Practical attacks and improvements to an efficient radio frequency identification authentication protocol

In 2008, a scalable radio frequency identification (RFID) authentication protocol was proposed by Yanfei Liu to provide security and privacy for RFID tags. This protocol only needs O(1) time complexity to find out the identifier of the RFID tag irrespective of the total number of the tags in the system. Based on our analysis, however, a security flaw, which has gone unnoticed in the design of the protocol, makes the scheme vulnerable to tracking attack, tag impersonation attack, and desynchronization attack, if the attacker has the possibility to tamper with only one RFID tag. Because low‐cost devices are not tamper‐resistant, such an attack could be feasible, and we can apply the resulting attacks on authentication, untraceability, and desynchronization resistance of the protocol. To counteract such flaws, we revise the scheme with a stateful variant and also show that the proposed model requires less tag and server‐side computation. Copyright © 2011 John Wiley & Sons, Ltd.

[1]  Gildas Avoine Adversarial Model for Radio Frequency Identification , 2005, IACR Cryptol. ePrint Arch..

[2]  Gene Tsudik A Family of Dunces: Trivial RFID Identification and Authentication Protocols , 2007, Privacy Enhancing Technologies.

[3]  Sasa Radomirovic,et al.  Security of RFID Protocols - A Case Study , 2009, Electron. Notes Theor. Comput. Sci..

[4]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[5]  JaeCheol Ha,et al.  LRMAP: Lightweight and Resynchronous Mutual Authentication Protocol for RFID System , 2006, ICUCT.

[6]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[7]  T. Sejnowski,et al.  RFID authentication protocol for low-cost tags , 2001 .

[8]  Dongho Won,et al.  Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment , 2005, SPC.

[9]  Emin Anarim,et al.  Scalability and Security Conflict for RFID Authentication Protocols , 2011, Wirel. Pers. Commun..

[10]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[11]  Mike Burmester,et al.  RFID Security : Attacks , Countermeasures and Challenges , 2007 .

[12]  Sasa Radomirovic,et al.  Attacks on RFID Protocols , 2008, IACR Cryptol. ePrint Arch..

[13]  A. Karygicmnis,et al.  RFID Security: A Taxonomy of Risk , 2006, 2006 First International Conference on Communications and Networking in China.

[14]  Kwangjo Kim,et al.  Enhancing Security of EPCGlobal Gen-2 RFID against Traceability and Cloning , 2006 .

[15]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[16]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[17]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[18]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[19]  Robert H. Deng,et al.  Attacks and improvements to an RIFD mutual authentication protocol and its extensions , 2009, WiSec '09.

[20]  Aikaterini Mitrokotsa,et al.  Classifying RFID attacks and defenses , 2010, Inf. Syst. Frontiers.

[21]  Chris J. Mitchell,et al.  Scalable RFID Pseudonym Protocol , 2009, 2009 Third International Conference on Network and System Security.

[22]  JaeCheol Ha,et al.  Low-Cost and Strong-Security RFID Authentication Protocol , 2007, EUC Workshops.

[23]  Jung Hee Cheon,et al.  Reducing RFID reader load with the meet-in-the-middle strategy , 2012, Journal of Communications and Networks.

[24]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[25]  Yanfei Liu An Efficient RFID Authentication Protocol for Low-Cost Tags , 2008, 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[26]  Basel Alomair,et al.  Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification , 2010, IEEE Transactions on Parallel and Distributed Systems.

[27]  Sasa Radomirovic,et al.  Algebraic Attacks on RFID Protocols , 2009, WISTP.

[28]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[29]  Mike Burmester,et al.  Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries , 2008, Int. J. Appl. Cryptogr..