Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.6B.259

Improving Varying-Pseudonym-Based RFID Authentication Protocols to Resist Denial-of-Service Attacks  

Chien, Hung-Yu (National Chi Nan University)
Wu, Tzong-Chen (National Taiwan University of Science and Technology)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.18, no.6B, 2008 , pp. 259-269 More about this Journal
Abstract
Applying Varying Pseudonym (VP) to design of Radio Frequency Identification (RFID) authentication protocol outperforms the other existing approaches in several respects. However, this approach is prone to the well-known denial-ofservice (DOS) attack. In this paper, we examine the de-synchronization problems of VP-based RFID authentication protocols, and propose effective solutions to eliminate such weaknesses. We shall show that the proposed solutions indeed improve the security for these protocols, and moreover, these solutions require 0(1) computational cost for identitying a tag and 0(1) key space on the tag. These excellent performances make them very attractive to many RFID applications.
Keywords
authentication; RFID; varying pseudonym; traceability; denial of service;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Avoine, G., and Oechslin, P.: 'RFID traceability: a multi-layer problem'. Proc. Financial Cryptography 2005, LNCS 3570, Springer, pp. 125-140
2 Bringer, J., Chabanne, H. and Dottax, E.: 'HB++: A Lightweight Authentication Protocol Secure against Some Attacks'. IEEE International Conference on Pervasive Service, Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing - SecPerU, 2006
3 Chien, H.-Y., Huang, C.-W.: 'Security of UltraLightweight RPID Authentication Protocols and Its Improvements'. ACM Operating System Reviews, 2007, 41, (2), pp. 83-86   DOI
4 Due, D. N., Park, J., Lee, H., and Kim, K.: 'Enhancing Security of EPCglobal Gen-2 RPID Tag against Traceability and Cloning'. The 2006 Symposium on Cryptography and Information Security, 2006
5 Henrici, A. D., and MAuller, P.: 'Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers'. Proc. of IEEE PerCom 2004, pp.149-153
6 Karthikeyan, S., and Nesterenko, M.: 'RPID security without extensive cryptography'. Proc. of the 3rd ACM workshop on Security of ad hoc and sensor networks, 2005, pp.63-67
7 Lee, S. M., Hwang, Y. J., Lee, D. H., and Lim, J. I.: 'Efficient Authentication for Low-Cost RPID Systems'. International Conference on Computational Science and its Applications - ICCSA 2005, May 2005
8 Molnar, D., and Wagner, D. 'Privacy and security in library RPID: Issues, practices, and architectures'. Proc. Conference on Computer and Communications Security CCS'04, 2004, pp. 210-219
9 Peris-Lopez, P., Hernandez-Castro, J. C., EstevezTapiador, J. M., and Ribagorda, A.: 'M2AP: A Minimalist Mutual-Authentication Protocol for Low-cost RFID Tags'. Proc. of International Conference on Ubiquitous Intelligence and Computing UIC'06, LNCS 4159, Springer, pp.912-923
10 RFID Journal, http://www.rfidiournal.com/
11 Chien, H.-Y.: 'SASI: A New Ultra-Lightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity'. IEEE Transactions on Dependable and Secure Computing, 2007, 4, (4)
12 Avoine, G., Dysli, E., and Oechslin, P.: 'Reducing time complexity in RFID systems'. Proc. th 12th Annual Workshop on Selected Areas in Cryptography (SAC), LNCS 3897, Springer, 2006, pp. 291-306
13 Osaka, K., Takagi, T., Yamazaki, K., and Takahashi, O.: An efficient and secure RPID security method with ownership transfer'. Proc. of International Conference on Computational Intelligence and Security 2006, LNCS 9743, Springer, pp. 1090-1095
14 Yang, J., Ren, K. and Kim, K.: 'Security and privacy on authentication protocol for low-cost radio'. The 2005 Symposium on Cryptography and Information Security, 2005
15 Avoine,G., and Oechslin, P.: 'A scalable and provably secure hash-based RFID protocol'. Proc. IEEE PerCom, 2005, pp. 110-114
16 Chien, H.-Y.: 'DOS attacks on Varying PseudonymsBased RFID Authentication Protocols'. Proc. of IEEE APSCC 2008, Yilan, Taiwan, Dec. 9-12
17 Li, T., and Wang, G.: 'Security Analysis of Two UltraLightweight RPID Authentication Protocols'. IFIP SEC 2007, May 2007
18 Peris-Lopez, P., Hernandez-Castro, J. C., EstevezTapiador, J. M., and Ribagorda, A.: 'LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags'. Proc. of 2nd Workshop on RFID Security, July 2006
19 Munilla, J., and Peinado, A.: 'HB-MP: a further step in the HB-family of lightweight authentication protocols'. Computer Networks, 2007, doi: 10. 1016/ j.comnet.2007.01.011
20 Peris-Lopez, P., Hernandez-Castro, J. C., EstevezTapiador, J. M., and Ribagorda, A: 'EMAP: An Efficient Mutual Authentication Protocol for Low-cost RPID Tags'. OTM Federated Conferences and Workshop: IS Workshop, November 2006
21 Yang, J., Park, Lee, J., Ren, H., K., and Kim, K.: 'Mutual authentication protocol for low-cost RFID'. Handout of the Ecrypt Workshop on RFID and Lightweight Crypto,2005
22 Li, T., and Deng, R. H.: 'Vulnerability Analysis of EMAP-An Efficient RPID Mutual Authentication Protocol'. The Second International Conference on Availability, Reliability and Security (AReS 2007), Vienna, 2007
23 Chien, H.-Y., and Chen, C.-H.: 'Mutual Authentication Protocol for RFID Conforming to EPC Class I Generation 2 Standards'. Computers Standards & Interfaces, 2007, 29, (2), pp 254-259   DOI   ScienceOn
24 Gilbert, H., Robshaw, M., and Sibert, H.: 'An Active Attack against HB+-A Provably Secure Lightweight Authentication Protocol' . Cryptology ePrint Archive, Report 2005/237,2005
25 Kim, J., Choi, D., Kim, I., and Kim, H.: 'Product authentication service of consumer's mobile RPID device'. ISEC'06, 2006, pp. 1-6
26 Juels, A, and Weis, S. A: 'Authenticating pervasive devices with human protocols'. Crypto'05, LNCS 3126, Springer, pp.293-308
27 Lee, Y. K., and Verbauwhede, I.: 'Secure and Lowcost RPID Authentication Protocols'. Adaptive Wireless Networks- AWiN, November 2005
28 Weis, S. A., Sarma, S. E., Rivest, R. L., and Engels, D. W.: 'Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems'. Proc. of the First Security in Pervasive Computing, 2003, LNCS2802, Springer, pp.201-212
29 Rhee, K., Kwak, J., Kim, S., and Won, D.: 'Challengeresponse based RFID authentication protocol for distributed database environment'. International Conference on Security in Pervasive Computing - SPC 2005, pp. 70-84
30 Weis, S. A.: 'Security and Privacy in Radio-Frequency Identification Devices'. Masters Thesis MIT, 2003
31 Piramuthu, S.: 'HB and Related Lightweight Authentication Protocols for Secure RFID Tag/Reader Authentication'. ColIECTeR Europe Conference, June 2006
32 Ohkubo, M., Suzuki, K., and Kinoshita, S.: Cryptographic approach to 'Privacy-friendly' tag'. RPID Privacy workshop, MIT, USA, 2003