Abstract
RFID (Radio Frequency IDentification) is a pioneer technology which has depicted a new lifestyle for humanity. Nowadays we observe an increase in the number of RFID applications and no one can ignore their numerous usage. An important issue with RFID systems is providing privacy requirements of these systems during authentication. Recently in 2014, Cai et al. proposed two improved RFID authentication protocols based on R-RAPS (RFID Authentication Protocol Security Enhanced Rules). We investigate the privacy of their protocols based on Ouafi and Phan privacy model and show that these protocols cannot provide private authentication for RFID users. Moreover, we show that these protocols are vulnerable to impersonation, DoS and traceability attacks. Moreover, we present two improved efficient and secure authentication protocols to ameliorate the performance of Cai et al.’s schemes. Our analysis illustrates that the existing weaknesses of the discussed protocols are eliminated in our proposed protocols.
Article PDF
Similar content being viewed by others
References
T. Yu, V. Sekar, S. Seshan, et al. Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the Internet-of-Things [C]//The 14th ACM Workshop on Hot Topics in Networks, HotNets-XIV, Philadelphia, USA, 2015: 5.
K. Baghery, B. Abdolmaleki, M. Emadi. Game-based cryptanalysis of a lightweight crc-based authentication protocol for EPC tags [J]. Amirkabir international journal of electrical & electronics engineering, 2014, 46(1): 27–36.
E. Pagnin, C. Dimitrakakis, A. Abidin, et al. On the leakage of information in biometric authentication [C]//The 15th International Conference on Cryptology in India, New Delhi, India, 2014:265–280.
T. C. Yeh, Y. J. Wang, T. C. Kuo, et al. Securing RFID systems conforming to EPC Class 1 Generation 2 standard [J]. Expert systems with applications, 2010, 37(12): 7678–7683.
S. S. S. Ghaemmaghami, M. Mirmohseni, A. Haghbin. A privacy preserving improvement for SRTA in telecare systems [J]. arXiv: 1510.04197.
G. Avoine. Cryptography in radio frequency identification and fair exchange protocols [D]. Institut De Systemes De Communication Section Des Systemes De Communication ECole Polytechnique FEDERale De Lausanne Pour LObtention Du Grade De Docteures Sciences Par Gildas Avoine Dea DIntelligence Artificielle Et Algorithmique, Universit´e de Caen Basse-Normandie, France, 2005.
S. S. Ghaemmaghami, A. Haghbin, M. Mirmohseni. Traceability improvements of a new RFID protocol based on EPC C1 G2 [J]. The ISC international journal of information security, 2016, 8(2): 99–109.
E. Pagnin, A. J. Yang, G. Hancke, et al. HB+DB, mitigating man-in-the-middle attacks against HB+ with distance bounding [C]//The 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, New York, USA, 2015. 3.
H. Y. Chien. Sasi: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity [J]. IEEE transactions on dependable and secure computing, 2007, 4(4): 337–340.
L. Batina, J. Guajardo, B. Preneel, et al. Public-key cryptography for RFID tags and applications [C]//RFID Security, Springer, 2008:317–348.
K. Fan, N. Ge, Y. Gong, et al. Ultras: ultra-lightweight RFID authentication scheme for mobile device [C]//International Conference on Wireless Algo-rithms, Systems, and Applications, Qufu, China, 2015:114–122.
E. J. Yoon. Improvement of the securing RFID systems conforming to EPC Class 1 Generation 2 standard [J]. Expert systems with applications, 2012, 39(1): 1589–1594.
J. S. Cho, S. S. Yeo, S. K. Kim. Securing against brute-force attack: a hash-based RFID mutual authentication protocol using a secret value [J]. Computer communications, 2011, 34(3): 391–397.
Q. Cai, Y. Zhan, J. Yang. The improvement of RFID authentication protocols based on R-RAPSE [J]. Journal of networks, 2014, 9(1): 28–35.
C. H. Lim, T. Kwon. Strong and robust RFID authentication enabling perfect ownership transfer [C]//The 8th International Conference on Information and Communications Security, Raleigh, USA, 2006. 1–20.
S. Vaudenay. On privacy models for RFID [C]//The 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, 2007:68–87.
K. Ouafi, R. C. W. Phan. Privacy of recent RFID au-thentication protocols [C]//Information Security Practice and Experience, Springer, 2008:263–277.
A. Juels, S. A. Weis. Defining strong privacy for RFID [J]. ACM transactions on information and system security, 2009. 13(1): 7.
G. Avoine, I. Coisel, T. Martin. Untraceability model for RFID [J]. IEEE transactions on mobile computing, 2014, 13(10): 2397–2405.
D. Moriyama, S. Matsuo, M. Ohkubo. Relations among notions of privacy for RFID authentication protocols [J]. IEICE transactions on fundamentals of electronics, communications and computer sciences, 2014, 97(1): 225–235.
G. Avoine. Adversarial model for radio frequency identification [Z]. IACR Cryptology ePrint Archive, 2005. 49.
Author information
Authors and Affiliations
Corresponding author
Additional information
Seyed Salman Sajjadi Ghaem Maghami [corresponding author] obtained his M.S. degree in electrical engineering communications from Science and Research Branch Islamic Azad University, Tehran, Iran in 2015 and B.S. degree in electrical engineering electronic from Karaj Islamic Azad University, Karaj, Iran, in 2010. His research interests include lightweight cryptography, RFID security and privacy, Internet of Things, and wireless communications.
Afrooz Haghbin obtained her B.S. degree in electrical engineering from Sharif University of Technology, Tehran, Iran, in 2001. She obtained her M.S. degree from Tehran University and her Ph.D. degree from Tarbiat Modares University, Tehran, Iran, all in electrical engineering in 2004 and 2009, respectively. She is currently with the electrical and Computer Department of Science and Research Branch in Azad University, Tehran, Iran, as assistant professor. Her research interests include MIMO wireless communications, channel coding, precoding, multi-carrier modulation and estimation theory.
Mahtab Mirmohseni is an assistant professor at Department of Electrical Engineering, Sharif University of Technology (SUT), since 2014. She is also affiliated with the Information Systems and Security Laboratory (ISSL), Sharif University of Technology, Tehran, Iran. She received the B.S., M.S. and Ph.D. degrees from department of electrical engineering, Sharif University of Technology, Tehran, Iran in the field of communication systems in 2005, 2007 and 2012, respectively. She was a post-doctoral researcher at Royal Institute of Technology (KTH), Stockholm, Sweden, in the School of Electrical Engineering till February 2014. Her current research interests include different aspects of information theory, mostly focusing on molecular communication, secure communication and energy constrained networks.
Rights and permissions
About this article
Cite this article
GhaemMaghami, S.S.S., Haghbin, A. & Mirmohseni, M. Cryptanalysis and improvement of two new RFID protocols based on R-RAPSE. J. Commun. Inf. Netw. 2, 107–122 (2017). https://doi.org/10.1007/s41650-017-0013-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41650-017-0013-y