Weaknesses in Two RFID Authentication Protocols

One of the most important challenges related to Radio Frequency Identification (RFID) systems is security. In this paper, we analyze the security and performance of two recent RFID authentication protocols based on two different code-based cryptography schemes. The first one, proposed by Malek and Miri, is based on randomized McEliece cryptosystem. The second one, proposed by Li et al., is based on Quasi Cyclic-Moderate Density Parity Check (QC-MDPC) McEliece cryptosystem. We provide enough evidence to prove that these two RFID authentication protocols are not secure. Furthermore, we propose an improved protocol that eliminates existing weaknesses in studied protocols.

[1]  Patel,et al.  Information Security: Theory and Practice , 2008 .

[2]  Kazukuni Kobara,et al.  Privacy Enhanced RFID Using Quasi-Dyadic Fix Domain Shrinking , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[3]  Sjouke Mauw,et al.  Untraceability of RFID Protocols , 2008, WISTP.

[4]  Raphael Overbeck,et al.  Code-based cryptography , 2009 .

[5]  Paulo S. L. M. Barreto,et al.  Compact McEliece Keys from Goppa Codes , 2009, IACR Cryptol. ePrint Arch..

[6]  Bart Preneel Progress in Cryptology - AFRICACRYPT 2009, Second International Conference on Cryptology in Africa, Gammarth, Tunisia, June 21-25, 2009. Proceedings , 2009, AFRICACRYPT.

[7]  Ruoqing Zhang,et al.  A Provable Secure Mutual RFID Authentication Protocol Based on Error-Correct Code , 2014, 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[8]  Kazukuni Kobara,et al.  Privacy Enhanced and Light Weight RFID System without Tag Synchronization and Exhaustive Search , 2006, 2006 IEEE International Conference on Systems, Man and Cybernetics.

[9]  Kazukuni Kobara,et al.  Semantic security for the McEliece cryptosystem without random oracles , 2008, Des. Codes Cryptogr..

[10]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[11]  Tanja Lange,et al.  Post-quantum cryptography , 2008, Nature.

[12]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[13]  Hung-Yu Chien,et al.  ECC-based lightweight authentication protocol with untraceability for low-cost RFID , 2009, J. Parallel Distributed Comput..

[14]  Thierry P. Berger,et al.  Reducing Key Length of the McEliece Cryptosystem , 2009, AFRICACRYPT.

[15]  Behzad Malek,et al.  Lightweight mutual RFID authentication , 2012, 2012 IEEE International Conference on Communications (ICC).

[16]  Kazukuni Kobara,et al.  Lightweight Asymmetric Privacy-Preserving Authentication Protocols Secure against Active Attack , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[17]  Kazukuni Kobara,et al.  Lightweight Privacy-Preserving Authentication Protocols Secure against Active Attack in an Asymmetric Way , 2008, IEICE Trans. Inf. Syst..