Server Impersonation Attacks on RFID Protocols

We introduce server impersonation attacks, a practical security threat to RFID security protocols that has not previously been described. RFID tag memory is generally not tamper-proof for cost reasons. We show that, if a tag is compromised, such attacks can give rise to desynchronisation between server and tag in a number of existing RFID authentication protocols. We also describe possible countermeasures to this novel class of attacks.

[1]  Ted Taekyoung Kwon,et al.  Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer , 2006, ICICS.

[2]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[3]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[4]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[5]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[6]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[7]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[8]  A. Laurie RFID: Practical attacks against RFID , 2007 .

[9]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[10]  Chris J. Mitchell,et al.  RFID authentication protocol for low-cost tags , 2008, WiSec '08.