论文信息 - Security Analysis and Enhancement of One-Way Hash Based Low-Cost Authentication Protocol (OHLCAP)

Security Analysis and Enhancement of One-Way Hash Based Low-Cost Authentication Protocol (OHLCAP)

Choi et al. recently proposed an efficient RFID authentication protocol for a ubiquitous computing environment, OHLCAP (One-Way Hash based Low-Cost Authentication Protocol). However, this paper reveals that the protocol has several security weaknesses : 1) traceability based on the leakage of counter information, 2) vulnerability to an impersonation attack by maliciously updating a random number, and 3) traceability based on a physically-attacked tag. Finally, a security enhanced group-based authentication protocol is presented.

JaeCheol Ha | Colin Boyd | Juan Manuel González Nieto | Sang-Jae Moon

[1] Ronald L. Rivest,et al. The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[2] Dongho Won,et al. Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment , 2005, SPC.

[3] Berk Sunar,et al. Energy Comparison of AES and SHA-1 for Ubiquitous Computing , 2006, EUC Workshops.

[4] Dong Hoon Lee,et al. Efficient RFID Authentication Protocol for Ubiquitous Computing Environment , 2005, EUC Workshops.

[5] Stephen A. Weis. Security and Privacy in Radio-Frequency Identification Devices , 2003 .

[6] Daniel W. Engels,et al. I. Radio-Frequency Identification: Security Risks and Challenges , 2003 .

[7] Ronald L. Rivest,et al. Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[8] Martin Feldhofer,et al. A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[9] Paul Müller,et al. Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[10] Dong Hoon Lee,et al. Efficient Authentication for Low-Cost RFID Systems , 2005, ICCSA.