Attacks on an Efficient RFID Authentication Protocol

Concurrency and Computation: Practice and Experience, 2012

In 2008, a scalable radio frequency identification (RFID) authentication protocol was proposed by Yanfei Liu to provide security and privacy for RFID tags. This protocol only needs O.1/ time complexity to find out the identifier of the RFID tag irrespective of the total number of the tags in the system. Based on our analysis, however, a security flaw, which has gone unnoticed in the design of the protocol, makes the scheme vulnerable to tracking attack, tag impersonation attack, and desynchronization attack, if the attacker has the possibility to tamper with only one RFID tag. Because low-cost devices are not tamper-resistant, such an attack could be feasible, and we can apply the resulting attacks on authentication, untraceability, and desynchronization resistance of the protocol. To counteract such flaws, we revise the scheme with a stateful variant and also show that the proposed model requires less tag and server-side computation. PRACTICAL ATTACKS AND IMPROVEMENTS TO AN RFID PROTOCOL 2071 3. RELATED WORK ‡ A protocol is backward traceable if an adversary has all the internal state of a target tag at time t and he is able to trace the past interactions of the tag that occurred at time t 0 < t. In the learning phase of the attack, two tags T 0 and T 1 are selected, and the tag T 0 is queried by the adversary A, and he captures x 0 of T 0 .

Wireless Personal Communications, 2010

Many RFID authentication protocols have been proposed to preserve security and privacy. Nevertheless, most of these protocols are analyzed and it is shown that they can not provide security against some RFID attacks. Moreover, some of the secure ones are criticized, because they suffer from scalability at the reader/server side as in tag identification or authentication phase they require a linear search depending on number of tags in the system. Recently, new authentication protocols have been presented to solve scalability issue, i.e. they require constant time for tag identification with providing security. In this paper, we analyze two of these new RFID authentication protocols SSM (very recently proposed by Song and Mitchell) and LRMAP (proposed by Ha et al.) and to the best of our knowledge, they have received no attacks yet. These schemes take O(1) work to authenticate a tag and are designed to meet the privacy and security requirements. The common point of these protocols is that normal and abnormal states are defined for tags. In the normal state, server authenticates the tag in constant time, while in the abnormal state, occurs rarely, authentication is realized with linear search. We show that, however, these authentication protocols do not provide untraceability which is one of their design objectives. We also discover that the SSM protocol is vulnerable to a desynchronization attack, that prevents a legitimate reader/server from authenticating a legitimate tag. Furthermore, in the light of these attacks, we conclude that allowing tags to be in different states may give clue to an adversary in tracing the tags, although such a design is preferred to achieve scalability and efficiency at the server side.

Proceedings of the first ACM conference on …, 2008

In this paper, we investigate the possible privacy and security threats to RFID systems, and consider whether previously proposed RFID protocols address these threats. We then propose a new authentication protocol which provides the identified privacy and security features and is also efficient. The new protocol resists tag information leakage, tag location tracking, replay attacks, denial of service attacks, backward traceability, forward traceability (under an assumption), and server impersonation (also under an assumption). We also show that it requires less tag-side storage and computation than other similarly structured RFID protocols.

International Journal of Automation and Computing, 2012

The use of radio frequency identification (RFID) tags may cause privacy violation of users carrying an RFID tag. Due to the unique identification number of the RFID tag, the possible privacy threats are information leakage of a tag, traceability of the consumer, denial of service attack, replay attack and impersonation of a tag, etc. There are a number of challenges in providing privacy and security in the RFID tag due to the limited computation, storage and communication ability of low-cost RFID tags. Many research works have already been conducted using hash functions and pseudorandom numbers. As the same random number can recur many times, the adversary can use the response derived from the same random number for replay attack and it can cause a break in location privacy. This paper proposes an RFID authentication protocol using a static identifier, a monotonically increasing timestamp, a tag side random number and a hash function to protect the RFID system from adversary attacks. The proposed protocol also indicates that it requires less storage and computation than previous existing RFID authentication protocols but offers a larger range of security protection. A simulation is also conducted to verify some of the privacy and security properties of the proposed protocol.

2009 International Conference on Complex, Intelligent and Software Intensive Systems, 2009

Gene Tsudik proposed a Trivial RFID Authentication Protocol (YA-TRAP*), where a valid tag can become incapacitated after exceeding the prestored threshold value and is thus vulnerable to DoS attack. Our scheme solves the problem by allowing a tag to refresh its prestored threshold value. Moreover, our scheme is forward secure and provides reader authentication, resistance against timing, replay, tracking attacks. We show the use of aggregate hash functions in our complete scheme to reduce the reader to server communication cost. The reader uses partial authentication to keep the rougue tags out of the aggregate function.

IEEE Access

In this paper, we analyse the security of two mutual authentication protocols that have been recently proposed by Gao et al. (IEEE Access, 7:8376-8384, 2019), a hash-based protocol and a Rabin public key based protocol. Our security analysis clearly shows important security pitfalls in these schemes. More precisely, in each protocol, we introduce efficient approaches to desynchronize the tag and the reader/server. The proposed attacks are almost deterministic and the complexity of each attack is a session for the hash-based and three sessions for Rabin public key based protocol. In addition, in the case of the hash-based protocol, we extend the proposed desynchronization attack to a traceability attack in which the adversary can trace any given tag based on the proposed attack with probability of almost one. In the case of Rabin public key based protocol, we extend the proposed desynchronization attack to a tag impersonation attack with the success probability of one. Besides, we propose an enhanced version of the Rabin public key based protocol to provide a secure authentication between the tag and the reader. We evaluate the security of the proposed protocol formally using the Scyther tool and also in Real-or-Random model.

2005

In the near future, radio frequency identification (RFID) technology is expected to play an important role for object identification as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Different from the previous works , our protocol firstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Security in passive resource-constrained Radio Frequency Identification (RFID) tags is of much interest nowadays. Supply-chain, inventory management are the areas where low-cost and secure batchmode authentication of RFID tags is required. Resistance against illegal tracking, cloning, timing, and replay attacks are necessary for a secure RFID authentication scheme. Reader authentication is also necessary to thwart any illegal attempt to read the tags. With an objective to design a tracking, cloning, and replay attack resistant low-cost RFID authentication protocol, Gene Tsudik proposed a timestamp-based protocol using symmetric keys, named YA-TRAP * . However, resistance against timing attack is very important for timestamp-based schemes, and the timestamps should be renewed in regular intervals to keep the tags operative. Although YA-TRAP * achieves its target security properties, it is susceptible to timing attacks, where the timestamp to be sent by the reader to the tag can be freely selected by an adversary. Moreover, in YA-TRAP * , reader authentication is not provided, and a tag can become inoperative after exceeding its pre-stored threshold timestamp value. In this paper, we propose two mutual RFID authentication protocols that aim to improve YA-TRAP * by preventing timing attack, and by providing reader authentication. Also, a tag is allowed to refresh its pre-stored threshold value in our protocols, so that it does not become inoperative after exceeding the threshold. Our protocols also achieve other security properties like forward security, resistance against cloning, replay, and tracking attacks. Moreover, the computation and communication costs are kept as low as possible for the tags. It is important to keep the communication cost as low as possible when many tags are authenticated in batch-mode. By introducing aggregate function for the reader-to-server communication, the communication cost is reduced. We also discuss different possible applications of our protocols. Our protocols thus capture more security properties and more efficiency than YA-TRAP * . Finally, we show that our protocols can be implemented using the current standard low-cost RFID infrastructures.

Journal of Signal Processing Systems, 2008

As low-cost RFIDs with limited resources will dominate most of the RFID market, it is imperative to design lightweight RFID authentication protocols for these low-cost RFIDs. However, most of existing RFID authentication protocols either suffer from some security weaknesses or require costly operations that are not available on low-cost tags. In this paper, we analyze the security vulnerabilities of a lightweight authentication protocol recently proposed by Li et al. (2006), and then propose a new lightweight protocol to improve the security and to reduce the computational cost for identifying a tag from O(n) to O(1).

Lecture Notes in Computer Science, 2010

The design of secure authentication solutions for low-cost RFID tags is still an open and quite challenging problem, though many algorithms have been published lately. In this paper, we analyze two recent proposals in this research area. First, Mitra's scheme is scrutinized, revealing its vulnerability to cloning and traceability attacks, which are among the security objectives pursued in the protocol definition [1]. Later, we show how the protocol is vulnerable against a full disclosure attack after eavesdropping a small number of sessions. Then, we analyze a new EPC-friendly scheme conforming to EPC Class-1 Generation-2 specification (ISO/IEC 180006-C), introduced by Qingling and Yiju [2]. This proposal attempts to correct many of the well known security shortcomings of the standard, and even includes a BAN logic based formal security proof. However, notwithstanding this formal security analysis, we show that Qingling et al.'s protocol offers roughly the same security as the standard they try to improve, is vulnerable to tag and reader impersonation attacks, and allows tag traceability.