Weakness in a Serverless Authentication Protocol for Radio Frequency Identification
The design of secure authentication protocols for radio frequency identification (RFID) system is still a quite challenging problem. Many authentication protocols for RFID have been proposed, but most have weaknesses or flaws. We analyze the security of a
- PDF / 110,611 Bytes
- 7 Pages / 439.37 x 666.142 pts Page_size
- 30 Downloads / 195 Views
Abstract The design of secure authentication protocols for radio frequency identification (RFID) system is still a quite challenging problem. Many authentication protocols for RFID have been proposed, but most have weaknesses or flaws. We analyze the security of a serverless RFID authentication protocol which recently been presented by Hoque et al. The protocol was expected to safeguard both RFID tag and RFID reader against major attacks, and RFID server is not needed in the protocol. However, our security analysis shows that the authentication protocol is vulnerable to attack of data desynchronization. This attack destroys the availability of the protocol. Furthermore, improvement to overcome the security vulnerability of the protocol was presented. Keywords RFID • Authentication protocols • Security • Attack
1 Introduction Radio frequency identification (RFID) has been widely applied, and has the advantages of automatic object recognition. RFID can be used in a great variety of applications such as stock security, supply chain management, retail inventory control, access control or product tracking. In an RFID system, the cost of the tags is low, which implies that the tags have very limited computational capabilities and storage. General -purpose security protocols cannot be applied directly to the RFID system [1]. M. Deng • W. Yang College of Information Science and Engineering, Henan University of Technology, Zhengzhou, China e-mail: dmlei2003 @163.com W. Zhu (*) School of Information Engineering, Zhengzhou University, Zhengzhou, China e-mail: [email protected] W. Wang (ed.), Mechatronics and Automatic Control Systems, Lecture Notes in Electrical Engineering 237, DOI 10.1007/978-3-319-01273-5_119, © Springer International Publishing Switzerland 2014
1055
1056
M. Deng et al.
With the wide application of RFID systems, the security of the transmissions between the readers and the tags has received additional consideration [2]. So far, many RFID authentication protocols [3–5]have been put forward to protect RFID communications. These protocols have used the “backend database” (also known as server) model. Three parties are contained in this model, that is, the RFID tag, the RFID reader, and the backend database (or server). The backend database will return the information of the RFID tag to the RFID reader when the backend database verifies the tag and reader. This is possible because the backend database has knowledge of all the tag secrets as well as tag data. However, a prominent weakness of the backend database model is that an always reliable connection between the backend database and the RFID reader is needed. In addition, having a backend database creates a single point of failure, which may result in denial of service attacks [6]. To solve the problems, some authentication protocols have been presented which provide mutual authentication between the tag and the reader without the need for a constant backend database [7–9]. Recently, Hoque et al. suggest a serverless, untraceable authentication and
Data Loading...
