Attacks and improvements to an RIFD mutual authentication protocol and its extensions

In WiSec'08, Song and Mitchell proposed an RFID mutual authentication protocol. Song also extended this protocol for RFID tag ownership transfer. These two protocols are designed to have the most security properties in the literature. We discover that, however, the mutual authentication protocol is vulnerable to both tag impersonation attack and reader impersonation attack, which enable an adversary to impersonate any legitimate reader or tag. We also discover that the ownership transfer protocol is vulnerable to a de-synchronization attack, which prevents a legitimate reader from authenticating a legitimate tag, and vice versa. We analyze the vulnerabilities of these protocols and propose our revisions to eliminate the vulnerabilities with comparable storage and computational requirements.

[1]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[2]  Tsuyoshi Takagi,et al.  An Efficient and Secure RFID Security Method with Ownership Transfer , 2006, 2006 International Conference on Computational Intelligence and Security.

[3]  T. Sejnowski,et al.  RFID authentication protocol for low-cost tags , 2001 .

[4]  Yingjiu Li,et al.  Protecting RFID communications in supply chains , 2007, ASIACCS '07.

[5]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[6]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[7]  Ted Taekyoung Kwon,et al.  Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer , 2006, ICICS.

[8]  Sepideh Fouladgar An Efficient Delegation and Transfer of Ownership Protocol for RFID tags , 2007 .

[9]  Hossam Afifi,et al.  A Simple Privacy Protecting Scheme Enabling Delegation and Ownership Transfer for RFID Tags , 2007, J. Commun..

[10]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[11]  Gildas Avoine Cryptography in radio frequency identification and fair exchange protocols , 2005 .

[12]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[13]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[14]  David A. Wagner,et al.  A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags , 2005, IACR Cryptol. ePrint Arch..

[15]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[16]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[17]  Sasa Radomirovic,et al.  Attacks on RFID Protocols , 2008, IACR Cryptol. ePrint Arch..

[18]  Kouichi Sakurai,et al.  Reassignment Scheme of an RFID Tag's Key for Owner Transfer , 2005, EUC Workshops.

[19]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[20]  Kwangjo Kim,et al.  Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning , 2006 .

[21]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).