Skip to main content
SpringerLink
Log in

An RFID Search Protocol Secured Against Relay Attack Based on Distance Bounding Approach

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

RFID search protocols are suggested for the past decade to efficiently find a specific tag among a large number of tags by a reader. For instance, in a pharmacy, according to a physician prescribed data, a pharmacy staff finds a specific drug package (with an attached RFID tag) by a reader employing an RFID search protocol. This paper reveals the existing RFID search protocols are vulnerable to a relay attack. In such a relay attack, an attacker is able to introduce its desirable tag instead of the specific tag which is searched by the reader and is not in the reader’s vicinity. Furthermore, in order to overcome this weakness, a new RFID search protocol using a distance bounding approach is proposed. In the proposed RFID search protocol, the reader not only authenticates the discovered tag but also establishes an upper bound for the physical distance between the discovered tag and itself. This implies the presence of the searched tag in the reader’s vicinity. The analytical results for the proposed protocol show that, with the proper selection of the system parameters, the proposed search protocol provides a desirable security level against the relay attack.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Miles, S. B., Sarma, S. E., & Williams, J. R. (2008). RFID technology and applications. Cambridge: Cambridge University Press.

    Book  Google Scholar 

  2. Jannati, H., & Falahati, A. (2011). Cryptanalysis and enhancement of a secure group ownership transfer protocol for RFID tags. In C. K. Georgiadis, H. Jahankhani, E. Pimenidis, R. Bashroush, & A. Al-Memrat (Eds.), Global security, safety and sustainability and e-democracy (pp. 186–193)., LNICS: Vol. 99 Heiledberg: Springer.

    Google Scholar 

  3. Kim, Z., Kim, J., Kim, K., Choi. I., & Shon, T. (2011). Untraceable and serverless RFID authentication and search protocols. In Proceedings of ninth IEEE international symposium on parallel and distributed processing with applications workshops (ISPAW’11) (pp. 278 - 283). Busan.

  4. Tan, C. C., Sheng, B., & Li, Q. (2008). Secure and serverless RFID authentication and search protocols. IEEE Transactions on Wireless Communications, 7(4), 1400–1407.

    Article  Google Scholar 

  5. Kulseng, L., Yu, Z., Wei, Y., & Guan, Y. (2009). Lightweight secure search protocols for low-cost RFID systems. In Proceedings of 29th IEEE international conference on distributed computing systems (ICDCS’09) (pp. 40–48). Montreal.

  6. Hoque, M. E., Rahman, F., Ahamed, S. I., & Park, J. I. (2010). Enhancing privacy and security of RFID system with serverless authentication and search protocols in pervasive environments. Wireless Personal Communications, 55(1), 65–79.

    Article  Google Scholar 

  7. Zuo, Y. (2009). Secure and private search protocols for RFID systems. Information Systems Frontiers, 12(5), 507–519.

    Article  Google Scholar 

  8. Hoque, M. E., Rahman, F., & Ahamed, S. I. (2010). S-search: Finding RFID tags using scalable and secure search protocol. In Proceedings of the 25th ACM symposium on applied computing (SAC’10) (pp. 439–443). Sierre.

  9. Dhal, S., & Sengupta. I. (2013). A new object searching protocol for multi-tag RFID. IACR Cryptology ePrint Archive, 485.

  10. Chun, J. Y., Hwang, J. Y., & Lee, D. H. (2011). RFID tag search protocol preserving privacy of mobile reader holders. IEICE Electronics Express, 8(2), 50–56.

    Article  Google Scholar 

  11. Jialaing, H., Youjun, X., & Zhiqiang, X. (2014). Secure and private protocols for server-less RFID systems. International Journal of Control and Automation, 7(2), 131–142.

    Article  Google Scholar 

  12. Lin, I. C., Tsaur, S. C, & Chang, K. P. (2009). Lightweight and serverless RFID authentication and search protocol. In Proceedings of second international conference on computer and electrical engineering (ICCEE’09) (pp. 95–99). Dubai.

  13. Sundaresan, S., Doss, R., & Zhou, W. (2012). A serverless ultra-lightweight secure search protocol for EPC Class-l Gen-2 UHF RFID tags. In Proceedings of International Conference on Computer & Information Science (ICCIS’12), Kuala Lumper, Malaysia (pp. 580–585).

  14. Won, T. Y., Chun, J. Y., & Lee, D. H. (2008). Strong authentication protocol for secure RFID tag search without help of central database. In Proceedings of IEEE/IFIP international conference on embedded and ubiquitous computing (EUC’08) (pp. 153–158). Shanghai.

  15. Hossain, M. S., & Ahamed, S. I. (2008). Towards a simple secured searching protocol for future RFID applications. In Proceedings of 12th IEEE International Workshop on Future Trends of Distributed Computing Systems (FTDCS’08) (pp. 151–157). Kunming.

  16. Lee, Y. K., Batina, L., Singelee, D., & Verbauwhede, I. (2010). Low-cost untraceable authentication protocols for RFID. In Proceedings of the third ACM conference on wireless network security (WiSec’10) (pp. 55–64). Hoboken.

  17. Yoon, H. S., & Youm, H. Y. (2011). An anonymous search protocol for RFID systems. Journal of Convergence Information Technology, 6(8), 44–50.

    Article  Google Scholar 

  18. Sundaresan, S., Doss, R., Zhou, & W. Senior. (2012). A secure search protocol based on quadratic residues for epc class-1 gen-2 uhf rfid tags. In Proceedings of ieee 23rd international symposium on personal indoor and mobile radio communications (PIMRC) (pp. 30–35). Sydney.

  19. Piramuth, S. (2012). Vulnerabilities of RFID protocols proposed in ISF. Information Systems Frontiers, 14(3), 647–651.

    Article  Google Scholar 

  20. Safkhani, M., Lopez, P. P., Bagheri, N., Naderi, M., & Castro, J. C. H. (2013). On the security of Tan et al. serverless RFID authentication and search protocols. In J. H. Hoepman & I. Verbauwhede (Eds.), Radio frequency identification, security and privacy issues (pp. 1–19)., LNCS: Vol. 7739 Heiledberg: Springer.

    Chapter  Google Scholar 

  21. Hancke, G. P., Mayes, K., & Markantonakis, K. (2009). Confidence in smart token proximity: Relay attacks revisited. Computers and Security, 28(7), 615–627.

    Article  Google Scholar 

  22. Issovits, W., & Hutter, M. (2011). Weaknesses of the ISO/IEC 14443 protocol regarding relay attacks. In Proceedings of IEEE international conference on RFID technologies and applications (RFID-TA’11) (pp. 335–342). Sitges.

  23. Francillon, A., Danev, B., & Capkun, S. (2011). Relay attacks on passive keyless entry and start systems in modern cars. In Proceedings of 18th annual network and distributed system security symposium (NDSS’11) (pp. 1–15). San Diego, CA.

  24. Yang, T., Kong, L., Xin, W., Hu, J., & Chen, Z. (2012). Resisting relay attacks on vehicular passive keyless entry and start systems. In Proceedings of 9th international conference on fuzzy systems and knowledge discovery (FSKD’12) (pp. 2232–2236). Sichuan.

  25. Falahati, A., & Jannati, H. (2014). Distance bounding-based RFID binding proof protocol to protect inpatient medication safety against relay attack. International Journal of Ad-Hoc and Ubiquitous Computing. http://www.inderscience.com/info/ingeneral/forthcoming.php?jcode=ijahuc. Published online 2014.

  26. Hancke, G. P., & Kuhn, M. (2005). An RFID distance bounding protocol. In Proceedings of 1st IEEE international conference on security and privacy for emergent areas in communications networks (SecureComm’05) (pp. 67–73). Athens.

  27. Jannati, H., & Falahati, A. (2012). Mutual implementation of predefined and random challenges over RFID distance bounding protocol. In Proceedings of 9th international conference on information security and cryptology (ISCISC’12) (pp. 43–47). Tabriz.

  28. Falahati, A., & Jannati, H. (2012). Application of distance bounding protocols with random challenges over RFID noisy communication systems. In Proceedings of IET conference on wireless sensor systems (WSS’12)(pp. 1–5). London.

  29. Jannati, H., & Falahati, A. (2013). Mutual distance bounding protocol with its implementability over a noisy channel and its utilization for key agreement in peer-to-peer wireless networks. Wireless Personal Communications, 77(1), 127–149.

    Article  Google Scholar 

  30. Desmedt, Y., Goutier, C., & Bengio, S. (1988). Special uses and abuses of the Fiat-Shamir passport protocol. In C. Pomerance (Ed.), Advances in cryptology (pp. 21–39)., LNCS: Vol. 299 Heiledberg: Springer.

    Google Scholar 

  31. Mandal, K., Fan, X., & Gong, G. (2012). Warbler: A lightweight pseudorandom number generator for EPC C1 Gen2 tags. In Proceedings of workshop on RFID and IoT security, (RFIDSec’12 Asia) (pp. 73–84). Taipei.

  32. Melia-Segui, J., Garcia-Alfaro, J., & Herrera-Joancomarti, J. (2013). J3Gen: A PRNG for low cost passive RFID. Sensors, 13, 3816–3830.

    Article  Google Scholar 

  33. EPCglobal (2013) EPCC1Gen2 EPC radio-frequency identity protocols class-1 Gen-2 UHF RFID protocol for communications at 860 MHz–960 MHz. http://www.epcglobalinc.org/standards/uhfc1g2.

  34. Jannati, H., & Falahati, A. (2013). An efficient mutual distance bounding protocol over a noisy channel. International Journal of Ad-Hoc and Ubiquitous Computing. http://www.inderscience.com/info/ingeneral/forthcoming.php?jcode=ijahuc. Published online 2014.

  35. Jannati, H., & Falahati, A. (2014). Achieving an appropriate security level for distance bounding protocols over a noisy channel. Telecommunication Systems, 58(3), 219–231.

    Article  Google Scholar 

  36. Zhang, Y., & Li, M. (2013). Fast tag searching protocol for large-scale RFID systems. IEEE/ACM Transactions on Networking, 21(3), 924–934.

    Article  Google Scholar 

  37. Chen, M., Luo, W., Mo, Z., Chen, S., & Fang, Y. (2013). An efficient tag search protocol in large-scale RFID systems. In Proceedings of the 32nd IEEE international conference on computer communications (INFOCOM’13) (pp. 899-9-7). Turin.

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Institute for Research in Fundamental Sciences (IPM), Tehran, Iran

    Hoda Jannati

  2. Department of Electrical Engineering (DCCS Lab), Iran University of Science and Technology, Tehran, Iran

    Abolfazl Falahati

Authors
  1. Hoda Jannati
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abolfazl Falahati
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hoda Jannati.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Jannati, H., Falahati, A. An RFID Search Protocol Secured Against Relay Attack Based on Distance Bounding Approach. Wireless Pers Commun 85, 711–726 (2015). https://doi.org/10.1007/s11277-015-2804-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-015-2804-5

Keywords

Search

Navigation