Analysis against secret redundancy mechanism for RFID authentication protocol

To deliver robust privacy-aware RFID authentication scheme against malicious tracing activities, automatically secret updating mechanism is exploited at both tag end and server/database end during each authentication session to support forward/backward security. Nevertheless, an adversary may easily interrupt transmission of necessary key update message in each authentication session such that key resynchronization between tag and server/database cannot be completed. For this reason, current RFID authentication protocols have applied secret/key redundancy design to allow a tag with desynchronized secret to successfully communicate with server/database in its next authentication session. In this paper, we identify that several RFID authentication protocols cannot defend against desynchronization attack. All of these schemes are insecure because the secret/key redundancy mechanisms are not well-designed.

[1]  JaeCheol Ha,et al.  A New Formal Proof Model for RFID Location Privacy , 2008, ESORICS.

[2]  Frederik Vercauteren,et al.  A New RFID Privacy Model , 2011, ESORICS.

[3]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[4]  Juan E. Tapiador,et al.  Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol , 2009, WISA.

[5]  Sasa Radomirovic,et al.  On a new formal proof model for RFID location privacy , 2009, Inf. Process. Lett..

[6]  Chia-Sheng Wu,et al.  An enhanced ultralightweight RFID authentication protocol , 2009, 2009 Joint Conferences on Pervasive Computing (JCPC).

[7]  Yunlei Zhao,et al.  A New Framework for RFID Privacy , 2010, ESORICS.

[8]  Robert H. Deng,et al.  RFID privacy: relation between two notions, minimal condition, and efficient construction , 2009, CCS.

[9]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[10]  Hamed Yousefi,et al.  Security Analysis of Ultra-lightweight Protocol for Low-Cost RFID Tags: SSL-MAP , 2011 .

[11]  Cheng-Yuan Ku,et al.  USING SMART CARD IN RFID INFRASTRUCTURE TO PROTECT CONSUMER PRIVACY , 2010 .

[12]  Srinivas Sampalli,et al.  Technique for preventing DoS attacks on RFID systems , 2010, SoftCOM 2010, 18th International Conference on Software, Telecommunications and Computer Networks.

[13]  Hung-Min Sun,et al.  On the Security of Chien's Ultralightweight RFID Authentication Protocol , 2011, IEEE Transactions on Dependable and Secure Computing.

[14]  Yeong-Lin Lai,et al.  An intelligent RFID fall notification system , 2011 .

[15]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, PerCom Workshops.

[16]  Firdous Kausar,et al.  Security Analysis of Ultra-lightweight Cryptographic Protocol for Low-cost RFID Tags: Gossamer Protocol , 2009, 2009 International Conference on Network-Based Information Systems.

[17]  Mahmoud Gardeshi,et al.  SULMA: A Secure Ultra Light-Weight Mutual Authentication Protocol for Lowcost RFID Tags , 2011 .

[18]  Refik Molva,et al.  Tracker: Security and Privacy for RFID-based Supply Chains , 2010, NDSS.

[19]  Y.-C. Lee,et al.  A New Ultralightweight RFID Protocol with Mutual Authentication , 2009, 2009 WASE International Conference on Information Engineering.

[20]  Juan E. Tapiador,et al.  Cryptanalysis of the David-Prasad RFID Ultralightweight Authentication Protocol , 2010, RFIDSec.

[21]  Ivan Damgård,et al.  RFID Security: Tradeoffs between Security and Efficiency , 2008, CT-RSA.

[22]  Rodrigo Roman,et al.  Real-time location and inpatient care systems based on passive RFID , 2010, Journal of Network and Computer Applications.

[23]  Neeli R. Prasad,et al.  Providing Strong Security and High Privacy in Low-Cost RFID Networks , 2009, MobiSec.

[24]  Yi Mu,et al.  New Privacy Results on Synchronized RFID Authentication Protocols against Tag Tracing , 2009, ESORICS.