Security enhancement of the authenticated RFID security mechanism based on chaotic maps

With the fast growth of the automatic authentication and asset tracking usage in a wide variety of applications in different fields, government, logistics, transportation and retail are among the most supportive of the radio-frequency identification (RFID) market. Security is a crucial issue and must be addressed seriously. RFID security must meet the public demand of data protection. Recently, several lightweight RFID authentication protocols conforming to the EPCglobal Class 1 Generation 2 (EPC C1-G2) standard have been proposed. In this paper, we present efficient attacks against the authenticated RFID security mechanism of Chang et al. based on Chebyshev chaotic maps, which is the first solution that adopted the chaos in the RFID authentication process. It turns out that this protocol has fundamental weaknesses that can be used by an adversary to break the system. We will show that this protocol is vulnerable to tracking attack, secret disclosure attack, impersonation attack and desynchronization attack. The proposed attack techniques are in light of two flaws related to the message generation and the shared-secret update process, which are not neatly scrutinized. Then, we propose an improved RFID authentication protocol based on the Chebyshev chaotic map hard problem, conforming to the EPC C1-G2 standard with more flexibility, security and mobility for the RFID application. Copyright © 2014 John Wiley & Sons, Ltd.

[1]  Yongzhao Zhan,et al.  An Gen2 Based Security Authentication Protocol for RFID System , 2012 .

[2]  Xing-yuan Wang,et al.  An improved key agreement protocol based on chaos , 2010 .

[3]  David Evans,et al.  Reverse-Engineering a Cryptographic RFID Tag , 2008, USENIX Security Symposium.

[4]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[5]  Chan Yeob Yeun,et al.  New mutual agreement protocol to secure mobile RFID-enabled devices , 2008, Inf. Secur. Tech. Rep..

[6]  Harold Chung,et al.  Chaos Based RFID Authentication Protocol , 2013 .

[7]  Aikaterini Mitrokotsa,et al.  A comprehensive RFID solution to enhance inpatient medication safety , 2011, Int. J. Medical Informatics.

[8]  Hung-Yu Chien,et al.  Secure Access Control Schemes for RFID Systems with Anonymity , 2006, 7th International Conference on Mobile Data Management (MDM'06).

[9]  Hung-Yu Chien,et al.  A Lightweight Authentication Protocol for Low-Cost RFID , 2010, J. Signal Process. Syst..

[10]  Xiaofeng Liao,et al.  Using time-stamp to improve the security of a chaotic maps-based key agreement protocol , 2008, Inf. Sci..

[11]  Yu-Yi Chen,et al.  The design of RFID access control protocol using the strategy of indefinite-index and challenge-response , 2011, Comput. Commun..

[12]  Alfredo De Santis,et al.  Security of public-key cryptosystems based on Chebyshev polynomials , 2004, IEEE Transactions on Circuits and Systems I: Regular Papers.

[13]  Xingyuan Wang,et al.  An anonymous key agreement protocol based on chaotic maps , 2011 .

[14]  Sasa Radomirovic,et al.  Attacks on RFID Protocols , 2008, IACR Cryptol. ePrint Arch..

[15]  Hua Li,et al.  Research on RFID Integration Middleware for Enterprise Information System , 2011, J. Softw..

[16]  Chih-Ming Hsiao,et al.  A secure ECC-based RFID authentication scheme integrated with ID-verifier transfer protocol , 2014, Ad Hoc Networks.

[17]  Yanjun Wang,et al.  Securing RFID systems conforming to EPC Class 1 Generation 2 standard , 2010, Expert Syst. Appl..

[18]  Abbas Dandache,et al.  Real time hardware implementation of a new Duffing's chaotic attractor , 2009, 2009 16th IEEE International Conference on Electronics, Circuits and Systems - (ICECS 2009).

[19]  Eun-Jun Yoon Improvement of the securing RFID systems conforming to EPC Class 1 Generation 2 standard , 2012, Expert Syst. Appl..

[20]  Richard J. Fateman,et al.  Lookup tables, recurrences and complexity , 1989, ISSAC '89.

[21]  Wanlei Zhou,et al.  A minimum disclosure approach to authentication and privacy in RFID systems , 2012, Comput. Networks.

[22]  Eunjun Yoon,et al.  An efficient and secure Diffie–Hellman key agreement protocol based on Chebyshev chaotic map , 2011 .

[23]  Gul N. Khan,et al.  Secure authentication scheme for passive C1G2 RFID tags , 2012, Comput. Networks.

[24]  Diana Maimut,et al.  Lightweight Cryptography for RFID Tags , 2012, IEEE Security & Privacy.

[25]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[26]  Wanlei Zhou,et al.  A practical quadratic residues based scheme for authentication and privacy in mobile RFID systems , 2013, Ad Hoc Networks.

[27]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[28]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[29]  Chin-Chen Chang,et al.  Chaotic maps-based password-authenticated key agreement using smart cards , 2013, Commun. Nonlinear Sci. Numer. Simul..

[30]  Chien-Hung Wu,et al.  Improvement of the RFID authentication scheme based on quadratic residues , 2011, Comput. Commun..

[31]  Mikhail Nesterenko,et al.  RFID security without extensive cryptography , 2005, SASN '05.

[32]  Stefanos Gritzalis,et al.  How to protect security and privacy in the IoT: a policy-based RFID tag management protocol , 2014, Secur. Commun. Networks.

[33]  Yun Liu,et al.  Authenticated RFID security mechanism based on chaotic maps , 2013, Secur. Commun. Networks.

[34]  Masoumeh Safkhani,et al.  Cryptanalysis of improved Yeh et al.'s authentication Protocol: An EPC Class-1 Generation-2 standard compliant protocol , 2011, IACR Cryptol. ePrint Arch..