An Improvement over a Server-less‎ RFID Authentication Protocol

Full Text (PDF, 682KB), PP.31-37

Views: 0 Downloads: 0

Author(s)

Mohsen Pourpouneh 1,* Rasoul Ramezanian 1 Fatemeh Salahi 2

1. Department of Mathematical Sciences, Sharif University of Technology‎, ‎Tehran‎, ‎Iran

2. Department of Mathematical and Computer Sciences, Kharazmi University‎, ‎Tehran‎, ‎Iran

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2015.01.05

Received: 26 Apr. 2014 / Revised: 15 Aug. 2014 / Accepted: 2 Oct. 2014 / Published: 8 Dec. 2014

Index Terms

Authentication, Reader, RFID Protocols, Tag

Abstract

With the increased radio frequency identification (RFID) applications different authentication schemes have been proposed in order to meet the required properties. In this paper we analyze the security of a server-less RFID authentication protocol which is proposed by Deng et al. in 2014. Deng et al. proposed an improvement over Hoque et al. protocol to overcome its vulnerability against data desynchronization attack. However, in this paper we show that their protocol is still vulnerable against data desynchronization attack. Furthermore we present an improved version of this protocol to prevent this attack.

Cite This Paper

Mohsen Pourpouneh, Rasoul Ramezanian, Fatemeh Salahi, "An Improvement over a Server-less‎ RFID Authentication Protocol", International Journal of Computer Network and Information Security(IJCNIS), vol.7, no.1, pp.31-37, 2015. DOI:10.5815/ijcnis.2015.01.05

Reference

[1]L. Wang, X. Yi, C. Lv and Y. Guo, \Security Improvement in Authentication Protocol for Gen-2 Based RFID System", Journal of Convergence Information Technology, AICIT, vol.6, no.1, pp.157-169, (2011).
[2]Ting, P. H. (2013). An Ecient and Guaranteed Cold-Chain Logistics for Temperature-Sensitive Foods: Applications of RFID and Sensor Networks. International Journal of Information Engineering and Electronic Business (IJIEEB), 5(6), 1.
[3]Chai Q (2012) Design and analysis of security schemes for low-cost RFID systems [D]. Ph.D. dissertation of Waterloo University, Water-loo.
[4]Peris-Lopez P, Hernandez-Castro J C, Estevez-Tapiador J M, Ribagorda A, M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags, (2006), Springer-Verlag Berlin Heidelberg.
[5]Wu, Z. Y., Chen, L., & Wu, J. C. (2013). A reliable RFID mutual authentication scheme for healthcare environments. Journal of medical systems, 37(2), 1-9.
[6]Lars Kulseng, Zhen Yu, Yawen Wei, Yong Guan, Lightweight mutual authentication and ownership transfer for RFID systems, in: Proceed-ings of IEEE INFOCOM 2010, pp. 15, 2010.
[7]Karda, S., elik, S., Arslan, A., & Levi, A. (2013). An ecient and private RFID authentication protocol supporting ownership transfer. In Lightweight Cryptography for Security and Privacy (pp. 130-141). Springer Berlin Heidelberg.
[8]Tan, Chiu C., Bo Sheng, and Qun Li. \Secure and serverless RFID au-thentication and search protocols." Wireless Communications, IEEE Transactions on 7.4 (2008): 1400-1407.
[9]Ahamed, S. I., Rahman, F., Hoque, E., Kawsar, F., & Nakajima, T. (2008, April). S3PR: Secure server-less search protocols for RFID. In Information Security and Assurance, 2008. ISA 2008. International Conference on (pp. 187-192). IEEE.
[10]Lee, C. F., Chien, H. Y., & Laih, C. S. (2012). Server-less RFID authentication and searching protocol with enhanced security. International Journal of Communication Systems, 25(3), 376-385.
[11]Kim, Z., Kim, J., Kim, K., Choi, I., & Shon, T. (2011, May). Un-traceable and server-less RFID authentication and search protocols. In Parallel and Distributed Processing with Applications Workshops (IS-PAW), 2011 Ninth IEEE International Symposium on (pp. 278-283). IEEE.
[12]Kim, S., Lee, K., Kim, S., & Won, D. (2009). Security analysis on anonymous mutual authentication protocol for RFID tag without back-end database and its improvement. World Acad Sci Eng Technol, 460-464.
[13]Hoque ME, Rahman F, Ahamed SI et al (2010) Enhancing privacy and security of RFID system with server-less authentication and search protocols in pervasive environments. Wirel Pers Commun 55:6579.
[14]Deng, M., Yang, W., & Zhu, W. (2014). Weakness in a Server-less Authentication Protocol for Radio Frequency Identification. In Mechatronics and Automatic Control Systems (pp. 1055-1061). Springer International Publishing.
[15]Rostampour S., Eslamnezhad Namin M., Hosseinzadeh M., (2014), A Novel Mutual RFID Authentication Protocol with Low Complexity and High Security, I.J. Modern Education and Computer Science.
[16]Habibi M H, Gardeshi M, R. Alaghband M, (2011), Practical Attacks on a RFID Authentication Protocol Conforming to EPC C-1 G-2 Standard, International Journal of UbiComp (IJU), Vol.2, No.1.
[17]Tieyan Li, Guilin Wang, (2007), Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols, New Approaches for Security, Privacy and Trust in Complex Environments, pages 109-120.
[18]T. Dimitriou. A lightweight RFID protocol to protect against traceability and cloning attacks. In Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm, Athens, Greece, September 2005. IEEE.
[19]S.-M. Lee, Y. J. Hwang, D. H. Lee, and J. I. L. Lim. Efficient authentication for low-cost RFID systems. In O. Gervasi, M. Gavrilova, V. Kumar, A. Lagana`a, H. P. Lee, Y. Mun, D. Taniar, and C. J. K. Tan, editors, International Conference on Computational Science and its Applications - ICCSA 2005, Proceedings, Part I, volume 3480 of Lecture Notes in Computer Science, pages 619–627, Singapore, May 2005. Springer-Verlag.
[20]Weis, S. A., Sarma, S. E., Rivest, R. L., & Engels, D. W. (2004). Security and privacy aspects of low-cost radio frequency identification systems. In Security in pervasive computing (pp. 201-212). Springer Berlin Heidelberg.
[21]Molnar, D., & Wagner, D. (2004, October). Privacy and security in library RFID: issues, practices, and architectures. In Proceedings of the 11th ACM conference on Computer and communications security (pp. 210-219). ACM.
[22]Tsudik, G. (2006, March). YA-TRAP: Yet another trivial RFID authentication protocol. In Pervasive Computing and Communications Workshops, 2006. PerCom Workshops 2006. Fourth Annual IEEE International Conference on(pp. 4-pp). IEEE.