Skip to main content
SpringerLink
Log in

On the Security of Mutual Authentication Protocols for RFID Systems: The Case of Wei et al.’s Protocol

  • Conference paper
Data Privacy Management and Autonomous Spontaneus Security (DPM 2011, SETOP 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7122))

Abstract

Authentication is one of the most basic and important cryptographic tasks. Mutual authentication protocols play a crucial role on the security of RFID systems. In this paper, we consider the security of a recently proposed mutual authentication protocol by Wei  et al. which is a hash based protocol. We present efficient tag impersonation attack, two desynchronization attacks, reader impersonation attack and traceability attack against this protocol. The success probabilities of the attacks are “1” or 1 − 2− (n − 1), where n is the length of the secret value shared between the tag and the reader. The complexity of each one of the presented attacks is only two runs of protocol. Vulnerabilities presented in the present work rule out the practical usage of this protocol. To the best of our knowledge, this is the first security analysis of Wei  et al.’s protocol. Finally, we exhibit an improved version of this protocol, which is immune against the attacks presented in this work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bailey, D.V., Juels, A.: Shoehorning Security into the EPC Tag Standard. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 303–320. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  2. Blundo, C., Cimato, S. (eds.): SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)

    Book  MATH  Google Scholar 

  3. Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)

    MATH  Google Scholar 

  4. Chen, C.-L., Deng, Y.-Y.: Conformation of EPC class 1 generation 2 standards RFID system with mutual authentication and privacy protection. Eng. Appl. of AI 22(8), 1284–1291 (2009)

    MathSciNet  Google Scholar 

  5. Chen, Y.-Y., Tsai, M.-L., Jan, J.-K.: The design of RFID access control protocol using the strategy of indefinite-index and challenge -response. Computer Communication 34(3), 250–256 (2011)

    Article  Google Scholar 

  6. Chien, H.-Y.: Secure Access Control Schemes for RFID Systems with Anonymity. In: MDM, page 96. IEEE Computer Society (2006)

    Google Scholar 

  7. Chien, H.-Y., Chen, C.-H.: Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards. Computer Standards & Interfaces 29(2), 254–259 (2007)

    Article  MathSciNet  Google Scholar 

  8. Choi, E.Y., Lee, D.H., Lim, J.I.: Anti-cloning protocol suitable to EPCglobal class-1 generation-2 RFID systems. Computer Standards & Interfaces 31(6), 1124–1130 (2009)

    Article  Google Scholar 

  9. Class-1 generation 2 UHF air interface protocol standard version 1.2.0, Gen2. In: Gen-2 Standard. EPCGlobal (2008), http://www.epcglobalinc.org/standards/

  10. Damgård, I.: A Design Principle for Hash Functions. In: Brassard [3], pp. 416–427

    Google Scholar 

  11. EPC Tag data standar dversion (January 4, 2008); Yearly report on algorithms and keysizes, Technical Report D.SPA.13Rev.1.0,ICT-2007-216676. In: Gen2 Standard. ECRYPT (2010), http://www.epcglobalinc.org/standards/

  12. FIPS. Secure Hash Standard. National Institute for Standards and Technology (NIST) (August 2002)

    Google Scholar 

  13. Hung-Yu, C.: SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity. IEEE Transactions on Dependable and Secure Computing 4(4), 337–340 (2007)

    Article  Google Scholar 

  14. Information technology - Radio frequency identification for item management. Part 6: Parameters for air interface communications at 860 MHz to 960MHz (2005), http://www.iso.org

  15. Jin, G., Jeong, E.Y., Jung, H.-Y., Lee, K.D.: RFID authentication protocol conforming to EPC class-1 generation-2 standard. In: Arabnia, H.R., Daimi, K. (eds.) Security and Management, pp. 227–231. CSREA Press (2009)

    Google Scholar 

  16. Lo, N.W., Yeh, K.-H.: An Efficient Mutual Authentication Scheme for EPCglobal Class-1 Generation-2 RFID System. In: Denko, M.K., Shih, C.-s., Li, K.-C., Tsao, S.-L., Zeng, Q.-A., Park, S.H., Ko, Y.-B., Hung, S.-H., Park, J.-H. (eds.) EUC-WS 2007. LNCS, vol. 4809, pp. 43–56. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  17. Markle, R.: One way Hash Functions and DES. In: Brassard [3], pp. 428–446

    Google Scholar 

  18. Molnar, D., Wagner, D.: Privacy and security in library RFID: issues, practices, and architectures. In: Atluri, V., Pfitzmann, B., McDaniel, P.D. (eds.) ACM Conference on Computer and Communications Security, pp. 210–219. ACM (2004)

    Google Scholar 

  19. National Institute of Standards and Technology. Secure Hash Standard (SHS). FIPS Publication 180 (May 1993)

    Google Scholar 

  20. Ohkubo, M., Suzuki, K., Kinoshita, S.: Hash-chain based forward-secure privacy protection scheme for low-cost RFID. In: Proc. of the 2004 Symposium on Cryptography and Information Security (SCI 2004), pp. 719–724 (2004)

    Google Scholar 

  21. Rizomiliotis, S.G.P., Rekleitis, E.: Security analysis of the Song Mitchell authentication protocol for low-cost RFID tags. IEEE Communications Letters 13(4), 274–276 (2009)

    Article  Google Scholar 

  22. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 912–923. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  23. Peris-Lopez, P., Castro, J.C.H., Estévez-Tapiador, J.M., Ribagorda, A.: Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard. Computer Standards & Interfaces 31(2), 372–380 (2009)

    Article  Google Scholar 

  24. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: RFID specification revisited. In: The Internet of Things: From RFID to The Next-Generation Pervasive Networked Systems, pp. 311–346. Taylor & Francis Group (2008)

    Google Scholar 

  25. Peris-Lopez, P., Hernandez-Castro, J.C., Tapiador, J.E., van der Lubbe, J.C.A.: Cryptanalysis of an EPC class-1 generation-2 standard compliant authentication protocol. Eng. Appl. of AI 24(6), 1061–1069 (2011)

    Google Scholar 

  26. Phan, R.C.-W.: Cryptanalysis of a New Ultralightweight RFID Authentication Protocol - SASI. IEEE Transactions on Dependable and Secure Computing 6(4), 316–320 (2009)

    Article  Google Scholar 

  27. Piramuthu, S.: RFID mutual authentication protocols. Decision Support Systems 50(2), 387–393 (2011)

    Article  Google Scholar 

  28. Rivest, R.L.: RFC 1321: The MD5 Message-Digest Algorithm. Internet Activities Board (April 1992)

    Google Scholar 

  29. Safkhani, M., Bagheri, N., Naderi, M., Luo, Y., Chai, Q.: Tag Impersonation Attack on Two RFID Mutual Authentication Protocols. In: FARES (2011)

    Google Scholar 

  30. Safkhani, M., Naderi, M.: Cryptanalysis and Improvement of a Lightweight Mutual Authentication Protocol for RFID system. In: 7th International ISC Conference on Information Security and Cryptology (ISCISC 2010), pp. 57–59 (2010)

    Google Scholar 

  31. Shen, J., Choi, D., Moh, S., Chung, I.: A Novel Anonymous RFID Authentication Protocol Providing Strong Privacy and Security. In: 2010 International Conference on Multimedia Information Networking and Security (2010)

    Google Scholar 

  32. Song, B., Mitchell, C.J.: RFID Authentication Protocol for Low-cost Tags. In: WiSec 2008, pp. 140–147 (2008)

    Google Scholar 

  33. Song, B., Mitchell, C.J.: Scalable RFID security protocols supporting tag ownership transfer. Computer Communications 34(4), 556–566 (2011)

    Article  Google Scholar 

  34. Sun, H.-M., Ting, W.-C.: A Gen2-Based RFID Authentication Protocol for Security and Privacy. IEEE Transactions on Mobile Computing 8(8), 1052–1062 (2009)

    Article  Google Scholar 

  35. Tan, C.C., Sheng, B., Li, Q.: Secure and Serverless RFID Authentication and Search Protocols. IEEE Transactions on Wireless Communications 7(4), 1400–1407 (2008)

    Article  Google Scholar 

  36. Wei, C.-H., Hwang, M.-S., Chin, A.Y.: A Mutual Authentication Protocol for RFID. IT Professional 13(2), 20–24 (2011)

    Article  Google Scholar 

  37. Weis, S.: Security and Privacy in Radio Frequency Identification Devices. Masters Thesis, Massachusetts Institute of Technology, MIT (2003)

    Google Scholar 

  38. Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing 2003. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  39. Xueping, R., Xianghua, X.: A Mutual Authentication Protocol For Low-cost RFID System. In: 2010 IEEE Asia-Pacific Services Computing Conference, pp. 632–636 (2010)

    Google Scholar 

  40. Wu, W., Gu, Y.: A light-weight mutual authentication protocol for ISO 18000-6B standard RFID system. In: Proceedings of ICCTA 2009, pp. 21–25 (2009)

    Google Scholar 

  41. Yeh, K.-H., Lo, N.-W.: Improvement of an EPC gen2 compliant RFID authentication protocol. In: Fifth International Conference on Information Assurance and Security, IAS 2009, pp. 532–535. IEEE Computer Society (2009)

    Google Scholar 

  42. Yiyuan Luo, G.G., Chai, Q., Lai, X.: A lightweight Stream Cipher WG-7 for RFID Encryption and Authentication. In: IEEE Globecom 2010 Proceedings (2010)

    Google Scholar 

  43. Yoon, E.-J.: Improvement of the securing RFID systems conforming to EPC class 1 generation 2 standard. Expert Systems with Applications (in press, corrected proof, 2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Electrical Engineering Department, Iran University of Science and Technology, Tehran, Iran

    Masoumeh Safkhani, Majid Naderi & Hamid Behnam

  2. Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran, Iran

    Nasour Bagheri

  3. Indraprastha Institute of Information Technology, Delhi (IIIT-Delhi), New Delhi, India

    Somitra Kumar Sanadhya

Authors
  1. Masoumeh Safkhani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nasour Bagheri
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Somitra Kumar Sanadhya
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Majid Naderi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hamid Behnam
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TELECOM-Bretagne, Campus de Rennes, 2, rue de la Châtaigneraie, 35512, Cesson Sévigné Cedex, France

    Joaquin Garcia-Alfaro

  2. Universitat Autonoma de Barcelona, Edifici-Q, Campus UAB, 08193, Bellaterra, Spain

    Guillermo Navarro-Arribas

  3. Institut Télécom, Télécom Bretagne, CS 17607, 35576, Cesson-Sévigné, France

    Nora Cuppens-Boulahia

  4. Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Via Bramante 65, 26013, Crema, Italy

    Sabrina de Capitani di Vimercati

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Safkhani, M., Bagheri, N., Sanadhya, S.K., Naderi, M., Behnam, H. (2012). On the Security of Mutual Authentication Protocols for RFID Systems: The Case of Wei et al.’s Protocol. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds) Data Privacy Management and Autonomous Spontaneus Security. DPM SETOP 2011 2011. Lecture Notes in Computer Science, vol 7122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28879-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28879-1_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28878-4

  • Online ISBN: 978-3-642-28879-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation