Abstract
Yeh et al. have recently proposed a mutual authentication protocol based on EPC Class-1 Gen.-2 standard. They claim their protocol is secure against adversarial attacks and also provides forward secrecy. In this paper we show that the proposed protocol does not have cited security features properly. A powerful and practical attack is presented on this protocol whereby the whole security of the protocol is broken. Furthermore, Yeh et al.’s protocol does not assure the untraceabilitiy and backwarduntraceabilitiy attributes. We also will propose our revision to safeguard the Yeh et al.’s protocol against cited attacks.
Chapter PDF
Similar content being viewed by others
References
Transport for London, Oyster card, http://www.oystercard.co.uk
Michelin Embeds RFID Tags in Tires. RFID Journal, http://www.rfidjournal.com/article/articleview/269/1/1/ (accessed January 17, 2003)
Hoepman, J.-H., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.W.: Crossing Borders: Security and Privacy Issues of the European e-Passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S.-i. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006)
EPCglobal Inc., http://www.epcglobalinc.org/
EPCglobal Inc., EPCTM Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Protocols for Communications at 860 MHz – 960 MHz version 1.1.0, Available at [4]
Lim, C.H., Kwon, T.: Strong and robust RFID authentication enabling perfect ownership transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)
Van Deursen, T., Radomirovic, S.: Attacks on RFID protocols. Cryptology ePrint Archive, Report 2008/310 (2008), http://eprint.iacr.org/
Ouafi, K., Phan, R.C.-W.: Traceable privacy of recent provably-secure RFID protocols. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 479–489. Springer, Heidelberg (2008)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: Vulnerability analysis of RFID protocols for tag ownership transfer. Computer Networks 54, 1502–1508 (2010)
Chien, H., Chen, C.: Mutual Authentication Protocol for RFID Conforming to EPC Class 1 Generation 2 Standards. Computer Standards & Interfaces 29, 254–259 (2007)
Konidala, D.M., Kim, Z., Kim, K.: A simple and cost-effective RFID tag-reader mutual authentication scheme. In: Proceedings of Int’l Conference on RFID Security, RFIDSec 2007, pp. 141–152 (2007)
Kulseng, L., Yu, Z., Wei, Y., Guan, Y.: Lightweight mutual authentication and ownership transfer for RFID Systems. In: Proceedings of IEEE INFOCOM 2010, pp. 1–5 (2010)
Chien, H.Y.: SASI: A new ultralightweight rfid authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing 4(4), 337–340 (2007)
Song, B., Mitchell, C.J.: RFID authentication protocol for low-cost tags. In: Proc. of Wisec 2008, pp. 140–147 (2008)
Duc, D.N., Park, J., Lee, H., Kim, K.: Enhancing security of EPCglobal Gen-2 RFID tag against traceability and cloning. In: The Symposium on Cryptography and Information Security (2006)
Han, D., Kwon, D.: Vulnerability of an RFID authentication protocol conforming to EPC Class-1Generation-2 Standards. Computer Standards & Interfaces 31, 648–652 (2009)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: Practical attacks on a mutual authentication scheme under the EPC Class-1 Generation-2 standard. Computer Communications 32, 1185–1193 (2009)
Habibi, M.H., Gardeshi, M., Alagheband, M.R.: Attacks and improvements to a new RFID Authentication protocol. In: Proceedings of Third Workshop on RFID Security: RFIDsec Asia 2011, China (2011)
Phan, R.C.-W.: Cryptanalysis of a New Ultra lightweight RFID Authentication Protocol –SASI. IEEE Transactions on Dependable and Secure Computing 6(4), 316–320 (2009)
van Deursen, T., Mauw, S., Radomirović, S.: Untraceability of RFID protocols. In: Onieva, J.A., Sauveron, D., Chaumette, S., Gollmann, D., Markantonakis, K. (eds.) WISTP 2008. LNCS, vol. 5019, pp. 1–15. Springer, Heidelberg (2008)
Habibi, M.H., Gardeshi, M., Alagheband, M.R.: Cryptanalysis of two mutual authentication protocols for low-cost RFID. International Journal of Distributed and Parallel Systems 2(1), 103–114
Yeh, T.-C., Wang, Y.-J., Kuo, T.-C., Wang, S.-S.: Securing RFID systems conforming to EPC Class-1 Generation-2 standard. Expert Systems with Applications 37, 7678–7683 (2010)
Avoine, G.: Adversarial model for radio frequency identification. Cryptology ePrint Archive, report 2005/049, http://eprint.iacr.org/2005/049
Juels, A., Weis, S.A.: Defining strong privacy for RFID. In: Proceedings of PerCom 2007, pp. 342–347 (2007), http://eprint.iacr.org/2006/137
Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Ouafi, K., Phan, R.C.-W.: Privacy of recent RFID authentication protocols. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 263–277. Springer, Heidelberg (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Habibi, M.H., Alagheband, M.R., Aref, M.R. (2011). Attacks on a Lightweight Mutual Authentication Protocol under EPC C-1 G-2 Standard. In: Ardagna, C.A., Zhou, J. (eds) Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication. WISTP 2011. Lecture Notes in Computer Science, vol 6633. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21040-2_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-21040-2_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21039-6
Online ISBN: 978-3-642-21040-2
eBook Packages: Computer ScienceComputer Science (R0)