While some of these attacks are due to simple flaws and can be easily fixed, others are more fundamental and are due to relaxing widely accepted assumptions in the literature. We examine this issue, apply countermeasures, and re-evaluate the protocols overhead after taking these countermeasures into account and compare them to other work in the literature.
Keywords
RFID; mutual authentication; attacks and countermeasures; pervasive computing environments;
Citations & Related Records

Times Cited By Web Of Science : 0  (Related Records In Web of Science)
Times Cited By SCOPUS : 0
연도 인용수 순위
  • Reference
1 S.-Y. Kang, D.-G. Lee, I.-Y. Lee, "A Study on Secure RFID Mutual Authentication Scheme in Pervasive Computing Environment," Computer Communications, vol. 31, no. 18, pp. 4248-4254, 2008.   DOI   ScienceOn
2 B. Alomair, L. Lazos, R. Poovendran, "Passive Attacks on a Class of Authentication Protocols for RFID," in Proc. of the 10th International Conference on Information Security and Cryptology, pp. 102-115. 2007.
3 H.-Y. Chien, C.-W. Huang, "A Lightweight Authentication Protocol for Low-cost RFID," Journal of Signal Processing Systems, vol. 59, no. 1, pp. 95-102.
4 H.-Y. Chien, C.-S. Laih, "ECC-based Lightweight Authentication Protocol with Untraceability for Low-cost RFID, Journal of Parallel Distributed Computing, vol. 69, no. 10, pp. 848-853, 2009.   DOI   ScienceOn
5 P.D.Arco, A.De Santis, "Weaknesses in a Recent Ultra-lightweight RFID Authentication Protocol," in Proc. of the Cryptology in Africa 1st International Conference on Progress in Cryptology, pp. 27-39, 2008.
6 C.Y. Ng, W. Susilo, Y. Mu, R. Safavi-Naini, "New Privacy Results on Synchronized RFID Authentication Protocols Against Tag Tracing," in Proc. of 14th European Conference on Research in Computer Security, pp. 321-336, 2009.
7 T. Yeh, C. Wu, Y. Tseng, "Improvement of the RFID Authentication Scheme based on Quadratic Residues, Computer Communications, vol. 34 no. 3, p. 337-341, Mar. 2011.   DOI   ScienceOn
8 T. Yeh, Y. Wang, T. Kuo, S. Wang, Securing RFID Systems Conforming to EPC Class 1 Generation 2 standard," Expert Systems with Applications, vol. 37 no. 12, pp. 7678-7683, Dec. 2010.   DOI   ScienceOn
9 B. Song, C.J., Mitchell, "RFID Authentication Protocol for Low-cost Tags, in Proc. of the first ACM Conference on Wireless Network Security, pp. 140-147, 2008.
10 M. B. Paterson, D. R. Stinson, "Two Attacks on a Sensor Network Key Distribution Scheme of Cheng and Agrawal," Journal of Mathematical Cryptology, vol. 2, pp.393-403, 2008.
11 D. Molnar, D. Wagner, "Privacy and Security in Library RFID:Issues, Practices, and Architectures, in Proc. of ACM Conference on Computer and Communications Security, pp. 210- 219, 2004.
12 D. Henrici, P Muller, "Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers, in Proc. of IEEE PerCom Workshops, pp. 149-153, 2004.
13 J. Yang, J. Park, H. Lee, K. Ren, K. Kim, "Mutual Authentication Protocol for Low-cost RFID, in Proc. of Workshop on RFID and Lightweight Cryptography. pp. 17-24, 2005.
14 T.V. Le, M. Burmester, B. Medeiros, "Universally Composable and Forward-secure RFID Authentication and Authenticated Key Exchange," in Proc. of ACM Symposium on Information, Computer and Communications Security, pp. 242-252, 2007.