Security Analysis and Enhancement of One-Way Hash Based Low-Cost Authentication Protocol (OHLCAP)

Ha, JeaCheol; Moon, SangJae; Gonzalez Nieto, Juan Manuel; Boyd, Colin

doi:10.1007/978-3-540-77018-3_57

JeaCheol Ha¹,
SangJae Moon²,
Juan Manuel Gonzalez Nieto³ &
…
Colin Boyd³

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4819))

Included in the following conference series:

Pacific-Asia Conference on Knowledge Discovery and Data Mining

Abstract

Choi et al. recently proposed an efficient RFID authentication protocol for a ubiquitous computing environment, OHLCAP (One-Way Hash based Low-Cost Authentication Protocol). However, this paper reveals that the protocol has several security weaknesses : 1) traceability based on the leakage of counter information, 2) vulnerability to an impersonation attack by maliciously updating a random number, and 3) traceability based on a physically-attacked tag. Finally, a security enhanced group-based authentication protocol is presented.

This research was supported by the MIC of Korea, under the ITRC support program supervised by the IITA(IITA-2006-C1090-0603-0026).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Choi, E., Lee, S., Lee, D.: Efficient RFID Authentication Protocol for Ubiquitous Computing Environment. In: Enokido, T., Yan, L., Xiao, B., Kim, D., Dai, Y., Yang, L.T. (eds.) Embedded and Ubiquitous Computing – EUC 2005 Workshops. LNCS, vol. 3823, pp. 945–954. Springer, Heidelberg (2005)
Chapter Google Scholar
Kaps, J.P., Sunar, B.: Energy Comparison of AES and SHA-1 for Ubiquitous Computing. In: Zhou, X., Sokolsky, O., Yan, L., Jung, E.-S., Shao, Z., Mu, Y., Lee, D.C., Kim, D., Jeong, Y.-S., Xu, C.-Z. (eds.) Emerging Directions in Embedded and Ubiquitous Computing. LNCS, vol. 4097, pp. 372–381. Springer, Heidelberg (2006)
Chapter Google Scholar
Feldhofer, M., Rechberger, C.: A Case Against Currently Used Hash Functions in RFID Protocols. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006. LNCS, vol. 4277, pp. 372–381. Springer, Heidelberg (2006)
Google Scholar
Henrici, D., Müller, P.: Hash-based Enhancement of Location Privacy for Radio Frequency Identification Devices using Varying Identifiers. In: Proceeding of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, pp. 149–162. IEEE, Los Alamitos (2004)
Chapter Google Scholar
Juels, A., Rivest, R.L., Szydlo, M.: The Blocker Tag: Selective Blocking of RFID Tags for consumer Privacy. In: Proceeding of 10th ACM Conference on Computer and Communications Security 2003, pp. 103–111 (2003)
Google Scholar
Lee, S., Hwang, Y., Lee, D., Lim, J.: Efficient Authentication for Low-cost RFID Systems. In: Gervasi, O., Gavrilova, M., Kumar, V., Laganà, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3480, pp. 619–627. Springer, Heidelberg (2005)
Google Scholar
Ohkubo, M., Suzuki, K., Kinoshita, S.: Hash-Chain Based Forward-Secure Privacy Protection Scheme for Low-Cost RFID. In: Proceedings of the SCIS 2004, pp. 719–724 (2004)
Google Scholar
Rhee, K., Kwak, J., Kim, S., Won, D.: Challenge-Response Based on RFID Authentication Protocol for Distributed Database Environment. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, Springer, Heidelberg (2005)
Google Scholar
National Institute of Standards and Technilogy(NIST) FIPS-180-2: Secure Hash Standard(SHS) (2002)
Google Scholar
Sarma, S.E., Weis, S.A., Engels, D.W.: Radio-Frequency Identification: Security Risks and Challenges. RSA Laboratories 6(1) (Spring 2003)
Google Scholar
Weis, S.A.: Security and Privacy in Radio-Frequency Identification Devices. MS Thesis, MIT (2003)
Google Scholar
Weis, S.A., Sarma, S.E., Rivest, R.L., Engles, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, Springer, Heidelberg (2004)
Google Scholar

Download references

Author information

Authors and Affiliations

Dept. of Information Security, Hoseo Univ., 336-795, Korea
JeaCheol Ha
School of Electrical Eng. and Computer Science, Kyungpook National Univ., 702-701, Korea
SangJae Moon
Information Security Institute, Queensland Univ. of Technology, GPO Box 2434, Brisbane, QLD, 4001, Australia
Juan Manuel Gonzalez Nieto & Colin Boyd

Authors

JeaCheol Ha
View author publications
You can also search for this author in PubMed Google Scholar
SangJae Moon
View author publications
You can also search for this author in PubMed Google Scholar
Juan Manuel Gonzalez Nieto
View author publications
You can also search for this author in PubMed Google Scholar
Colin Boyd
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Takashi Washio Zhi-Hua Zhou Joshua Zhexue Huang Xiaohua Hu Jinyan Li Chao Xie Jieyue He Deqing Zou Kuan-Ching Li Mário M. Freire

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Ha, J., Moon, S., Gonzalez Nieto, J.M., Boyd, C. (2007). Security Analysis and Enhancement of One-Way Hash Based Low-Cost Authentication Protocol (OHLCAP). In: Washio, T., et al. Emerging Technologies in Knowledge Discovery and Data Mining. PAKDD 2007. Lecture Notes in Computer Science(), vol 4819. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77018-3_57

Download citation

DOI: https://doi.org/10.1007/978-3-540-77018-3_57
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77016-9
Online ISBN: 978-3-540-77018-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics