On the security of mutual authentication protocols for RFID systems: the case of wei et al. 's protocol
15 Sep 2011-pp 90-103
TL;DR: This paper considers the security of a recently proposed mutual authentication protocol by Wei et al. which is a hash based protocol, and presents an improved version of this protocol, which is immune against the attacks presented in this work.
Abstract: Authentication is one of the most basic and important cryptographic tasks. Mutual authentication protocols play a crucial role on the security of RFID systems. In this paper, we consider the security of a recently proposed mutual authentication protocol by Wei et al. which is a hash based protocol. We present efficient tag impersonation attack, two desynchronization attacks, reader impersonation attack and traceability attack against this protocol. The success probabilities of the attacks are "1" or 1−2−(n−1), where n is the length of the secret value shared between the tag and the reader. The complexity of each one of the presented attacks is only two runs of protocol. Vulnerabilities presented in the present work rule out the practical usage of this protocol. To the best of our knowledge, this is the first security analysis of Wei et al.'s protocol. Finally, we exhibit an improved version of this protocol, which is immune against the attacks presented in this work.
Citations
More filters
TL;DR: An improved version of protocol is proposed which is more efficient compared to the original protocol while provides the desired security against the presented attacks.
Abstract: Recently, Chen et al. have proposed a novel tamper resistant prescription RFID access control system, published in the Journal of Medical Systems. In this paper we consider the security of the proposed protocol and identify some existing weaknesses. The main attack is a reader impersonation attack which allows an active adversary to impersonate a legitimate doctor, e.g. the patient's doctor, to access the patient's tag and change the patient prescription. The presented attack is quite efficient. To impersonate a doctor, the adversary should eavesdrop one session between the doctor and the patient's tag and then she can impersonate the doctor with the success probability of `1'. In addition, we present efficient reader-tag to back-end database impersonation, de-synchronization and traceability attacks against the protocol. Finally, we propose an improved version of protocol which is more efficient compared to the original protocol while provides the desired security against the presented attacks.
15 citations
14 Nov 2013
TL;DR: A new RFID mutual authentication protocol is proposed based on the Keccak algorithm which is the winner of the SHA-3 competition and satisfies some properties of lightweight hash function.
Abstract: Hash-based RFID authentication is an important method to provide security and privacy of RFID systems, due to the limitations of resource consumption and computation capability of RFID tags. A new RFID mutual authentication protocol is proposed based on the Keccak algorithm which is the winner of the SHA-3 competition and satisfies some properties of lightweight hash function. In the proposed protocol, a state-based pre-updating mechanism of the authentication key is presented to improve the reliability of protocol and the ability to resist DoS attack. Analysis shows that the proposed protocol is very secure and efficient and suitable for low-cost RFID authentication. The main resource consumption of the proposed protocol comes from the SHA-3 algorithm which is simulated in Synopsys Design Compiler. The results show that the area of the SHA-3 algorithm is 3519 GE which meets the requirement of low-cost RFID tag.
13 citations
Additional excerpts
...Keywords RFID; Hash Function; Keccak; Mutual...
[...]
Book•
01 Jan 2014TL;DR: A systematic overview on RFID security and privacy is provided at both the physical and network level, which means that RFID devices should be identified with assurance in the presence of attacks, while RFID privacy requires that RFIDs should be identify without disclosure of any valuable information about the devices.
Abstract: As a fast-evolving new area, RFID security and privacy has quickly grown from a hungry infant to an energetic teenager during recent years. Much of the exciting development in this area is summarized in this book with rigorous analyses and insightful comments. In particular, a systematic overview on RFID security and privacy is provided at both the physical and network level. At the physical level, RFID security means that RFID devices should be identified with assurance in the presence of attacks, while RFID privacy requires that RFID devices should be identified without disclosure of any valuable information about the devices. At the network level, RFID security means that RFID information should be shared with authorized parties only, while RFID privacy further requires that RFID information should be shared without disclosure of valuable RFID information to any honest-but-curious server which coordinates information sharing. Not only does this book summarize the past, but it also provides new research results, especially at the network level. Several future directions are envisioned to be promising for advancing the research in this area.
11 citations
01 Jan 2012
TL;DR: (∆ + 1) [1577].
Abstract: (∆ + 1) [1577]. (ρ,G) [266]. (r|p) [781]. 1 [1022]. 1 [1342]. 2 [27, 1294, 1138, 432, 1028, 281, 758, 272, 1440, 546, 861, 867, 1352, 578, 561]. 3 [579, 1293, 1381, 176, 1355, 1623, 1294, 1012, 1358, 341, 1370, 1028, 157, 160, 978, 1440, 861, 1385, 279, 995, 1340, 1400, 1433, 1352, 173, 1295, 1343, 1560, 1409, 662]. 4 [1349]. [0, 1] [660]. + [204]. 2 [608, 1012]. 3 [1012, 622]. p [647]. A∗ [1264]. B [623]. β [217]. C [673]. C [656]. `0 [268]. [324, 1470]. G [649]. GM(1, 1) [536]. H∞ [392]. K [1026, 909, 1433, 1516, 930, 1033]. L1 [673]. μ [1709]. p [526, 240, 1089]. P0 [103]. q [683]. R [297, 1012]. ρ [1643, 1626]. τ [522].
8 citations
Journal Article•
TL;DR: Security analysis shows that the improved proto-col can improve the performance of HRAP+ protocol and compares the security of the proposed protocol with some hash-based protocols that proposed recently.
Abstract: In the last decade, Radio Frequency Identification (RFID) systems are employed in many authentications and identifi-cations applications. In RFID systems, in order to provide secure authentication between RFID users, different au-thentication protocols proposed. In 2011, Cho et al. pro-posed a hash-based mutual RFID authentication protocol (HRAP). They claimed that HRAP protocol provides secure communication between RFID users and also it can provide users privacy. In that year, Habibi et al. investigated the se-curity and privacy of HRAP protocol and showed that HRAP protocol has some weaknesses. Then, Habibi et al. proposed an improved version of HRAP protocol (HRAP+) that eliminates all weaknesses of HRAP protocol. In this study, we cryptanalyze the HRAP+ protocol and we show that there are some flaws in HRAP+ protocol still. It is shown that, an attacker can perform tag impersonation, server impersonation, and replay attacks with success prob-ability greater than 14. Then, in order to omit all mentioned weaknesses, we propose an improved version of HRAP+ protocol. Security analysis shows that the improved proto-col can improve the performance of HRAP+ protocol. In ad-dition, we compare the security of the proposed protocol with some hash-based protocols that proposed recently.
7 citations
References
More filters
TL;DR: Privacy and security risks and how they apply to the unique setting of low-cost RFID devices are described and several security mech- anisms are proposed and suggested areas for future research are suggested.
Abstract: Like many technologies, low-cost Radio Frequency Identification (RFID) systems will become pervasive in our daily lives when affixed to every- day consumer items as "smart labels". While yielding great productivity gains, RFID systems may create new threats to the security and privacy of individuals or organizations. This paper presents a brief description of RFID systems and their operation. We describe privacy and security risks and how they apply to the unique setting of low-cost RFID devices. We propose several security mech- anisms and suggest areas for future research.
1,516 citations
"On the security of mutual authentic..." refers background in this paper
...It must be noted that although most of the other low cost RFID authentication protocols [37,38,20,5,31,6,40,32,34] consider the channel between the reader and back-end database secure, in Wei et al....
[...]
01 Jul 1989
TL;DR: Apart from suggesting a generally sound design principle for hash functions, the results give a unified view of several apparently unrelated constructions of hash functions proposed earlier, and suggests changes to other proposed constructions to make a proof of security potentially easier.
Abstract: We show that if there exists a computationally collision free function f from m bits to t bits where m > t, then there exists a computationally collision free function h mapping messages of arbitrary polynomial lengths to t-bit strings.Let n be the length of the message, h can be constructed either such that it can be evaluated in time linear in n using 1 processor, or such that it takes time O(log(n)) using O(n) processors, counting evaluations of f as one step. Finally, for any constant k and large n, a speedup by a factor of k over the first construction is available using k processors.Apart from suggesting a generally sound design principle for hash functions, our results give a unified view of several apparently unrelated constructions of hash functions proposed earlier. It also suggests changes to other proposed constructions to make a proof of security potentially easier.We give three concrete examples of constructions, based on modular squaring, on Wolfram's pseudoranddom bit generator [Wo], and on the knapsack problem.
1,284 citations
PARC1
TL;DR: This work shows three one-way hash functions which are secure if DES is a good random block cipher.
Abstract: One way hash functions are a major tool in cryptography. DES is the best known and most widely used encryption function in the commercial world today. Generating a one-way hash function which is secure if DES is a "good" block cipher would therefore be useful. We show three such functions which are secure if DES is a good random block cipher.
1,001 citations
25 Oct 2004
TL;DR: Privacy issues related to Radio Frequency Identification in libraries are exposed, current deployments are described, and a simple scheme is given that provides security against a passive eavesdropper using XOR alone, without pseudo-random functions or other heavy crypto operations.
Abstract: We expose privacy issues related to Radio Frequency Identification (RFID) in libraries, describe current deployments, and suggest novel architectures for library RFID. Libraries are a fast growing application of RFID; the technology promises to relieve repetitive strain injury, speed patron self-checkout, and make possible comprehensive inventory. Unlike supply-chain RFID, library RFID requires item-level tagging, thereby raising immediate patron privacy issues. Current conventional wisdom suggests that privacy risks are negligible unless an adversary has access to library databases. We show this is not the case. In addition, we identify private authentication as a key technical issue: how can a reader and tag that share a secret efficiently authenticate each other without revealing their identities to an adversary? Previous solutions to this problem require reader work linear in the number of tags. We give a general scheme for building private authentication with work logarithmic in the number of tags, given a scheme with linear work as a sub protocol. This scheme may be of independent interest beyond RFID applications. We also give a simple scheme that provides security against a passive eavesdropper using XOR alone, without pseudo-random functions or other heavy crypto operations.
751 citations
"On the security of mutual authentic..." refers background in this paper
...The necessity of mutual authentication for RFID applications has been discussed in many earlier works such as [27, 7, 2, 18, 22]....
[...]