Skip to main content
SpringerLink
Log in

Subtle Flaws in the Secure RFID Tag Searching Protocol: SRTS

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Secure RFID searching emerged as a new application field in RFID systems finds out whether a specific RFID tag is nearby within a group of tags in a secure manner. Although numerous RFID authentication protocols have been proposed in different studies, RFID searching has not drawn much attention from the RFID community. Also, most of the existing RFID searching protocols do not comply with the EPC Class-1 Gen2 standard, because their designs employ hardware complex cryptographic primitives such as hash functions or complicated encryption schemes. Recently, Sundaresan et al. has introduced an ultra-lightweight secure RFID searching protocol which only requires a Pseudo Random Number Generator and XOR encryption, i.e. it can be implemented on low-cost EPC Class-1 Gen2 compliant RFID tags. The authors present a detailed security analysis of their protocol to prove its security correctness and they claim that the protocol fulfills the security and privacy requirements. In this study, however, we describe tracking, replay and tag impersonation attacks that show the protocol fails to bear out some of its privacy and security objectives.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

Notes

  1. For further information about common attack types on RFID systems and privacy requirements, interested readers may refer to [37].

  2. We ignore the case that ctr of \({\mathcal {T}}_1\) is equal to ctrmax value, i.e. it never responds through these m queries.

References

  1. Ohkubo, M., Suzuki, K., & Kinoshita, S. (2003). Cryptographic approach to “privacy-friendly” tags. In RFID Privacy Workshop, MIT, Massachusetts, USA, 2003.

  2. Henrici, D., & Müller, P. (2004). Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In International workshop on pervasive computing and communication security-PerSec 2004 (pp. 149–153). Florida, USA: IEEE Computer Society.

  3. Molnar, D., & Wagner, D. (2004). Privacy and security in Library RFID: Issues, practices, and architectures. In Conference on computer and communications security, (pp. 210–219). ACM CCS, Washington DC, USA.

  4. Dimitriou, T. (2005). A lightweight RFID protocol to protect against traceability and cloning attacks. In Conference on security and privacy for emerging areas in communication networks-SecureComm, Athens, Greece.

  5. Juels, A., & Weis, S. A. (2005). Authenticating pervasive devices with human protocols. In Advances in Cryptology-CRYPTO 2005. Lecture Notes in Computer Science (Vol. 3621, pp. 293–308). Springer.

  6. Tsudik, G. (2007). A family of dunces: Trivial RFID identification and authentication protocols. In Cryptology ePrint Archive, Report 2006/015.

  7. Chien, H. Y. (2007). SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340.

    Article  MathSciNet  Google Scholar 

  8. Song, B., & Mitchell, C. J. (2008). RFID authentication protocol for low-cost tags. In ACM conference on wireless network security-WiSe08 (pp. 140–147). Virginia, USA: ACM Press.

  9. Song, B., & Mitchell, C. J. (2009). Scalable RFID authentication protocol. In 3rd international conference on network and system security—NSS 2009 (pp. 216–224). IEEE Computer Society, Gold Coast, Australia, 2009.

  10. Peris-Lopez, P., Hernandez-Castro, J. C., Tapiador, J. M., & Ribagorda, A. (2009). Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In Information security applications. Lecture Notes in Computer Science (Vol. 5379, pp. 56–68). Springer.

  11. Song, B., & Mitchell, C. J. (2010). Scalable RFID security protocols supporting tag ownership transfer. Computer Communication, 34(4), 556–566.

    Article  Google Scholar 

  12. Dusart, P., & Traore, S. (2013). Lightweight authentication protocol for low-cost RFID tags. In Information security theory and practice, security of mobile and cyber-physical systems. Lecture Notes in Computer Science (Vol. 7886, pp. 129–144). Springer.

  13. Niu, B., Zhu, X., Chi, H., & Li, H. (2014). Privacy and authentication protocol for mobile RFID systems. Wireless Personal Communications, 77(3), 1–19.

    Article  Google Scholar 

  14. Katz, J., & Shin, J. S. (2006). Parallel and concurrent security of the HB and HB+ protocols. In Advances in Cryptology-EUROCRYPT 2006. Lecture Notes in Computer Science (Vol. 4004, pp. 73–87). Springer.

  15. Phan, R. W. (2009). Cryptanalysis of a new ultralightweight RFID authentication protocol-SASI. IEEE Transactions on Dependable and Secure Computing, 6(4), 316–320.

    Article  Google Scholar 

  16. Bilal, Z., Masood, A., & Kausar, F. (2009). Security analysis of ultra-lightweight cryptographic protocol for low-cost RFID tags: Gossamer protocol. In Network-based information systems—NBIS’09 (pp. 260–267). IEEE.

  17. Cai, S., Li, Y., Li, T., & Deng, R. H. (2009). Attacks and improvements to an RIFD mutual authentication protocol and its extensions. In Proceedings of the second ACM conference on Wireless network security (pp. 51–58). ACM.

  18. Erguler, I., & Anarim, E. (2011). Scalability and security conflict for RFID authentication protocols. Wireless Personal Communications, 59(1), 43–56.

    Article  Google Scholar 

  19. Avoine, G., & Carpent, X. (2013). Yet another ultralightweight authentication protocol that is broken. In Radio frequency identification. Security and Privacy Issues. Lecture Notes in Computer Science (Vol. 7739, pp. 20–30). Springer.

  20. Barrero, D. F., Hernandez-Castro, J. C., Peris-Lopez, P., & Camacho, D. (2014). A genetic tango attack against the David–Prasad RFID ultra-lightweight authentication protocol. Expert Systems, 31(1), 9–19.

    Article  Google Scholar 

  21. Ahamed, S. I., Rahman, F., Hoque E., Kawsar, F., & Nakajima, T. (2008). S3PR: Secure serverless search protocols for RFID. In IEEE information security and assurance conference—ISA 2008 (pp. 187–192).

  22. Xie, W., Xie, L., Zhang, C., Wang, Q., Xu, J., & Zhang, Q. (2014). RFID seeking: Finding a lost tag rather than only detecting its missing. Journal of Network and Computer Applications, 42, 135–142.

    Article  Google Scholar 

  23. Sundaresan, S., Doss, R., Piramuthu, S., & Zhou, W. (2014). Secure tag search in RFID systems using mobile readers. IEEE Transactions on Dependable and Secure Computing, 12(2), 230–242.

    Article  Google Scholar 

  24. Won, T.Y., Chun, J.Y., & Lee, D.H. (2008). Strong authentication protocol for secure RFID tag search without the help of central database. In IEEE/IFIP international conference on embedded and ubiquitous computing, EUC’08 (pp. 153–158). IEEE, 2008.

  25. Tan, C. C., Sheng, B., & Li, Q. (2008). Secure and serverless RFID authentication and search protocols. IEEE Transactions on Wireless Communications, 7(4), 1400–1407.

    Article  Google Scholar 

  26. Kulseng, L., Yu, Z., Wei, Y., & Guan, Y. (2009). Lightweight secure search protocols for low-cost RFID systems. In 29th IEEE international conference on distributed computing systems—ICDCS’09. (pp. 40–48). IEEE, 2009.

  27. Hoque, M. E., Rahman, F., Ahamed, S. I., & Park, J. H. (2010). Enhancing privacy and security of RFID system with serverless authentication and search protocols in pervasive environments. Wireless Personal Communications, 55(1), 65–79.

    Article  Google Scholar 

  28. Hoque, M. E., Rahman, F., & Ahamed, S. I. (2010). S-search: Finding RFID tags using scalable and secure search protocol. In Proceedings of the 2010 ACM symposium on applied computing (pp. 439–443).

  29. Zuo, Y. (2010). Secure and private search protocols for RFID systems. Information Systems Frontiers, 12(5), 507–519.

    Article  Google Scholar 

  30. Chun, J. Y., Hwang, J. Y., & Lee, D. H. (2011). RFID tag search protocol preserving privacy of mobile reader holders. IEICE Electronics Express, 8(2), 50–56.

    Article  Google Scholar 

  31. Kim, Z., Kim, J., Kim, K., Choi, I., & Shon, T. (2011). Untraceable and serverless RFID authentication and search protocols. In 9th IEEE international symposium on parallel and distributed processing with applications workshops—ISPAW (pp. 278–283). Busan, Korea, 2011.

  32. Lim, J., Kim, S., Oh, H., & Kim, D. (2012). A new designated query protocol for serverless mobile RFID systems with reader and tag privacy. Tsinghua Science and Technology, 17(5), 521–536.

    Article  Google Scholar 

  33. Lee, C. F., Chien, H. Y., & Laih, C. S. (2012). Server-less RFID authentication and searching protocol with enhanced security. International Journal of Communication Systems, 25(3), 376–385.

    Article  Google Scholar 

  34. Yuanqing, Z., & Mo, L. (2011). Fast tag searching protocol for large-scale RFID systems. In Proceedings of the 19th IEEE international conference on network protocols—ICNP 2011 (pp. 363–372). Vancouver, Canada.

  35. Lv, C., Li, H., Ma, J., & Niu, B. (2012). Vulnerability analysis of lightweight secure search protocols for low-cost RFID systems. International Journal of Radio Frequency Identification Technology and Applications, 4(1), 3–12.

    Article  Google Scholar 

  36. Jannati, H. & Falahati, A. (2015). An RFID search protocol secured against relay attack based on distance bounding approach. Wireless Personal Communications, 85(3), 711–726.

    Article  Google Scholar 

  37. Mitrokotsa, A., Rieback, M. R., & Tanenbaum, A. S. (2008). Classification of RFID attacks. In Proceedings of the 2nd international workshop on RFID technology—IWRT 2008, Barcelona, Spain, 2008.

  38. Lee, K., Nieto, J. G., & Boyd, C. (2012). A state-aware RFID privacy model with reader corruption. In Cyberspace safety and security (pp. 324–338). Springer.

  39. Avoine, G. (2005). Adversarial model for radio frequency identification. In Cryptology ePrint Archive, Report 2005/049.

  40. Juels, A., & Weis, S. (2007). Defining strong privacy for RFID. In International conference on pervasive computing and communications—PerCom 2007 (pp. 342–347). IEEE Computer Society Press, New York, USA, 2007.

  41. Vaudenay, S. (2007). On privacy models for RFID. In Advances in cryptology—Asiacrypt 2007. Lecture Notes in Computer Science (Vol. 4833, pp. 68–87). Springer.

  42. Erguler, I., Anarim, E., & Saldamli, G. (2014). Unbalanced states violates RFID privacy. Journal of Intelligent Manufacturing, 25(2), 273–281.

    Article  Google Scholar 

Download references

Acknowledgments

The author would like to thank the anonymous reviewers for their valuable comments and suggestions on this work.

Author information

Authors and Affiliations

  1. National Research Institute of Electronics and Cryptology, TUBITAK-BILGEM, 41470, Gebze, Kocaeli, Turkey

    Imran Erguler

Authors
  1. Imran Erguler
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Imran Erguler.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Erguler, I. Subtle Flaws in the Secure RFID Tag Searching Protocol: SRTS. Wireless Pers Commun 90, 175–188 (2016). https://doi.org/10.1007/s11277-016-3338-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3338-1

Keywords

Search

Navigation