Skip to main content
SpringerLink
Log in

Security flaws in a recent RFID delegation protocol

  • Original Article
  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

Radio frequency identification (RFID) tag delegation enables a centralized back-end server to delegate the right to identify and authenticate a tag to specified readers. This should be used to mitigate the computational load on the server side and also to solve the issues in terms of latency and dependency on network connectivity. In this study, we describe a basic RFID delegation architecture and then under this model, we investigate the security of an RFID delegation protocol: Song Mitchell delegation (SMD), which is recently proposed by Song and Mitchell. We point out security flaws that have gone unnoticed in the design and present two attacks namely, a tag impersonation attack and a desynchronization attack against it. We also discover a subtle flaw by which a delegated entity can still keep its delegation rights after the expire of them—this infringes security policy of the scheme. More precisely, we show that the protocol will be still vulnerable to previously mentioned attacks, even if the back-end server ends the delegation right of a delegated reader and update the secrets of the delegated tags. To counteract such flaws, we improve the SMD protocol with a stateful variant so that it provides the claimed security properties.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Notes

  1. The same authentication steps are also done between an online reader and a tag as long as there exits corresponding tag identifers in the server list and c ≠ 0.

References

  1. Ohkubo M, Suzuki K, Kinoshita S (2003) Cryptographic approach to "privacy-friendly" tags. In: RFID privacy workshop. MIT, MA

  2. Henrici D, Müller P (2004) Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: International workshop on pervasive computing and communication security—PerSec 2004. IEEE Computer Society, Florida, USA, pp 149–153

  3. Molnar D, Wagner D (2004) Privacy and security in Library RFID: issues, practices, and architectures. In: Conference on computer and communications security. ACM CCS, Washington DC, USA, pp 210–219

  4. Rhee K, Kwak J, Kim S, Won D (2005) Challenge-response based RFID authentication protocol for distributed database environment. In: International conference on security in pervasive computing—SPC 2005. Lecture Notes in Computer Science, Springer-Verlag 3450:70–84

  5. Dimitriou T (2005) A lightweight RFID protocol to protect against traceability and cloning attacks. In: Conference on security and privacy for emerging areas in communication networks—securecomm, Athens, Greece

  6. Karthikeyan S, Nesterenko N (2005) RFID security without extensive cryptography. In: Workshop on security of Ad Hoc and sensor networks—SASN’05. Alexandria, Virginia, USA, pp 63–67

  7. Duc DN, Park J, Lee H, Kim K (2006) Enhancing security of EPCglobal Gen-2 RFID tag against traceability and cloning. In: Symposium on cryptography and information security. Hiroshima, Japan

  8. Chien H, Chen C (2007) Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards. Comput Stand Interfaces 29(2):254–259

    Article  MathSciNet  Google Scholar 

  9. Ha JC, Moon SJ, Nieto JMG, Boyd C (2007) Low-cost and strong-security RFID authentication protocol. In: EUC workshops. Lecture Notes in Computer Science, Springer-Verlag 4809:795–807

  10. Tsudik G (2007) A family of dunces: trivial RFID identification and authentication protocols. Cryptology ePrint Archive, Report 2006/015

  11. Song B, Mitchell CJ (2008) RFID authentication protocol for low-cost tags. In: ACM conference on wireless network security—WiSec’08. ACM Press, Virginia, USA, pp 140–147

  12. Shaoying C, Li Y, Li T, Deng R (2009) Attacks and improvements to an RFID mutual authentication protocol and its extensions. In: Proceedings of the second ACM conference on wireless network security—WiSec’09. Zurich, Switzerland

  13. Avoine G (2010) RFID security & privacy lounge. http://www.avoine.net/rfid

  14. Zhang Y, Kitsos P (2009) Security in RFID and sensor networks. Auerbach Publications, MA

    Book  Google Scholar 

  15. Song B, Mitchell CJ (2011) Scalable RFID security protocols supporting tag ownership transfer. Comput Commun 34:556–566

    Article  Google Scholar 

  16. Fouladgar S, Afifi H (2007) An efficient delegation and transfer of ownership protocol for RFID tags. In: First international EURASIP workshop on RFID technology. Vienna, Austria

  17. Molnar D, Soppera A, Wagner D (2005) A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In: Selected areas in cryptography—SAC 2005. Lecture Notes in Computer Science, Springer-Verlag 3897:276–290

  18. Lim C, Kwon T (2006) Strong and robust RFID authentication enabling perfect ownership transfer. In: Conference on information and communications security—ICICS’06. Lecture Notes in Computer Science, Springer-Verlag 4307:1–20

  19. Fouladgar S, Afifi H (2007) A simple privacy protecting scheme enabling delegation and ownership transfer for RFID tags. J Commun 2(6):6–13

    Google Scholar 

  20. Avoine G, Lauradoux C, Martin T (2009) When compromised readers meet RFID. In: Workshop on information security applications—WISA’09. Lecture Notes in Computer Science, Springer-Verlag 5932:36–50

  21. Avoine G, Oechslin P (2005) RFID traceability: a multilayer problem. In: Financial cryptography—FC’05. Lecture Notes in Computer Science, Springer-Verlag 3570:125–140

  22. Karygiannis A., Phillips T, Tsibertzopoulos A (2006) RFID security: a taxonomy of risk. In: Proceedings of the 1st international conference on communications and networking in China—ChinaCom’06, October 2006, Beijing, China, pp 1–7

  23. Burmester M, de Medeiros B (2007) RFID security: attacks, countermeasures and challenges. In: Proceedings of the 5th RFID academic convocation. The RFID Journal Conference

  24. van Deursen T, Radomirovic S (2009) Attacks on RFID protocols. Cryptology ePrint Archive, Report 2008/310

  25. Mitrokotsa A, Rieback MR, Tanenbaum AS (2010) Classifying RFID attacks and defenses. Inf Syst Frontiers 12(5):491–505

    Article  Google Scholar 

  26. Avoine G (2005) Adversarial model for radio frequency identification. Cryptology ePrint Archieve, Report 2005/049

  27. Vaudenay S (2007) On privacy models for RFID. In Advances in Cryptology – ASIACRYPT 2007. Lecture Notes in Computer Science, Springer-Verlag 4833:68–87

  28. Juels A, Weis S, (2007) Defining strong privacy for RFID. In: Proceedings of IEEE PerCom’07, pp 342–347

  29. Ouafi K, Phan RC–W, (2008) Traceable privacy of recent provably–secure RFID protocols, In: Proceedings of the 6th international conference on applied cryptography and network security. NewYork, NY, USA, pp 479–489

Download references

Acknowledgments

The authors would like to thank the anonymous reviewers for their valuable comments and suggestions on this work.

Author information

Authors and Affiliations

  1. TUBITAK-BILGEM, 41470, Gebze, Kocaeli, Turkey

    Imran Erguler

  2. Electrical-Electronics Engineering Department, Bogazici University, 34342, Bebek, Istanbul, Turkey

    Imran Erguler & Emin Anarim

Authors
  1. Imran Erguler
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emin Anarim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Imran Erguler.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Erguler, I., Anarim, E. Security flaws in a recent RFID delegation protocol. Pers Ubiquit Comput 16, 337–349 (2012). https://doi.org/10.1007/s00779-011-0393-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-011-0393-1

Keywords

Search

Navigation