Browse > Article
http://dx.doi.org/10.13089/JKIISC.2010.20.1.63

Secure Mutual Authentication Protocol for RFID System without Online Back-End-Database  

Won, Tae-Youn (Korea University)
Yu, Young-Jun (Korea University)
Chun, Ji-Young (Korea University)
Byun, Jin-Wook (Pyeongtaek University)
Lee, Dong-Hoon (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.20, no.1, 2010 , pp. 63-72 More about this Journal
Abstract
RFID is one of useful identification technology in ubiquitous environments which can be a replacement of bar code. RFID is basically consisted of tag, reader, which is for perception of the tag, and back-end-database for saving the information of tags. Although the usage of mobile readers in cellular phone or PDA increases, related studies are not enough to be secure for practical environments. There are many factors for using mobile leaders, instead of static leaders. In mobile reader environments, before constructing the secure protocol, we must consider these problems: 1) easy to lose the mobile reader 2) hard to keep the connection with back-end-database because of communication obstacle, the limitation of communication range, and so on. To find the solution against those problems, Han et al. suggest RFID mutual authentication protocol without back-end-database environment. However Han et al.'s protocol is able to be traced tag location by using eavesdropping, spoofing, and replay attack. Passive tag based on low cost is required lots of communication unsuitably. Hence, we analyze some vulnerabilities of Han et al.'s protocol and suggest RFID mutual authentication protocol without online back-end-database in aspect of efficiency and security.
Keywords
RFID; Privacy; Security; Mutual authentication;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 A. Juels and S.A. Weis, "Authenticating Pervasive Devices with Human Protocols," Advances in Cryptology -Crypto 2005, LNCS 3621, pp. 293-308, 2005.
2 C. Tan, B. Sheng, and Q. Li, "Secure and Serverless RFID Authentication and Search Protocols," IEEE Transactions on Wireless Communication, vol. 7, no. 4, pp. 1400-1407, Apr. 2008.   DOI
3 권혜진, 이재욱, 전동호, 김순자, "데이터베이스에서의 태그 검색이 쉽고 안전한 RFID 상호인증 프로토콜," 정보보호학회논문지, 18(5), pp. 125-134, 2008년 10월.
4 C. Tan, B. Sheng, and Q. Li, "Serverless Search and Authentication Protocols for RFID," Pervasive Computing and Communications Workshops 2007 (PerCom Workshops 2007), pp. 3-12, Mar. 2007.
5 M. Ohkubo, K. Suzuki, and S. Kinoshita, "Cryptographic Approach to "Privacy-Friendly" Tags," In RFID Privacy Workshop, July 2003.
6 원태연, 천지영, 박춘식, 이동훈, "수동형 RFID 시스템에 적합한 효율적인 상호 인증 프로토콜 설계," 정보보호학회논문지, 18(6A), pp. 63-73, 2008년 12월.
7 A. Juels, "RFID security and privacy: A research survey," IEEE Journal on Selected Areas in Communication, vol. 24, no. 2, pp. 381-394, Feb. 2006.   DOI
8 G. Tsudik, "YA-TRAP: Yet Another Trivial RFID Authentication Protocol," Pervasive Computing and Communications Workshops 2006 (PerCom Workshops 2006), pp. 640-643, Mar. 2006.
9 하재철, 백이루, 김환구, 박제훈, 문상재, "해쉬함수에 기반한 경량화된 RFID 인증 프로토콜," 정보보호학회논문지, 19(3), pp. 61-72, 2009년 6월.
10 R. Paise and S. Vaudenay, "Mutual authentication in RFID: security and privacy," ACM Symposium on Information, Computer and Communications Security (ASIACCS 2008), pp. 292-299, Mar. 2008.
11 정윤수, 김용태, 박길철, 이상호, "RFID를 이용한 IPTV 사용자의 경량화 인증 프로토콜," 정보보호학회논문지, 19(2), pp. 105-115, 2009년 4월.
12 S. Vaudenay, "On Privacy Models for RFID," Advances in Cryptology -ASIACRYPT 2007, LNCS 4833, pp. 68-87, 2007.
13 H. Gilbert, M. Robshaw, and Y. Seurin, "HB#: Increasing the Security and Efficiency of HB+," EUROCRYPT 2008, LNCS 4965, pp. 361-378, 2008.
14 M.E. Hoque, F. Rahman, S.I. Ahamed, and J.H. Park, "Enhancing Privacy and Security of RFID System with Serverless Authentication and Search Protocols in Pervasive Environments," Wireless Personal Communications, Publised Online: 29, July 2009.
15 H.Y. Chien and T.C. Wu, "Improving Varying-Pseudonym-Based RFID Authentication Protocols to Resist Denialof-Service Attacks," 정보보호학회논문지, 18(6B), pp. 259-269, 2008년 12월.
16 S. Han, T.S. Dillon, and E. Chang, "Anonymous Mutual Authentication Protocol for RFID Tag Without Back-End-Database," Mobile Ad-Hoc and Sensor Networks, LNCS 4864, pp. 623-632, 2007.