• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.63-73
• /
• 2008

RFID(Radio Frequency IDentification) system is an automated identification system that basically consists of tags and readers and Back-End-Databases. Tags and Readers communicate with each other by RF signal. As a reader can identify many tags in contactless manner using RF signal, RFID system is expected to do a new technology to replace a bar-code system in supply-chain management and payment system and access control and medical record and so on. However, RFID system creates new threats to the security of systems and privacy of individuals, Because tags and readers communicate with each other in insecure channel using RF signal. So many people are trying to study various manners to solve these problems against attacks, But they are difficult to apply to RFID system based on EPCglobal UHF Class-1 Generation-2 tags. Recently, Chien and Chen proposed a mutual Authentication protocol for RFID conforming to EPCglobal UHF Class-1 Generation-2 tags. we discover vulnerabilities of security and inefficiency about their protocol. Therefore, We analyze vulnerabilities of their protocol and propose an efficient mutual authentication protocol that improves security and efficiency.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.4A
• /
• pp.358-364
• /
• 2007

RFID, Radio Frequency Identification, technology is a contactless automatic identification technology using radio frequency. For this RFID technology to be widely spread, the problem of multiple tag identification, which a reader identifies a multiple number of tags in a very short time, has to be solved. Up to the present, many anti-collision algorithms have been developed in order to solve this problem, and those can be largely divided into ALOHA based algorithm and tree based algorithm. In this paper, two new anti-collision algorithms combining the characteristics of these two categories are presented. And the performances of the two algorithms are compared and evaluated in comparison with those of typical anti-collision algorithms: 18000-6 Type A, Type B, Type C, and query tree algorithm.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.65 no.12
• /
• pp.2240-2250
• /
• 2016

MIFARE Classic is the most popular contactless smart card, which is primarily used in the management of access control and public transport payment systems. It has several security features such as the proprietary stream cipher Crypto 1, a challenge-response mutual authentication protocol, and a random number generator. Unfortunately, multiple studies have reported structural flaws in its security features. Furthermore, various attack methods that target genuine MIFARE Classic cards or readers have been proposed to crack the card. From a practical perspective, these attacks can be partitioned according to the attacker's ability. However, this measure is insufficient to determine the optimal attack flow due to the refined random number generator. Most card-only attack methods assume a predicted or fixed random number, whereas several commercial cards use unpredictable and unfixable random numbers. In this paper, we propose optimal MIFARE Classic attack procedures with regards to the type of random number generator, as well as an adversary's ability. In addition, we show actual attack results from our portable experimental setup, which is comprised of a commercially developed attack device, a smartphone, and our own application retrieving secret data and sector key.