ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Attacks and improvements to an RIFD mutual authentication protocol and its extensions
Full text PdfPdf (634 KB)
Source
Conference On Wireless Network Security archive
Proceedings of the second ACM conference on Wireless network security table of contents
Zurich, Switzerland
SESSION: RFID security table of contents
Pages 51-58  
Year of Publication: 2009
ISBN:978-1-60558-460-7
Authors
Shaoying Cai  Singapore Management University, Singapore, Singapore
Yingjiu Li  Singapore Management University, Singapore, Singapore
Tieyan Li  Institute for Infocomm Research, Singapore, Singapore
Robert H. Deng  Singapore Management University, Singapore, Singapore
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 41,   Downloads (12 Months): 247,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1514274.1514282
What is a DOI?

ABSTRACT

In WiSec'08, Song and Mitchell proposed an RFID mutual authentication protocol. Song also extended this protocol for RFID tag ownership transfer. These two protocols are designed to have the most security properties in the literature. We discover that, however, the mutual authentication protocol is vulnerable to both tag impersonation attack and reader impersonation attack, which enable an adversary to impersonate any legitimate reader or tag. We also discover that the ownership transfer protocol is vulnerable to a de-synchronization attack, which prevents a legitimate reader from authenticating a legitimate tag, and vice versa. We analyze the vulnerabilities of these protocols and propose our revisions to eliminate the vulnerabilities with comparable storage and computational requirements.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Dakshi Agrawal , Bruce Archambeault , Josyula R. Rao , Pankaj Rohatgi, The EM Side-Channel(s), Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems, p.29-45, August 13-15, 2002
 
2
G. Avoine. Cryptography in radio frequency identification and fair exchange protocols. PhD thesis, EPFL, Lausanne, Switzerland, 2005.
 
3
G. Avoine, E. Dysli, and P. Oechslin. Reducing time complexity in RFID systems. In Selected Areas in Cryptography, pages 291--306, 2005.
 
4
Hung-Yu Chien , Che-Hao Chen, Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards, Computer Standards & Interfaces, v.29 n.2, p.254-259, February, 2007  [doi>10.1016/j.csi.2006.04.004]
 
5
Tassos Dimitriou, A Lightweight RFID Protocol to protect against Traceability and Cloning attacks, Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, p.59-66, September 05-09, 2005  [doi>10.1109/SECURECOMM.2005.4]
 
6
Danny Dolev , Andrew C. Yao, On the security of public key protocols, Stanford University, Stanford, CA, 1981
 
7
D. N. Duc, J. Park, H. Lee, and K. Kim. Enhancing security of epcglobal gen-2 RFID tag against traceability and cloning. In SCIS, 2006.
 
8
S. Fouladgar and H. Afifi. An efficient delegation and transfer of ownership protocol for RFID tags. In First International EURASIP Workshop on RFID Technology, 2007.
 
9
S. Fouladgar and H. Afifi. A simple privacy protecting scheme enabling delegation and ownership transfer for RFID tags. JCM, 2(6):6{13, 2007.
 
10
Dirk Henrici , Paul Müller, Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers, Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, p.149, March 14-17, 2004
 
11
A. Juels and S. Weis. Defining Strong Privacy for RFID. Cryptology ePrint Archive, Report 2006/137, 2006.
12
Yingjiu Li , Xuhua Ding, Protecting RFID communications in supply chains, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore  [doi>10.1145/1229285.1229318]
 
13
C. H. Lim and T. Kwon. Strong and robust RFID authentication enabling perfect ownership transfer. In ICICS, pages 1--20, 2006.
 
14
D. Molnar, A. Soppera, and D. Wagner. A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In Selected Areas in Cryptography, pages 276--290, 2005.
15
David Molnar , David Wagner, Privacy and security in library RFID: issues, practices, and architectures, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA  [doi>10.1145/1030083.1030112]
 
16
M. Ohkubo, K. Suzuki, and S. Kinoshita. Cryptographic approach to "privacy-friendly" tags. InRFID Privacy Workshop, MIT, 2003.
 
17
K. Osaka, T. Takagi, K. Yamazaki, and O. Takahashi. An efficient and secure RFID security method with ownership transfer. In CIS, pages 778--787, 2006.
 
18
J. Saito, K. Imamoto, and K. Sakurai. Reassignment scheme of an RFID tag's key for owner transfer. In EUC Workshops, pages 1303--1312, 2005.
 
19
B. Song. RFID Tag Ownership Transfer. In 4th Workshop on RFID Security (RFIDsec 08), Budaperst, Hungary, July 2008.
20
Boyeon Song , Chris J. Mitchell, RFID authentication protocol for low-cost tags, Proceedings of the first ACM conference on Wireless network security, March 31-April 02, 2008, Alexandria, VA, USA  [doi>10.1145/1352533.1352556]
 
21
T. van Deursen and S. Radomirovic. Attacks on RFID protocols. Cryptology ePrint Archive, Report 2008/310, 2008.
 
22
S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels. Security and privacy aspects of low-cost radio frequency identification systems. In SPC, pages 201--212, 2003.

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Authentication


General Terms:
Design, Security


Keywords:
authentication, privacy, rfid, security

Collaborative Colleagues:
Shaoying Cai: colleagues
Yingjiu Li: colleagues
Tieyan Li: colleagues
Robert H. Deng: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player