Chao Lv,Hui Li,Jianfeng Ma,Yaoyu Zhang

DOI: https://doi.org/10.1002/ett.2514

IF: 3.6

2012-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:Radio Frequency Identification (RFID), we show that three recently proposed RFID authentication protocols which rely exclusively on the used of Elliptic Curve Cryptography are not secure against the tracking attack. To make this attack successfully, the adversary needs to execute three phases. Firstly, the attacker just eavesdrops on the messages exchanged between Server and Tag. Secondly, the attacker impersonates Server to reply with the same random number that is obtained from previous phase. Finally, the adversary acts as a man in the middle to tamper the exchanged messages. Then, we propose enhancements and prove that the revisions are secure against the tracking attack that keep other security properties. Copyright (C) 2012 John Wiley & Sons, Ltd.

Weibo Liu,Wenping Ma,Yuanyuan Yang,Haolei Qin

DOI: https://doi.org/10.1109/ICCSE.2010.5593456

2010-01-01

Abstract:In this paper, we describe a man-in-the-middle attack against one of the high confidence and efficient privacy RFID protocols recently proposed by Santi and Megda. The attack, during which an intruder can impersonate a valid reader or a tag and forge a set of messages to communicate with the honest agents, destroys the assumed authentication of the protocol, one of the important properties of secure protocol. ©2010 IEEE.

Ben Niu,Hui Li,Xiaoyan Zhu,Chao Lv

DOI: https://doi.org/10.1109/cis.2011.152

2011-01-01

Abstract:Radio frequency identification technology has been increasingly used in many applications. However, there are many threats and security risks in the RFID systems since an insecure wireless channel exists between the reader and the tags. The security of RFID protocols must be designed and proved with careful cryptanalysis. In this paper, we analyze some RFID authentication protocols proposed recently. Firstly, Shen et al. propose an authentication protocol with strong privacy and security, but we prove that the attacker is able to impersonate a reader to desynchronize a tag by eavesdropping on and modifying the messages transmitted. Secondly, WeiHWang et al. claim that their hash function based protocol can resist from several attacks including denial of service attack, but we perform this attack by inducing a desynchronization of secret between server and tags. At last, Sandhya and Rangaswarmy propose an authentication protocol with many security features, while we present desynchronization attack and reader impersonation attack on this protocol.

Tianjie Cao,Peng Shen

DOI: https://doi.org/10.6633/ijns.200907.9(1).12

2009-01-01

Abstract:Radio frequency identification (RFID) technologies have many advantages in applications such as object tracking and monitoring, ticketing, supply-chain management, contactless payment systems. However, the RFID system may bring about various security and privacy problems. In this paper we present our security analysis of the LAK protocol and the CWH protocol. First, we show that the LAK protocol cannot resist replay attacks, and there- fore an adversary can impersonate a legal tag. Next, we present a full-disclosure attack on the CWH protocol. By sending malicious queries to a tag and collecting the response messages emitted by the tag, the full-disclosure attack allows an adversary to extract the secret information from the tag.

Fang Mingwei,Wu Junjun,Zhang Xinfang,Chen Hong

DOI: https://doi.org/10.4028/www.scientific.net/kem.474-476.1764

2011-01-01

Key Engineering Materials

Abstract:RFID technology plays an important role in our daily life nowadays. It widely used in the automatic identification system by embedding the tag into product. However, some security risks presented due to radio frequency signal channel between the tag and the reader which may lead privacy disclosure for the user. Various solutions are proposed to resole to security issues in RFID system, but there still presented some limitations. A security elliptic curve cryptography based authentication protocol is presented in this paper to preserve the privacy of the RFID system. The proposed protocol provides mutual authentication and a security communication channel between the tag and the reader. By the security analysis, our protocol can resist common passive and active attack; moreover, it also can provide forward security.

H. M. Sun,S. M. Chen,K. H. Wang

2011-01-01

Abstract:There are increasing concerns on the security of RFID usages. Recently, Lu et al. presented ACTION, a privacy preservative authentication protocol for RFID. It is claimed that it achieves high level of security even if a large number of tags is compromised. However, we found that this protocol is vulnerable to two severe attacks : Desynchronizing attacks and Tracking attacks. In this pape r, we present how these two attacks work even if the protocol parameters are moderated.

Tianjie Cao,Peng Shen,Elisa Bertino

DOI: https://doi.org/10.4304/jcm.3.7.20-27

2008-01-01

Journal of Communications

Abstract:Two effective attacks, namely de-synchronization attack and impersonation attack, against Ha et al.’s LCSS RFID authentication protocol, Song and Mitchell’s protocol are identified. The former attack can break the synchronization between the RFID reader and the tag in a single protocol run so that they can not authenticate each other in any following protocol run. The latter can impersonate a legal tag to spoof the RFID reader by extracting the ID of a specific tag during the authentication process. An impersonation attack against Chen et al.’s RFID authentication scheme is also identified. By sending malicious queries to the tag and collecting the response messages emitted by the tag, the attack allows an adversary to extract the secret information from the tag and further to impersonate the legal tag.

Chien-Ming Chen,Shuai-Min Chen,Xinying Zheng,Lijun Yan,Huaxiong Wang,Hung-Min Sun

2014-01-01

Abstract:RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In 2009, Chien and Laih proposed an RFID authentication protocol based on error correction codes (ECC) to secure RFID systems with untraceability, which is one of the most critical privacy issues on RFID. In this paper, we demonstrate that their scheme is insecure against two kinds of tracing attacks. We also analyze the success probability of our attacks.

Changsheng Wan,Lin Zhou,Jie Huang,Juan Zhang

DOI: https://doi.org/10.2991/icsecs-13.2013.13

2013-01-01

Abstract:To solve the problems of consumers' security and privacy, a new RFID authentication method based on the elliptic curve is proposed.Comparing with other asymmetric cryptography, this method has stronger security, shorter key length, less computation.This scheme makes the reader and the writer being able to complete the certification process for the reader through interact with the protocol of label.Moreover, this scheme can provide anti-replay and privacy-preserving protection for tags.

Xiuqing Chen -,Tianjie Cao -,Qiao Yu -

DOI: https://doi.org/10.4156/aiss.vol5.issue5.68

2013-01-01

INTERNATIONAL JOURNAL ON Advances in Information Sciences and Service Sciences

Abstract:Radio Frequency Identification (RFID) is a technology designed to automatically identify a myriad of everyday objects and people. Due to widely spread of the RFID applications, some useful message can be attacked by adversaries. Thus, to eliminate the security problem, the security requirements for privacy-preserving RFID authentication protocols are evident. In this paper, we discuss unique manin-the-middle attacks on extending RFID authentication protocols. In particular, we show that the revised protocols which rely on the use of elliptic curve cryptography (ECC), grouping proof and RFID localization algorithms. Furthermore, we demonstrate that the proposed protocols can resist unique man-in-the-middle attacks and replay attacks.

Xiu-qing CHEN,Tian-jie CAO,Yu GUO

DOI: https://doi.org/10.3969/j.issn.1002-137X.2013.11.022

2013-01-01

Computer Science

Abstract:We analyzed the security of RFID authentication protocols recently proposed by Ha et al.Our security analysis clearly highlights important security weakness in this article.More precisely,an adversary analyzes the messages between reader and tag and implements traceability attacks.Then,the adversary performs the passive full-disclosure attacks and discloses the tags' secret.In order to evaluate the performance of traceability attacks,we observed the toy experimental results by running several tests on an implementation of the protocol.Finally,we used the formal model of untraceability,which successfully proves the robustness against tracing attacks and the untraceability of the enhanced scheme.

Xiuqing Chen,Tianjie Cao,Mingxiang Zhu,Wenzhuo Liu,Yu Guo

DOI: https://doi.org/10.4304/jcp.9.4.938-946

2014-01-01

Journal of Computers

Abstract:W e analyze a recent RFID lightweight authentication protocol, namely EOHLCAP scheme . Based on our analysis, however, a new traceability attack algorithm makes the scheme insecurity, if the attacker has the ability to distinguish the target tag . So me lightweight authentication protocol s are susceptible to the similar traceability attack, so we propose a new traceability attack algorithm. More precisely, we also show how our attack algorithm can be applied to the older schemes. To counteract such security issue, we revise the EOHLCAP scheme with the rotation operation and show that the proposed model satisfies the indistinguishability property. Finally, we introduce a revised protocol, name ly EOHLCA P+ scheme, which conforms to the security requirement and resists the tracing attack.

Tianjie Cao,Yong Zhang

2009-01-01

Journal of Computational Information Systems

Abstract:Three effective attacks, namely impersonation attack, de-synchronization attack and backward tracing attack, against Song and Mitchell's RFID authentication scheme are identified in this paper. The impersonation attack can spoof the reader though a replay attack. The de-synchronization attack can break the synchronization between the RFID reader and the tag so that they can not authenticate each other in any following protocol runs. The backward tracing attack can identify the past interactions of a tag if the attacker knows the tag's present internal stat e. An improved RFID scheme resistant to these attacks is also proposed. © 2009 Binary Information Press August, 2009.

Xinglei Zhang,Linsen Li,Yue Wu,Quanhai Zhang

DOI: https://doi.org/10.1109/NCIS.2011.128

2011-01-01

Abstract:With the expansion of RFID technology application in diverse fields, the security problems attract more and more attention. In the RFID Security authentication protocols used public-key cryptography, the authentication protocol based on the ECDLP (Elliptic Curve Discrete Logarithm Problem) can solve the clone and reply attacks very well, but there are more or less problems in resisting tracking attacks. In this paper, we present a 'Randomized Key' proposal based on ECDLP and improve EC-RAC (Elliptic Curve Based Randomized Access Control) protocol and Schnorr protocol respectively. Our security analysis shows that the proposed improved protocols can resist tracking attack effectively.

Mohammad Hassan Habibi,Mahmoud Gardeshi,Mahdi R. Alaghband

DOI: https://doi.org/10.5121/ijdps.2011.2109

2011-02-04

Abstract:Radio Frequency Identification (RFID) is appearing as a favorite technology for automated identification, which can be widely applied to many applications such as e-passport, supply chain management and ticketing. However, researchers have found many security and privacy problems along RFID technology. In recent years, many researchers are interested in RFID authentication protocols and their security flaws. In this paper, we analyze two of the newest RFID authentication protocols which proposed by Fu et al. and Li et al. from several security viewpoints. We present different attacks such as desynchronization attack and privacy analysis over these protocols.

Cryptography and Security

Shan Chang,Li Lu,Xiaoqiang Liu,Hui Song,Qingsong Yao

DOI: https://doi.org/10.1016/j.jcss.2014.12.015

IF: 1.043

2014-01-01

Journal of Computer and System Sciences

Abstract:Security and privacy issues in Radio Frequency Identification (RFID) systems mainly result from limited storage and computation resources of RFID tags and unpredictable communication environment. Although many security protocols for RFID system have been proposed, most of them have various flaws. We propose a random graph-based methodology enabling automated benchmarking of RFID security. First, we formalize the capability of adversaries by a set of atomic actions. Second, Vulnerability Aware Graphs (VAGs) were developed to elaborate the interactions between adversaries and RFID systems, which are used to discover the potential attacks of adversaries via some paths on the graphs. The quantitative analysis on VAGs can predict the probability that the adversary leverages the potential flaws to perform attacks. Moreover, a joint entropy-based method is provided to measure the indistinguishability of RFID tags under passive attacks. Analysis and simulation were conducted to show the validity and effectiveness of VAGs.

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.

Liu Yongliang,Gao Wen,Yao Hongxun,Huang Tiejun

DOI: https://doi.org/10.1360/crad20061207

2006-01-01

Journal of Computer Research and Development

Abstract:Recently, Aydos et al. proposed an ECC-based wireless authentication protocol. Because their protocol is based on ECC, the protocol has significant advantage including lower computational burden, lower communication bandwidth and storage requirements. However, Mangipudi et al showed that the protocol is vulnerable to the man-in-the-middle attack from the attacker within the system and proposed a user authentication protocol to prevent the attack. This paper further shows that Aydos et al.'s protocol is vulnerable to man-in-the-middle attack from any attacker not restricted on the inside attacker. Then, a forging certificate attack on Mangipudi et al's protocol is presented. Next, the reasons that Aydos et al's protocol and Mangipudi et al's protocol suffer the attacks are analyzed. Finally, we propose a novel ECC-based wireless authentication protocol and analyze the security of our protocol.

Tianjie Cao,Peng Shen,Elisa Bertino

DOI: https://doi.org/10.1109/isecs.2008.73

2008-01-01

Abstract:To reduce the computational load on both the back-end database and the tags, Ha et al. proposed a low-cost and strong-security (LCSS) RFID authentication protocol. In this paper, we identify two effective attacks, a desynchronization attack and a spoofing attack, against the LCSS protocol. The former attack can break the synchronization between the RFID reader and the tag in a single protocol run so that they can not authenticate each other in any following protocol run. The latter can impersonate a legal tag to spoof the RFID reader by extracting the ID of a specific tag during the authentication process. Moreover, we point out the potential countermeasure by adding an integrity check to improve the security.

Xiuqing Chen,Tianjie Cao,Robin Doss,Jingxuan Zhai

DOI: https://doi.org/10.1007/s11277-017-4449-z

IF: 2.017

2017-01-01

Wireless Personal Communications

Abstract:Radio Frequency Identification (RFID) technology is expected to play a key role in the Internet of Things (IoT) and has applications in a wide variety of domains ranging from automation to healthcare systems. Therefore, the security and privacy of RFID communication is critical. In this paper, we analyze two recent RFID protocols proposed by researchers. Specifically we show that the ownership transfer protocol proposed by Wang et al., is vulnerable to tracing attacks while the mutual authentication protocol proposed by Cho et al. is vulnerable to key disclosure and backward traceable attacks. We propose secure improvements to these protocols to address the vulnerabilities, and improve the scalability of these schemes making them suitable for large-scale deployments.