• PDF / 447,709 Bytes
• 13 Pages / 430 x 660 pts Page_size
• 116 Downloads / 213 Views

DOWNLOAD

REPORT

3

Dept. of Information Security, Hoseo Univ., 336-795, Korea [email protected] 2 School of Electrical Eng. and Computer Science, Kyungpook National Univ., 702-701, Korea [email protected] Information Security Institute, Queensland Univ. of Technology, GPO Box 2434, Brisbane, QLD, 4001, Australia {juamma, boyd}@isrc.qut.edu.au

Abstract. This paper proposes a low-cost and strong-security RFID protocol to reduce the computational load on both the back-end database and the tags in an RFID system. When desynchronization occurs as a result of a communication failure or malicious attack, the proposed protocol can recover synchronization between the database and the tag in the following session. Furthermore, the proposed protocol also satisfies most security requirements, including the strong privacy property defined by Juels and Weis, plus robustness against replay and spoofing attacks and forward security. Keywords: RFID system, authentication, indistinguishability, traceability, strong-privacy.

1

Introduction

Radio Frequency Identification (RFID) systems are expected to replace optical barcodes due to many important advantages, such as their low cost, small size, fast identification, and invisible implementation within objects. An RFID system consists of three parts: RFID tags, an RFID reader, and back-end database. Yet, since the RFID reader communicates with the tags using RF interfaces, this insecure channel leaves an RFID system vulnerable to various attacks, such as eavesdropping, spoofing, replay attacks, traceability, and message interrupt attacks. Although a lot of research has already focused on solving the security problems of RFID systems, some existing RFID protocols still suffer from various security weaknesses, including authentication, location privacy, and resynchronization between two entities. One solution to protect tags from these threats is secure authentication between the tag and the reader. However, due to tag’s computational power and 

This research was supported by the MIC of Korea, under the ITRC support program supervised by the IITA(IITA-2007-C1090-0701-0026).

M. Denko et al. (Eds.): EUC Workshops 2007, LNCS 4809, pp. 795–807, 2007. c IFIP International Federation for Information Processing 2007 

796

J. Ha et al.

storage space, a low-cost authentication protocol is needed that takes account of the back-end server’s capacity and tag’s implementation limitations. Initial attempts to resolve the RFID authentication problem between the tag and the reader involved physical technologies and included the ‘Kill command’ [11], ‘Active jamming’ [5], and ‘Blocker tag’ [5] approaches. Thereafter, Weis et al. [9, 10, 11] proposed a hash-lock protocol and randomized hash-lock protocol as cryptographic solutions. However, in the randomized hash-lock protocol, the identity of a tag, IDk , is transmitted from the reader to the tag through an insecure channel in the final step of authentication, making it vulnerable to a replay attack, spoofing attack, and location tracing. Meanwhile, Henrici and M¨ uller

Recommend Documents

A Lightweight Mutual Authentication Protocol for RFID

163 77 2MB

Cryptanalysis and improvement of a group RFID authentication protocol

178 23 445KB

An Efficient Mutual Authentication Protocol on RFID Tags

188 96 37MB

Tree-LSHB+: An LPN-Based Lightweight Mutual Authentication RFID Protocol

164 56 753KB

Distance Bounding Protocol for RFID Systems

169 102 42MB

A New Lightweight RFID Grouping Proof Protocol

162 97 29MB

Transparent User Authentication Biometrics, RFID and Behavioural Pro

142 74 6MB

Mutual Authentication Based on HECC for RFID Implant Systems

175 2 1MB

An IHD Authentication Protocol in Smart Grid

179 54 345KB

Enhanced Mutual Authentication and Key Exchange Protocol for Wireless Communications

199 117 265KB

Encryption and Authentication of Data Using the IPSEC Protocol

220 13 50MB

Weakness in a Serverless Authentication Protocol for Radio Frequency Identification

157 30 108KB