Looking at a class of RFID APs through GNY logic

Radio Frequency Identification Authentication Protocols (RFID APs) are an active research topic and many protocols have been proposed. In this paper, we consider a class of recently proposed lightweight RFID authentication protocols: CRAP, LCAP, OHLCAP, O-TRAP, YA-TRAP, and YA-TRAP+, which are claimed to be resistant to conventional attacks and suitable for low cost RFID device scenarios. We examine them using GNY logic to determine whether they can be proved to have achieved their protocol goals. We show that most of them meet their goals, though some do not. Furthermore this approach enables us to identify similarities and subtle differences among these protocols. Finally, we offer guidelines on when it is necessary to use encryption rather than hash functions in the design of RFID authentication protocols.

[1]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[3]  Mark R. Tuttle,et al.  A Semantics for a Logic of Authentication , 1991, PODC 1991.

[4]  Giampaolo Bella,et al.  Formal Correctness of Security Protocols (Information Security and Cryptography) , 2007 .

[5]  Martín Abadi,et al.  A semantics for a logic of authentication (extended abstract) , 1991, PODC '91.

[6]  Gene Tsudik,et al.  YA-TRAP: yet another trivial RFID authentication protocol , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[7]  C. Chatmon Secure Anonymous RFID Authentication Protocols , 2022 .

[8]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[9]  Dongho Won,et al.  Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment , 2005, SPC.

[10]  Dong Hoon Lee,et al.  Efficient RFID Authentication Protocol for Ubiquitous Computing Environment , 2005, EUC Workshops.

[11]  Serge Vaudenay RFID Privacy Based on Public-Key Cryptography , 2006, ICISC.

[12]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[13]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[14]  Paul F. Syverson,et al.  On unifying some cryptographic protocol logics , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[15]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[16]  Daniel W. Engels,et al.  RFID Systems and Security and Privacy Implications , 2002, CHES.

[17]  Máire O'Neill,et al.  Public Key Cryptography and RFID Tags , 2007, CT-RSA.

[18]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[19]  Gyözö Gódor,et al.  Improved Lightweight Mutual Authentication Protocol for RFID Systems , 2008, MWCN/PWC.

[20]  Bryan Parno,et al.  Unidirectional Key Distribution Across Time and Space with Applications to RFID Security , 2008, USENIX Security Symposium.

[21]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[22]  Berk Sunar,et al.  PUF-HB: A Tamper-Resilient HB Based Authentication Protocol , 2008, ACNS.

[23]  Giampaolo Bella,et al.  Formal Correctness of Security Protocols , 2007 .

[24]  Kwangjo Kim,et al.  Mutual Authentication Protocol for Low-cost RFID , 2005, CRYPTO 2005.

[25]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[26]  Dong Hoon Lee,et al.  Efficient Authentication for Low-Cost RFID Systems , 2005, ICCSA.

[27]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[28]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[29]  JaeCheol Ha,et al.  Security Analysis and Enhancement of One-Way Hash Based Low-Cost Authentication Protocol (OHLCAP) , 2007, PAKDD Workshops.

[30]  Gildas Avoine Cryptography in radio frequency identification and fair exchange protocols , 2005 .

[31]  Steve A. Schneider Verifying Authentication Protocols in CSP , 1998, IEEE Trans. Software Eng..

[32]  Andre Scedrov,et al.  Formal analysis of Kerberos 5 , 2006, Theor. Comput. Sci..

[33]  Adi Shamir SQUASH - A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags , 2008, FSE.

[34]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[35]  Matthew J. B. Robshaw,et al.  An Active Attack Against HB +-A Provably Secure Lightweight Authentication Protocol , 2022 .

[36]  Mike Burmester,et al.  Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols , 2006, 2006 Securecomm and Workshops.

[37]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[38]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).