Security Analysis and Improvement on Two RFID Authentication Protocols
TL;DR: A passive disclosure attack on RAPLT protocol is presented, and it is demonstrated that SRP ^{++}$$SRP++ protocol can resist the exhaustive search attack with the complexity O(2^{32})$$O(232), which is the optimal security bound.
Abstract: Several lightweight RFID authentication protocols have been proposed to settle the security and privacy problems. Nevertheless, most of these protocols are analyzed and they are not successful in their attempt to achieve the claimed security objectives. In this paper, we consider the security of two recently proposed typical RFID authentication protocols: RAPLT protocol and SRP+ protocol. RAPLT protocol is a new ultra-lightweight RFID protocol based on two new operations named $$merge$$merge and $$separation$$separation. Utilizing the linear property of the $$merge$$merge operation, we present a passive disclosure attack on RAPLT protocol, and we can deduce the shared secrets with overwhelming probability after eavesdropping about 100 round authentication sessions. SRP+ protocol is a novel secure RFID authentication protocol conforming to the EPC C-1 G-2 standard, and we present efficient de-synchronization attack and passive disclosure attack through exhaustive search. Our disclosure attack only needs one run of the protocol, and the attack complexity is $$O(2^{16})$$O(216) evaluation of the PRNG function in off-line analysis mode. In addition, to counteract the vulnerabilities, we propose a new modified version of SRP+ protocol, denoted by $$ SRP ^{++}$$SRP++, conforming to the EPC C-1 G-2 standard. Our security analysis demonstrates that $$ SRP ^{++}$$SRP++ protocol can resist the exhaustive search attack with the complexity $$O(2^{32})$$O(232), which is the optimal security bound.
Citations
More filters
TL;DR: In this article, a systematic literature review of papers that were published in academic journals on the applications of radio frequency identification (RFID) in supply chain management between the years 2000 and 2015 is presented.
Abstract: This paper presents a systematic literature review of papers that were published in academic journals on the applications of radio frequency identification (RFID) in supply chain management between the years 2000 and 2015. As the literature on RFID is not confined to specific disciplines or repositories, this paper proposes a discipline-based framework for classifying RFID literature. Five main classification categories are used in this paper: technology, supply chain management, research methodology, application industries, and social aspects. The paper then focuses on the category of supply chain management and reviews 1187 articles that were published between 2000 and 2015 in rated journals. All the papers reviewed are further classified into eight subclasses under this category of supply chain management. The review yields useful insights into the anatomy of RFID literature in supply chain management, enhances evidence-based knowledge, and contributes to informing practice, policymaking and future research. The review reveals that even presently, despite technical and cost challenges, enormous potential exists for the application of RFID in several areas of supply chain management and the prospects are likely to grow into the future. Since RFID solutions have emerged primarily over only the past 20 years, significant research opportunities exist and would need to be addressed to continue to support the technology’s maturation, evaluation, adoption, implementation, and diffusion.
74 citations
TL;DR: This work proposes a novel and lightweight RFID authentication scheme with cloud for e-healthcare applications that not only resists the common attacks, but also keeps mutual authentication, information integrity, forward untraceability and backwardUntraceability.
Abstract: As an important part of Internet of Things, Radio Frequency Identification (RFID) system employs low-cost RFID tag to communicate with everything containing animate and inanimate objects. This technology is widely used in the e-healthcare applications. However, the malicious communication environment makes people more and more worried. In order to overcome the hazards in the network, RFID authentication schemes for e-healthcare have been proposed by researchers. But since the computation ability of the tag is relatively weak, it is necessary to put forward a lightweight and secure scheme for medical systems. Moreover, cloud is widely accepted by people and used in many kinds of systems. So we propose a novel and lightweight RFID authentication scheme with cloud for e-healthcare applications. We use an enhanced formal security model to prove the security of our scheme. In this model the channel between the server and the reader is considered to be insecure and informal analysis is used to prove the security of the proposed scheme. Through the formal and informal analysis, our scheme not only resists the common attacks, but also keeps mutual authentication, information integrity, forward untraceability and backward untraceability. Moreover, both the tag and the reader can reach the anonymity. Our scheme is only hash-based and suitable to realize various security requirements. Compared to recent schemes of the same sort, it is more applicable in e-healthcare.
59 citations
TL;DR: Recently proposed RFID mutual authentication protocols are compared mainly in terms of security, the technique that they are based on, protocols that the presented protocol has been compared with, and finally, the method of verifying the protocol.
Abstract: Radio-frequency identification (RFID) is an up-and-coming technology. The major limitations of RFID technology are security and privacy concerns. Many methods, including encryption, authentication and hardware techniques, have been presented to overcome security and privacy problems. This paper focuses on authentication protocols. The combination of RFID technology being popular but unsecure has led to an influx of mutual authentication protocols. Authentication protocols are classified as being fully fledged, simple, lightweight or ultra-lightweight. Since 2002, much important research and many protocols have been presented, with some of the protocols requiring further development. The present paper reviews in detail recently proposed RFID mutual authentication protocols, according to the classes of the authentication protocols. The protocols were compared mainly in terms of security, the technique that they are based on, protocols that the presented protocol has been compared with, and finally, the method of verifying the protocol. Important points of the comparisons were collected in two tables.
27 citations
TL;DR: A novel scalable grouping proof protocol by which a reader authenticates two or more tags simultaneously in an authentication process and uses a 64-PRNG function, which meets the needs of low-power and low-cost systems.
Abstract: The Internet of Things (IoT) is a new technology, which enables objects to exchange data via the internet network. One part of the infrastructure of IoT is Radio Frequency Identification (RFID). One way to fortify the system and prevent it against an unauthorized access is an authentication process. A grouping proof protocol is a protocol by which a reader authenticates two or more tags simultaneously in an authentication process. In this paper, we present a novel scalable grouping proof protocol. Since scalability is a challenge in grouping proof protocol, to solve the scalability problem in the proposed protocol, the reader broadcasts the messages and the tags respond to it independently. In terms of the performance, we use a 64-bit lightweight Pseudo-Random Number Generator (64-PRNG) function, which meets the needs of low-power and low-cost systems. In addition, the security analysis results prove that the proposed protocol is resistant against RFID threats and provides an acceptable security level and low computation cost.
24 citations
20 Aug 2013
TL;DR: A fault attack on the FE whereby the inversion of the final exponentiation becomes feasible using 3 independent faults is presented.
Abstract: The calculation of the Tate pairing on ordinary curves involves two major steps: the Miller Loop (ML) followed by the Final Exponentiation (FE). The first step for achieving a full pairing inversion would be to invert this FE, which in itself is a mathematically difficult problem. To our best knowledge, most fault attack schemes proposed against pairing algorithms have mainly focussed on the ML. They solved, if at all, the inversion of the FE in some special 'easy' cases or even showed that the complexity of the FE is an intrinsic countermeasure against a successful full fault attack on the Tate pairing. In this paper, we present a fault attack on the FE whereby the inversion of the final exponentiation becomes feasible using 3 independent faults.
22 citations
References
More filters
TL;DR: A new ultralightweight RFID authentication protocol is proposed that provides strong authentication and strong integrity protection of its transmission and of updated data and can resist all the possible attacks.
Abstract: As low-cost RFIDs become more and more popular, it is imperative to design ultralightweight RFID authentication protocols to resist all possible attacks and threats. However, all of the previous ultralightweight authentication schemes are vulnerable to various attacks. In this paper, we propose a new ultralightweight RFID authentication protocol that provides strong authentication and strong integrity protection of its transmission and of updated data. The protocol requires only simple bit-wise operations on the tag and can resist all the possible attacks. These features make it very attractive to low-cost RFIDs and very low-cost RFIDs.
505 citations
03 Sep 2006
TL;DR: In this paper, the authors proposed a lightweight mutual authentication protocol for low-cost RFID tags that offers an adequate security level for certain applications, which could be implemented even in the most limited lowcost tags as it only needs around 300 gates.
Abstract: Low-cost Radio Frequency Identification (RFID) tags affixed to consumer items as smart labels are emerging as one of the most pervasive computing technologies in history. This presents a number of advantages, but also opens a huge number of security problems that need to be addressed before its successful deployment. Many proposals have recently appeared, but all of them are based on RFID tags using classical cryptographic primitives such as Pseudorandom Number Generators (PRNGs), hash functions, or block ciphers. We believe this assumption to be fairly unrealistic, as classical cryptographic constructions lie well beyond the computational reach of very low-cost RFID tags. A new approach is necessary to tackle the problem, so we propose a minimalist lightweight mutual authentication protocol for low-cost RFID tags that offers an adequate security level for certain applications, which could be implemented even in the most limited low-cost tags as it only needs around 300 gates.
344 citations
29 Oct 2006
TL;DR: This work proposes an extremely efficient lightweight mutual-authentication protocol that offers an adequate security level for certain applications and can be implemented even in the most limited low-cost RFID tags, as it only needs around 150 gates.
Abstract: RFID tags are devices of very limited computational capabilities, which only have 250-3K logic gates that can be devoted to security-related tasks Many proposals have recently appeared, but all of them are based on RFID tags using classical cryptographic primitives such as PRNGs, hash functions, block ciphers, etc We believe this assumption to be fairly unrealistic, as classical cryptographic constructions lie well beyond the computational reach of very low-cost RFID tags A new approach is necessary to tackle this problem, so we propose an extremely efficient lightweight mutual-authentication protocol that offers an adequate security level for certain applications and can be implemented even in the most limited low-cost RFID tags, as it only needs around 150 gates.
307 citations
18 Feb 2009
TL;DR: Gossamer is presented, a new protocol inspired by the recently published SASI scheme that is designed to avoid the problems of the past and is examined in some deep its security and performance.
Abstract: The design of ultralightweight authentication protocols that conform to low-cost tag requirements is imperative. This paper analyses the most important proposals (except for those based in hard problems such as the HB [1-3] family) in the area [4-6] and identifies the common weaknesses that have left all of them open to various attacks [7-11]. Finally, we present Gossamer, a new protocol inspired by the recently published SASI scheme [13], that was lately also the subject of a disclosure attack by Hernandez-Castro et al.[14]. Specifically, this new protocol is designed to avoid the problems of the past, and we examine in some deep its security and performance.
209 citations
14 May 2007
TL;DR: This paper analyzes the security vulnerabilities of two ultra-lightweight RFID mutual authentication protocols: LMAP and M2 AP and identifies two effective attacks, namely Desynchronization attack and Fulldisclosure attack, against their protocols.
Abstract: In this paper, we analyze the security vulnerabilities of two ultra-lightweight RFID mutual authentication protocols: LMAP and M2 AP, which are recently proposed by Peris-Lopez et al. We identify two effective attacks, namely Desynchronization attack and Fulldisclosure attack, against their protocols. The former attack can break the synchronization between the RFID reader and the tag in a single protocol run so that they can not authenticate each other in any following protocol runs. The latter attack can disclose all the secret information stored on a tag by interrogating the tag multiple times. Thus it compromises the tag completely. Moreover, we point out the potential countermeasures to improve the security of above protocols.
205 citations
"Security Analysis and Improvement o..." refers background in this paper
...Unfortunately, these protocols are vulnerable to de-synchronization attack and full disclosure attack [3]....
[...]