Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Tianjie Cao,Peng Shen,Elisa Bertino

DOI: https://doi.org/10.1109/isecs.2008.73

2008-01-01

Abstract:To reduce the computational load on both the back-end database and the tags, Ha et al. proposed a low-cost and strong-security (LCSS) RFID authentication protocol. In this paper, we identify two effective attacks, a desynchronization attack and a spoofing attack, against the LCSS protocol. The former attack can break the synchronization between the RFID reader and the tag in a single protocol run so that they can not authenticate each other in any following protocol run. The latter can impersonate a legal tag to spoof the RFID reader by extracting the ID of a specific tag during the authentication process. Moreover, we point out the potential countermeasure by adding an integrity check to improve the security.

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Tianjie Cao,Peng Shen,Elisa Bertino

DOI: https://doi.org/10.4304/jcm.3.7.20-27

2008-01-01

Journal of Communications

Abstract:Two effective attacks, namely de-synchronization attack and impersonation attack, against Ha et al.’s LCSS RFID authentication protocol, Song and Mitchell’s protocol are identified. The former attack can break the synchronization between the RFID reader and the tag in a single protocol run so that they can not authenticate each other in any following protocol run. The latter can impersonate a legal tag to spoof the RFID reader by extracting the ID of a specific tag during the authentication process. An impersonation attack against Chen et al.’s RFID authentication scheme is also identified. By sending malicious queries to the tag and collecting the response messages emitted by the tag, the attack allows an adversary to extract the secret information from the tag and further to impersonate the legal tag.

H. M. Sun,S. M. Chen,K. H. Wang

2011-01-01

Abstract:There are increasing concerns on the security of RFID usages. Recently, Lu et al. presented ACTION, a privacy preservative authentication protocol for RFID. It is claimed that it achieves high level of security even if a large number of tags is compromised. However, we found that this protocol is vulnerable to two severe attacks : Desynchronizing attacks and Tracking attacks. In this pape r, we present how these two attacks work even if the protocol parameters are moderated.

Tianjie Cao,Peng Shen

DOI: https://doi.org/10.6633/ijns.200907.9(1).12

2009-01-01

Abstract:Radio frequency identification (RFID) technologies have many advantages in applications such as object tracking and monitoring, ticketing, supply-chain management, contactless payment systems. However, the RFID system may bring about various security and privacy problems. In this paper we present our security analysis of the LAK protocol and the CWH protocol. First, we show that the LAK protocol cannot resist replay attacks, and there- fore an adversary can impersonate a legal tag. Next, we present a full-disclosure attack on the CWH protocol. By sending malicious queries to a tag and collecting the response messages emitted by the tag, the full-disclosure attack allows an adversary to extract the secret information from the tag.

Tianjie Cao,Elisa Bertino,Hong Lei

DOI: https://doi.org/10.1109/tdsc.2008.32

2008-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The ultralightweight RFID protocols only involve simple bit-wise operations (like XOR, AND, OR, etc.) on tags. In this paper, we show that the ultralightweight strong authentication and strong integrity (SASI) protocol has two security vulnerabilities, namely denial-of-service (DoS) and anonymity tracing based on a compromised tag. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. The latter links a compromised tag with past actions performed on this tag.

Li Lu,Jinsong Han,Lei Hu,Lionel M. Ni

DOI: https://doi.org/10.1109/percom.2007.13

IF: 1.938

2012-01-01

International Journal of Distributed Sensor Networks

Abstract:The objective of private authentication for Radio Frequency Identification (RFID) systems is to allow valid readers to explicitly authenticate their dominated tags without leaking the private information of tags. In previous designs, the RFID tags issue encrypted authentication messages to the RFID reader, and the reader searches the key space to identify the tags. Without key updating, those schemes are vulnerable to many active attacks, especially the compromising attack. We propose a strong and lightweight RFID private authentication protocol, SPA. By designing a novel key updating method, we achieve the forward secrecy in SPA with an efficient key search algorithm. We also show that, compared with existing designs, (SPA) is able to effectively defend against both passive and active attacks, including compromising attacks. Through prototype implementation, we demonstrate that SPA is practical and scalable for current RFID infrastructures.

Weijia Wang,Yong Li,Lei Hu,Li Lu

DOI: https://doi.org/10.1109/secperu.2007.13

2007-01-01

Abstract:As the growing use of radio frequency identification (RFID) technology to enhance ubiquitous computing environments, the privacy protection problem becomes a crucial issue. The objective of private authentication for RFID systems is to allow valid readers explicitly authenticate their dominated tags without leaking tags' private information. To achieve strong privacy, recently, Lu et al. propose a Strong and lightweight RFID Private Authentication protocol (SPA), which enables dynamic key-updating mechanism for balanced tree based authentication approaches. However, due to its balanced tree structure, SPA is still susceptible to compromising attacks. In this paper, we propose a Storage-Aware Private Authentication protocol (SAPA). This scheme employs the sparse tree structure, and treats the path of each tag in the tree as an independent secret. As a result, SAPA enjoys perfect privacy and largely reduces the space for storing key sequence on the side of the tag, while keeping the key search complexity on the side of the reader still be logarithmic.

Jing Li,Zhiping Zhou,Ping Wang

DOI: https://doi.org/10.1109/ccdc.2017.7978502

2017-01-01

Abstract:Through analyzing the security of LMAP protocol, we point out that this protocol is vulnerable to several attacks including the data integrity, reader impersonation and traceability, forward traceability. Based on the above security drawbacks, an improved LAMP protocol is proposed. Aiming at the problem of data integrity, the backend server uses message authentication code to encrypt data information of tag; the reader mixes message generated by tag side to ensure resist impersonation reader attack; the tag side introduces blind factor against traceability attack; in addition, the keys of tags and backend server side can be updated dynamically according to the random number generated by tag side in different authentication cycles, to ensure the forward/backward privacy. The formal proof of correctness of the improved protocol is given based on GNY logic, and shows that the improved protocol resists various attack.

Qingsong Yao,Jinsong Han,Yong Qi,Lei Yang,Yunhao Liu

DOI: https://doi.org/10.1109/ICPP.2011.52

2011-01-01

Abstract:Existing RFID Privacy-Preserving Authentication (PPA) solutions mainly focus on the design of crypto based interactive protocols between readers and tags. Although the cryptographic mechanisms enable randomization and enhance protocol-level privacy, the access mode in RFID systems is less random and may leak private information. We introduce anew attack based on such privacy leakage in access mode, where we show that the mainstream RFID PPA protocols, including the linear, tree-based, and synchronization-based solutions, are not private. We also show that this new attack is easy to conduct, e.g., we can track tags that employ typical tree-based PPA protocols without the need of compromising tags. We discuss the applicability of the attack. Moreover, we provide useful recommendations to strengthen existing PPA protocols in defending against such attacks. The simulation results demonstrate the practicability and effectiveness of this attack.

Zhuzhong Qian,Ce Chen,Ilsun You,Sanglu Lu

DOI: https://doi.org/10.1016/j.camwa.2011.08.030

IF: 3.218

2012-01-01

Computers & Mathematics with Applications

Abstract:Current researches on UHF RFID system security mainly focus on protecting communication safety and information privacy between a pair of specific tag and its corresponding interrogation reader. However, in many scenarios, instead of stealing detailed private information of tags, adversaries aim at estimating the cardinality of tags, which is called counting attack. Unfortunately, most existing protocols are vulnerable to counting attack. To defend against this attack, in this paper we propose ACSP, a novel Anti-Counting Security Protocol. ACSP employs session identifier and provides a corresponding authentication metric to verify the commands sent by the reader. To handle counting attack, ACSP periodically updates the session identifier, and securely identifies tags with encryption. We evaluate the performance of ACSP through theoretical analysis and qualitative comparison. Results show that ACSP can efficiently withstand counting attack while being able to defend against regular security threats as existing protocols.

Tianjie Cao,Yong Zhang

2009-01-01

Journal of Computational Information Systems

Abstract:Three effective attacks, namely impersonation attack, de-synchronization attack and backward tracing attack, against Song and Mitchell's RFID authentication scheme are identified in this paper. The impersonation attack can spoof the reader though a replay attack. The de-synchronization attack can break the synchronization between the RFID reader and the tag so that they can not authenticate each other in any following protocol runs. The backward tracing attack can identify the past interactions of a tag if the attacker knows the tag's present internal stat e. An improved RFID scheme resistant to these attacks is also proposed. © 2009 Binary Information Press August, 2009.

Yun Tian,Gongliang Chen,Jianhua Li

2013-01-01

Abstract:Radio frequency identification (RFID) has a variety of applications and has raised more and more attention. On the other hand, privacy and security problem limits the large-scale use of RFID. The most flexible and effective way to settle this problem is to adopt authentication protocols. However, many proposed RFID authentication protocols have certain weakness. This paper aims to find the possible desynchronization attacks in the design of RFID mutual authentication protocols. We specified the system model and the abilities of adversaries. In order to launch the attack, we proposed the framework of a class of 3-round RFID mutual authentication protocols. It is proved that the protocol will be vulnerable to the desynchronization attack if tag impersonation attack is feasible in the protocol.

Yanzhao Yin,Liji Wu,Qian Peng,Xiangmin Zhang

DOI: https://doi.org/10.1109/icasid.2018.8693138

2018-01-01

Abstract:Although SPA (Simple Power Analysis) has been studied for many years, it is still effective on many cryptographic algorithms based on ECC. Double-and-Add and Montgomery ladder can avoid attacks with point double and point add operations, but in software implementation of ECC algorithm, modular addition and subtraction will be the weakness that the hostile attackers may use. In this paper, a black box SPA is performed on a smart card with SM2 algorithm, a Chinese standard of ECC cryptographic algorithm. The card was proved to implement the SM2 algorithm by Jacobi form and non-adjacent form, and its private key can be extracted by SPA within less than 10 power traces, with conditional operations in the modular subtraction. Then we discussed the probability that the ECC cryptography implemented by other forms be attacked with modular subtraction or addition, and illustrate how the problem can be solved by hardware implementation.

Lihui Wang,Qing Li,Gang Zhang,Jun Yu,Zhimin Zhang,Limin Guo,David Wei Zhang

DOI: https://doi.org/10.1109/CIS.2015.85

2015-01-01

Abstract:Elliptic Curve Cryptography (ECC) is becoming widely deployed in embedded cryptographic devices because of the reduced number of key bits. However, the side-channel attacks especially simple side-channel analysis (SPA) can obtain secret keys by measuring power consumption. To resist this attack there appear a number of countermeasures such as Montgomery ladder and double-and-add-always algorithm. This paper proposes a new simple power analysis attack to these countermeasures by distinguishing the conditional subtraction of Montgomery modular multiplication (MMM). Experimental results on smart cards demonstrate that this attack method can retrieve secret keys easily in several seconds using one power trace. Several countermeasures that can resist this kind of SPA attack are also demonstrated in this paper.

Lihui Wang,Qing Li,Zhimin Zhang,Weijun Shan,David Wei Zhang

DOI: https://doi.org/10.2991/iset-15.2015.29

2015-01-01

Abstract:Elliptic Curve Cryptography (ECC) is becoming widely deployed in embedded cryptographic devices. However, simple power analysis (SPA) attacks may retrieve secret keys by exploiting the power consumption of ECC devices. To resist the SPA attack there appear a number of countermeasures and the most widely used methods are Montgomery ladder and double-and-add-always algorithm. This paper proposes a refined simple power analysis attack to these countermeasures. Experimental results on smart cards demonstrate that this attack method can retrieve secret keys by distinguishing the power consumption of different jump instructions if the implementation of ECC's countermeasure is not carefully designed. The experiments also demonstrate that the proposed countermeasure in this paper can resist this kind of SPA attack

lihui wang,qing li,zhimin zhang,weijun shan,davidwei zhang

DOI: https://doi.org/10.2991/iset-15.2015.33

2015-01-01

Abstract:Elliptic curve cryptosystems (ECCs) are becoming more popular because of the reduced number of key bits required in comparison to other cryptosystems such as RSA. They are especially suited to smartcards because of the limited memory and computational power available on these devices. However, the side-channel attacks especially simple side-channel analysis (SPA) can obtain information about the cryptosystem by measuring power consumption and processing time. To resist this attack there appear a number of countermeasures and the most widely used methods are Montgomery ladder and double-and-add-always algorithm. This paper proposes a novel simple power analysis attack to these countermeasures. Experimental results on smart cards demonstrate that this attack method can retrieve secret keys by distinguishing the conditional subtraction of Montgomery modular multiplication (MMM). Several countermeasures that can resist this kind of SPA attack are also demonstrated in this paper.

Mei Xie

2005-01-01

Abstract:In some detail, the paper expounds the principle about simple power analysis(SPA) attacks against the general cryptography and a particular theory against data encryption standard (DES) algorithm. At the same time, the paper addresses some improvement of SPA. At last, the paper discusses some countermeasures against the powe analysis attack.

Qingsong Yao,Yong Qi,Jizhong Zhao,Jinsong Han

DOI: https://doi.org/10.1109/MOBHOC.2009.5337025

2009-01-01

Abstract:Radio Frequency Identification (RFID) technologies are on their highway to pervasive usage. However privacy protection is still an important problem since RFID tags attached to items are so cost constrained. Privacy preserving authentication approaches are proposed to authenticate tags without private information leaking. Previously designed approaches based on synchronization seeks 0(1) complexity. While these synchronization based methods are efficient in normal case, they have weak points when desynchronized. When maliciously scanned, information stored in tag and reader goes farther and farther away from each other. An adversary can utilize this point to track a tag. We propose an Enhanced Synchronization aPproach for RFID private authentication, ESP, to solve this problem. ESP can eliminate the problem caused by Desynchronization Attack and help detecting Replay Attack Analysis shows that ESP enhances privacy protection while still maintaining the authentication efficiency.