Security of Grouping-Proof Authentication Protocol for Distributed RFID Systems

Liu et al. proposed a grouping-proof authentication protocol (GUPA) for distributed radio frequency identification systems. At the same time, Liu et al. claimed that GUPA can resist the well-known attacks such as replay, forgery, tracking, and denial of proof. However, we report that, according to Liu et al.’s assumption of the attack ability, the attacker is able to compromise all secrets by the man-in-the-middle (MIM) attacks. Although the MIM attacks were not explicitly evaluated by GUPA, the attacker can easily launch replay, forgery, tracking, and denial of proof when he knows all secrets of GUPA. That is, the lethal security flaws exist in GUPA. We also suggest employing the cryptographic hash function to protect the secrets in GUPA. Our security analysis of GUPA will be beneficial to the design of the robust grouping-proof authentication protocols in the future.

[1]  Wanlei Zhou,et al.  A Robust Grouping Proof Protocol for RFID EPC C1G2 Tags , 2014, IEEE Transactions on Information Forensics and Security.

[2]  Aikaterini Mitrokotsa,et al.  Classifying RFID attacks and defenses , 2010, Inf. Syst. Frontiers.

[3]  Da-Zhi Sun,et al.  One-Round Provably Secure Yoking-Proof for RFID Applications , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[4]  Wanlei Zhou,et al.  Zero Knowledge Grouping Proof Protocol for RFID EPC C1G2 Tags , 2015, IEEE Transactions on Computers.

[5]  Roel Peeters,et al.  Private Yoking Proofs: Attacks, Models and New Provable Constructions , 2012, RFIDSec.

[6]  Leonid Bolotnyy,et al.  Generalized "Yoking-Proofs" for a Group of RFID Tags , 2006, 2006 Third Annual International Conference on Mobile and Ubiquitous Systems: Networking & Services.

[7]  Mike Burmester,et al.  An anonymous RFID grouping-proof with missing tag identification , 2016, 2016 IEEE International Conference on RFID (RFID).

[8]  Laurence T. Yang,et al.  Grouping-Proofs-Based Authentication Protocol for Distributed RFID Systems , 2013, IEEE Transactions on Parallel and Distributed Systems.

[9]  Pawel Rotter,et al.  A Framework for Assessing RFID System Security and Privacy Risks , 2008, IEEE Pervasive Computing.

[10]  Ari Juels,et al.  "Yoking-proofs" for RFID tags , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[11]  Selwyn Piramuthu,et al.  On Existence Proofs for Multiple RFID Tags , 2006, 2006 ACS/IEEE International Conference on Pervasive Services.

[12]  Mike Burmester,et al.  Provably Secure Grouping-proofs for RFID tags , 2008, IACR Cryptol. ePrint Arch..