Tianjie Cao,Peng Shen,Elisa Bertino

DOI: https://doi.org/10.4304/jcm.3.7.20-27

2008-01-01

Journal of Communications

Abstract:Two effective attacks, namely de-synchronization attack and impersonation attack, against Ha et al.’s LCSS RFID authentication protocol, Song and Mitchell’s protocol are identified. The former attack can break the synchronization between the RFID reader and the tag in a single protocol run so that they can not authenticate each other in any following protocol run. The latter can impersonate a legal tag to spoof the RFID reader by extracting the ID of a specific tag during the authentication process. An impersonation attack against Chen et al.’s RFID authentication scheme is also identified. By sending malicious queries to the tag and collecting the response messages emitted by the tag, the attack allows an adversary to extract the secret information from the tag and further to impersonate the legal tag.

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Tianjie Cao,Peng Shen

DOI: https://doi.org/10.6633/ijns.200907.9(1).12

2009-01-01

Abstract:Radio frequency identification (RFID) technologies have many advantages in applications such as object tracking and monitoring, ticketing, supply-chain management, contactless payment systems. However, the RFID system may bring about various security and privacy problems. In this paper we present our security analysis of the LAK protocol and the CWH protocol. First, we show that the LAK protocol cannot resist replay attacks, and there- fore an adversary can impersonate a legal tag. Next, we present a full-disclosure attack on the CWH protocol. By sending malicious queries to a tag and collecting the response messages emitted by the tag, the full-disclosure attack allows an adversary to extract the secret information from the tag.

H. M. Sun,S. M. Chen,K. H. Wang

2011-01-01

Abstract:There are increasing concerns on the security of RFID usages. Recently, Lu et al. presented ACTION, a privacy preservative authentication protocol for RFID. It is claimed that it achieves high level of security even if a large number of tags is compromised. However, we found that this protocol is vulnerable to two severe attacks : Desynchronizing attacks and Tracking attacks. In this pape r, we present how these two attacks work even if the protocol parameters are moderated.

Ben Niu,Hui Li,Xiaoyan Zhu,Chao Lv

DOI: https://doi.org/10.1109/cis.2011.152

2011-01-01

Abstract:Radio frequency identification technology has been increasingly used in many applications. However, there are many threats and security risks in the RFID systems since an insecure wireless channel exists between the reader and the tags. The security of RFID protocols must be designed and proved with careful cryptanalysis. In this paper, we analyze some RFID authentication protocols proposed recently. Firstly, Shen et al. propose an authentication protocol with strong privacy and security, but we prove that the attacker is able to impersonate a reader to desynchronize a tag by eavesdropping on and modifying the messages transmitted. Secondly, WeiHWang et al. claim that their hash function based protocol can resist from several attacks including denial of service attack, but we perform this attack by inducing a desynchronization of secret between server and tags. At last, Sandhya and Rangaswarmy propose an authentication protocol with many security features, while we present desynchronization attack and reader impersonation attack on this protocol.

Xiuqing Chen,Qiang Zhao,Tianjie Cao,Jingxuan Zhai

DOI: https://doi.org/10.14257/ijsia.2015.9.12.16

2015-01-01

International Journal of Security and Its Applications

Abstract:The widespread use of Radio Frequency Identification (RFID) technologies help to trace a large number of commodity and share the tag information in the supply chain system. However, many ownership transfer protocols are subject to various attacks. We analyze the security of two protocols. Even if the designers claim that their protocols are security, we find that their schemes suffer from forward traceability attacks and tracing attacks. In addition, we show that a weak attacker can retrieve the secrets of the tag with a probability 1 in Kardaş et al.’s protocol. To resist against these attacks, we present an improved scheme based on Kardaş et al.’s protocol by adopting the new key-update mechanism. In the end, we show the enhanced versions provides the forward and backward untraceable security properties.

Tianjie Cao,Peng Shen,Elisa Bertino

DOI: https://doi.org/10.1109/isecs.2008.73

2008-01-01

Abstract:To reduce the computational load on both the back-end database and the tags, Ha et al. proposed a low-cost and strong-security (LCSS) RFID authentication protocol. In this paper, we identify two effective attacks, a desynchronization attack and a spoofing attack, against the LCSS protocol. The former attack can break the synchronization between the RFID reader and the tag in a single protocol run so that they can not authenticate each other in any following protocol run. The latter can impersonate a legal tag to spoof the RFID reader by extracting the ID of a specific tag during the authentication process. Moreover, we point out the potential countermeasure by adding an integrity check to improve the security.

Yun Tian,Gongliang Chen,Jianhua Li

2013-01-01

Abstract:Radio frequency identification (RFID) has a variety of applications and has raised more and more attention. On the other hand, privacy and security problem limits the large-scale use of RFID. The most flexible and effective way to settle this problem is to adopt authentication protocols. However, many proposed RFID authentication protocols have certain weakness. This paper aims to find the possible desynchronization attacks in the design of RFID mutual authentication protocols. We specified the system model and the abilities of adversaries. In order to launch the attack, we proposed the framework of a class of 3-round RFID mutual authentication protocols. It is proved that the protocol will be vulnerable to the desynchronization attack if tag impersonation attack is feasible in the protocol.

LI Heng,GAO Fei,XUE Yan-ming,FENG Shuo

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.32.051

2010-01-01

Abstract:The wireless transmission characteristics of RFID system is vulnerable to be attacked and theft within communication,to people adopt the physical methods and authentication encryption methods to enhance system security,authentication encryption methods is more useful due to its simple design.In this paper,we analysis of security vulnerabilities exist in the commonly used authentication protocol based on Hash function,on this basis bring forward a modified protocol.Through compare them in security,data storage condition and complexity of the algorithm,it can prove that the improved protocol has a very good improvement for RFID system’s overall performance,particularly in security.

Chao Lv,Hui Li,Jianfeng Ma,Yaoyu Zhang

DOI: https://doi.org/10.1002/ett.2514

IF: 3.6

2012-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:Radio Frequency Identification (RFID), we show that three recently proposed RFID authentication protocols which rely exclusively on the used of Elliptic Curve Cryptography are not secure against the tracking attack. To make this attack successfully, the adversary needs to execute three phases. Firstly, the attacker just eavesdrops on the messages exchanged between Server and Tag. Secondly, the attacker impersonates Server to reply with the same random number that is obtained from previous phase. Finally, the adversary acts as a man in the middle to tamper the exchanged messages. Then, we propose enhancements and prove that the revisions are secure against the tracking attack that keep other security properties. Copyright (C) 2012 John Wiley & Sons, Ltd.

Xiuqing Chen,Tianjie Cao,Robin Doss,Jingxuan Zhai

DOI: https://doi.org/10.1007/s11277-017-4449-z

IF: 2.017

2017-01-01

Wireless Personal Communications

Abstract:Radio Frequency Identification (RFID) technology is expected to play a key role in the Internet of Things (IoT) and has applications in a wide variety of domains ranging from automation to healthcare systems. Therefore, the security and privacy of RFID communication is critical. In this paper, we analyze two recent RFID protocols proposed by researchers. Specifically we show that the ownership transfer protocol proposed by Wang et al., is vulnerable to tracing attacks while the mutual authentication protocol proposed by Cho et al. is vulnerable to key disclosure and backward traceable attacks. We propose secure improvements to these protocols to address the vulnerabilities, and improve the scalability of these schemes making them suitable for large-scale deployments.

Baoyuan Kang,Jinguang Han,Qingju Wang

DOI: https://doi.org/10.1109/ICCET.2010.5486299

2010-01-01

Abstract:Wang et al. presented a remote password authentication scheme using IC (integrated Circuit)cards in 2004. Recently, Cheng et al. pointed that the Wang et al.'s scheme is unable to withstand the forgery attack. They consequently proposed a novel version to resist the forgery attack. Although Cheng et al. claimed that their scheme is secure against all known attacks and more practical in application than other IC-card-based authentication schemes, in this paper, we show that Cheng et al. scheme is vulnerable to the guessing attack, parallel session attack and key-compromise attack. To remedy these flaws, this paper proposes an improvement over Cheng et al. scheme with more security.

JIN Yong-ming,XIN Wei,SUN Hui-ping,CHEN Zhong

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.14.002

2012-01-01

Abstract:Kulseng et al's lightweight Radio Frequency Identification(RFID) authentication protocol has secret loophole that it may cause key leakage if the protocol is attacked by side channel analysis,which leads authentication failure.This paper modifies four-step authentication to three-step authentication,introduces key recovery mechanism and improves usage of key,so that the protocol has higher efficiency,and it is convenient to expend in multi-tag environment.Theory analysis result shows that the new protocol can prevent various attacks,and it is more efficient compared with the original protocol.

Xiaoyun Chen,Youli Su,Hui Xiong,Yukai Yao,Guohua Liu,Min Yue

DOI: https://doi.org/10.1109/IHMSC.2010.61

2010-01-01

Abstract:Radio Frequency Identification (RFID) systems is increasingly rife in a variety of applications during recent years, such as inventory management, automobile immobilizers, animal tracking, supply chain management (SCM) and payment system. However, due to its wireless communication and demand for invisibility, security and privacy in RFID system becomes a serious challenge. In this paper, our main attention is constructing an efficient privacy preserving proposal. After reviewing the past work, we propose an improved method to enhance the security and privacy in RFID system. Based on random hash lock approach, we use random list stored in tag instead random value generator, and this novel method can achieve both mutual authentication with lower tag design cost. Meanwhile, the proposed solution satisfies security requirements, for instance, no information leaking, forward security and is resistant to replay attacks. In addition, it is suitable for distribute environment. Analysis of this approach shows it effective and efficiency. Compared with some existing schemes, this solution is superior.

Weibo Liu,Wenping Ma,Yuanyuan Yang,Haolei Qin

DOI: https://doi.org/10.1109/ICCSE.2010.5593456

2010-01-01

Abstract:In this paper, we describe a man-in-the-middle attack against one of the high confidence and efficient privacy RFID protocols recently proposed by Santi and Megda. The attack, during which an intruder can impersonate a valid reader or a tag and forge a set of messages to communicate with the honest agents, destroys the assumed authentication of the protocol, one of the important properties of secure protocol. ©2010 IEEE.

Chao Lv,Hui Li,Jianfeng Ma,Ben Niu

2011-01-01

China Communications

Abstract:Martinez et al. have proposed a secure RFID protocol recently which relies exclusively on the use of Elliptic Curve Cryptography (ECC) combined with a zero knowledge-based authentication scheme. In this paper, we show that this proposed protocol is not secure against the tracking attack. To make the attack successful, the adversary needs to execute three phases. Firstly, the attacker just eavesdrops on the messages exchanged between Reader and Tag. Secondly, the attacker impersonates the Reader to replay the message which is obtained from the first phase. Finally, the adversary acts as a man in the middle to tamper the messages exchanged between Reader and Tag. Then we propose an enhancement and prove that the revision is secure against the tracking attack while keeping other security properties.

Jun Wen,Wenhong Tian,Weidong Wang

DOI: https://doi.org/10.1109/ICCCAS.2010.5582037

2010-01-01

Abstract:Radio Frequency Identification (RFID) technologies have been standardized and widely commercially used, but its security problem is a major challenge. This paper presents an efficient authentication approach to prevent tag from eavesdropping by attackers, tracing by illegal reader. It firstly gives a comprehensive discussion of privacy problems, then presents a mutual authentication and encrypts communication mechanism. And a security analysis on withstanding attackers for the RFID approach is given. © 2010 IEEE.

Rong Zhu,Xiaoxi He,Jiahong Xie,Zongjie Zhang,Ping Wang

DOI: https://doi.org/10.1109/bigdatase50710.2020.00017

2020-01-01

Abstract:RFID system plays an important role in railway transportation. The importance of RFID security has always been a concern. However, attack methods also develop with the development of protocol design. Many authentication protocols which declared to be secure actually have some defects. These defects may help the attacker to obtain important and confidential data, which can lead to more severe problems. In this paper, we discovered some weaknesses in Safkhani et al.’s RFID authentication scheme. Through theoretical analysis and experiment by an automated analysis tool ProVerif, we found their protocol is susceptible to forgery attack and desynchronization attack. After that, we proposed an improved scheme which achieved better security. Besides, we used ProVerif to formally prove the security of our protocol. ProVerif is more flexible and powerful compared with other formal verification tools. The experiment result shows our protocol is safer than Safkhani et al.’s scheme. In general, our protocol is more practical in the application of the RFID system.

Xu Zhuang,Zhi-Hui Wang,Chin-Chen Chang,Yan Zhu

2013-01-01

Abstract:Retrieval of texture images, especially those with different orientation and scale changes, is a challenging and important problem in image analysis. This paper adopts spiking cortical model (SCM) to explore geometrical invariant texture retrieval schemes based on Discrete Cosine Transform (DCT) coefficients of pulse images. The series of pulse images, outputs of SCM, have a robust talent for extracting edge, segment and texture which are inherent in the original images, but they are large 2-dimensional image data so that it is difficult tSome ultra-lightweight RFID protocols have recently been developed. Unlike other RFID protocols, ultra-lightweight protocols generally only need the simplest bitwise operations in the tag side, such as XOR, AND, and OR. In 2012, Tian etal. proposed a new ultra-lightweight RFID protocol named RAPP (RFID authentication protocol with permutation) using a new bitwise operation Permutation in the protocol, which can achieve high security and privacy as claimed. Unfortunately, because of the incomplete session that might occur in RAPP, we present a replay attack which can lead to de-synchronization between a tag and the database, which means the tag can no longer be authenticated by any reader. In addition, we also present a simple de-synchronization attack that can break the synchronization state between a tag and the database, like the replay attack. Some potential threats resulting in more security concerns from RAPP are illustrated by using two properties of Permutation revealed in this paper. We also provide some countermeasures for RAPP to withstand attacks mentioned in the paper.

Fang-fang KE,Xi-lin TANG,Qi-heng ZHANG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.07.048

2010-01-01

Abstract:Thel protocol proposed by Rhee H S et al(Computer Standards & Interfaces, 2009, No.1) uses mobile equipment to replace smart card to reduce risk and cost, but it exists some demerits. Aiming at this problem, based on Chan-Cheng attack case, it points out that the protocol can not resist impersonation attack and off-line password guessing attack. In order to overcome these drawbacks, it gives the improved scheme. Experimental results show this scheme is strongly resistant to both of these attacks, which keeps the password secret and authenticating ID.