Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Wireless Networks
Erschienen in: Wireless Networks 3/2019

02.04.2018

Breaking anonymity of some recent lightweight RFID authentication protocols

Erschienen in: Wireless Networks | Ausgabe 3/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Due to their impressive advantages, Radio Frequency IDentification (RFID) systems are ubiquitously found in various novel applications. These applications are usually in need of quick and accurate authentication or identification. In many cases, it has been shown that if such systems are not properly designed, an adversary can cause security and privacy concerns for end-users. In order to deal with these concerns, impressive endeavors have been made which have resulted in various RFID authentications being proposed. In this study, we analyze three lightweight RFID authentication protocols proposed in Wireless Personal Communications (2014), Computers & Security (2015) and Wireless Networks (2016). We show that none of the studied protocols provides the desired security and privacy required by the end-users. We present various security and privacy attacks such as secret parameter reveal, impersonation, DoS, traceability, and forward traceability against the studied protocols. Our attacks are mounted in the Ouafi–Phan RFID formal privacy model which is a modified version of well-known Juels–Weis privacy model.
Vorheriger Artikel Optimization energy consumption with multiple mobile sinks using fuzzy logic in wireless sensor networks
Nächster Artikel Link quality evaluation of a wireless sensor network in metal marine environments

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Literatur
1.
Xie, W., Xie, L., Zhang, C., Wang, Q., Xu, J., Zhang, Q., et al. (2014). RFID seeking: Finding a lost tag rather than only detecting its missing. Journal of Network and Computer Applications, 42, 135–142.CrossRef
2.
Tajima, M. (2007). Strategic value of RFID in supply chain management. Journal of purchasing and supply management, 13(4), 261–273.CrossRef
3.
Van Deursen, N., Buchanan, W. J., & Duff, A. (2013). Monitoring information security risks within health care. Computers & Security, 37, 31–45.CrossRef
4.
Gross, H., Wenger, E., Martín, H., & Hutter, M. (2014). Pioneera prototype for the internet of things based on an extendable EPC gen2 RFID tag. In International Workshop on Radio Frequency Identification: Security and Privacy Issues (pp. 54–73). Springer.
5.
Galins, A., Beinarovics, P., Laizans, A., & Jakusenoks, A., et al. (2016). RFID application for electric car identification at charging station. In Engineering for Rural Development: Proceedings of the 15th International scientific conference (pp. 25–27).
6.
Farash, M. S., Turkanović, M., Kumari, S., & Hölbl, M. (2016). An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad Hoc Networks, 36, 152–176.CrossRef
7.
Baghery, K., Abdolmaleki, B., Akhbari, B., & Aref, M. R. (2016). Enhancing privacy of recent authentication schemes for low-cost RFID systems. The ISC International Journal of Information Security, 7(2), 135–149.
8.
Suh, W. S., Yoon, E. J., & Piramuthu, S. (2013). RFID-based attack scenarios in retailing, healthcare and sports. Journal of Information Privacy and Security, 9(3), 4–17.CrossRef
9.
Jannati, H. (2015). Analysis of relay, terrorist fraud and distance fraud attacks on RFID systems. International Journal of Critical Infrastructure Protection, 11, 51–61.CrossRef
10.
Amendola, S., Lodato, R., Manzari, S., Occhiuzzi, C., & Marrocco, G. (2014). RFID technology for iot-based personal healthcare in smart spaces. IEEE Internet of Things Journal, 1(2), 144–152.CrossRef
11.
Khoo, B. (2011). RFID as an enabler of the internet of things: Issues of security and privacy. In: Internet of Things (iThings/CPSCom), 2011 international conference on and 4th international conference on cyber, physical and social computing (pp. 709–712). IEEE.
12.
Bolic, M., Rostamian, M., & Djuric, P. M. (2015). Proximity detection with RFID: A step toward the internet of things. IEEE Pervasive Computing, 14(2), 70–76.CrossRef
13.
Memon, I., Arain, Q. A., Memon, H., & Mangi, F. A. (2017). Efficient user based authentication protocol for location based services discovery over road networks. Wireless Personal Communications, 95(4), 3713–3732.CrossRef
14.
Memon, I., Hussain, I., Akhtar, R., & Chen, G. (2015). Enhanced privacy and authentication: An efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wireless Personal Communications, 84(2), 1487–1508.CrossRef
15.
Da Xu, L., He, W., & Li, S. (2014). Internet of things in industries: A survey. IEEE Transactions on Industrial Informatics, 10(4), 2233–2243.CrossRef
16.
Welbourne, E., Battle, L., Cole, G., Gould, K., Rector, K., Raymer, S., et al. (2009). Building the internet of things using RFID: The RFID ecosystem experience. IEEE Internet Computing, 13(3), 48–55.CrossRef
17.
Shifeng, Y., Chungui, F., Yuanyuan, H., & Shiping, Z. (2011). Application of IoT in agriculture. Journal of Agricultural Mechanization Research, 7, 190–193.
18.
Wang, J., Ni, D., & Li, K. (2014). RFID-based vehicle positioning and its applications in connected vehicles. Sensors, 14(3), 4225–4238.CrossRef
19.
Hayajneh, T., Mohd, B. J., Imran, M., Almashaqbeh, G., & Vasilakos, A. V. (2016). Secure authentication for remote patient monitoring with wireless medical sensor networks. Sensors, 16(4), 424.CrossRef
20.
Sun, D.-Z., & Zhong, J.-D. (2012). A hash-based RFID security protocol for strong privacy protection. IEEE Transactions on Consumer Electronics, 58(4), 1246–1252.CrossRef
21.
Safkhani, M., Bagheri, N., & Naderi, M. (2012). On the designing of a tamper resistant prescription RFID access control system. Journal of medical systems, 36(6), 3995–4004.CrossRef
22.
Cho, J.-S., Jeong, Y.-S., & Park, S. O. (2015). Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol. Computers & Mathematics with Applications, 69(1), 58–65.MATHCrossRef
23.
Farash, M. S. (2014). Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography. The Journal of Supercomputing, 70(2), 987–1001.MathSciNetCrossRef
24.
Chen, C.-L., & Deng, Y.-Y. (2009). Conformation of EPC class 1 generation 2 standards RFID system with mutual authentication and privacy protection. Engineering Applications of Artificial Intelligence, 22(8), 1284–1291.CrossRef
25.
Gope, P., & Hwang, T. (2015). A realistic lightweight authentication protocol preserving strong anonymity for securing RFID system. Computers & Security, 55, 271–280.CrossRef
26.
Niu, B., Zhu, X., Chi, H., & Li, H. (2014). Privacy and authentication protocol for mobile RFID systems. Wireless Personal Communications, 77(3), 1713–1731.CrossRef
27.
Luo, H., Wen, G., Su, J., & Huang, Z. (2016). SLAP: Succinct and lightweight authentication protocol for low-cost RFID system. Wireless Networks, 24, 1–10.
28.
He, D., & Zeadally, S. (2015). An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet of Things Journal, 2(1), 72–83.CrossRef
29.
Abdolmaleki, B., Baghery, K., Khazaei, S., & Aref, M. R. (2017). Game-based privacy analysis of RFID security schemes for confident authentication in IoT. Wireless Personal Communications, 95(4), 5057–5080.CrossRef
30.
Alavi, S. M., Baghery, K., Abdolmaleki, B., & Aref, M. R. (2015). Traceability analysis of recent RFID authentication protocols. Wireless Personal Communications, 83(3), 1663–1682.CrossRef
31.
Akgün, M., Bayrak, A. O., & Çaglayan, M. U. (2015). Attacks and improvements to chaotic map-based RFID authentication protocol. Security and Communication Networks, 8(18), 4028–4040.CrossRef
32.
Abdolmaleki, B., Baghery, K., Akhbari, B., Alavi, S. M., & Aref, M. R. (2016). Securing key exchange and key agreement security schemes for rfid passive tags. In Electrical Engineering (ICEE), 2016 24th Iranian Conference on, (pp. 1475–1480). IEEE.
33.
Moradi, F., Mala, H., Ladani, B. T., & Moradi, F. (2018). Security analysis of an epc class-1 generation-2 compliant rfid authentication protocol. Journal of Computing and Security, 3(3).
34.
Hopper, N. J., & Blum, M. (2001). Secure human identification protocols. In International conference on the theory and application of cryptology and information security (pp. 52–66). Springer.
35.
Juels, A., & Weis, S. A. (2005). Authenticating pervasive devices with human protocols. In Annual international cryptology conference (pp. 293–308). Springer.
36.
Bringer, J., Chabanne, H., & Dottax, E. (2006). Hb\(^{\wedge } +^{\wedge }+\): A lightweight authentication protocol secure against some attacks. In Second international workshop on security, privacy and trust in pervasive and ubiquitous computing (SecPerU’06) (pp. 28–33). IEEE.
37.
Piramuthu, S. (2006). Hb and related lightweight authentication protocols for secure RFID tag/reader authentication title. CollECTeR Europe, 2006, 239.
38.
Peris-Lopez, P., Hernandez-Castro, J. C., Estévez-Tapiador, J. M., & Ribagorda, A. (2006). Lmap: A real lightweight mutual authentication protocol for low-cost RFID tags. In Workshop on RFID security (pp. 12–14).
39.
Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). M2ap: A minimalist mutual-authentication protocol for low-cost RFID tags. In International conference on ubiquitous intelligence and computing, (pp. 912–923). Springer.
40.
Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). Emap: An efficient mutual-authentication protocol for low-cost RFID tags. In: OTM Confederated International Conferences ”On the Move to Meaningful Internet Systems” (pp. 352–361). Springer.
41.
Li, T., & Wang, G. (2007). Security analysis of two ultra-lightweight RFID authentication protocols. In IFIP international information security conference (pp. 109–120). Springer.
42.
Li, T., & Deng, R. (2007). Vulnerability analysis of emap-an efficient RFID mutual authentication protocol. In Availability, reliability and security, 2007. ARES 2007. The second international conference on IEEE (pp. 238–245).
43.
Chien, H.-Y. (2007). Sasi: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing, 4(4), 337–340.CrossRef
44.
Phan, R. C. (2009). Cryptanalysis of a new ultralightweight RFID authentication protocol-sasi. IEEE Transactions on Dependable and Secure Computing, 6(4), 316.CrossRef
45.
Avoine, G., Carpent, X., & Martin, B. (2010). Strong authentication and strong integrity (sasi) is not that strong. In International workshop on radio frequency identification: security and privacy issues (pp. 50–64). Springer.
46.
Avoine, G., Carpent, X., & Martin, B. (2012). Privacy-friendly synchronized ultralightweight authentication protocols in the storm. Journal of Network and Computer Applications, 35(2), 826–843.CrossRef
47.
Duc, D. N., Lee, H., & Kim, K. (2006). Enhancing security of epcglobal Gen-2 RFID against traceability and cloning. Auto-ID Labs Information and Communication University, White Paper.
48.
Karthikeyan, S., & Nesterenko, M. (2005). RFID security without extensive cryptography. In: Proceedings of the 3rd ACM workshop on security of ad hoc and sensor networks (pp. 63–67). ACM.
49.
Chien, H.-Y., & Chen, C.-H. (2007). Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards. Computer Standards & Interfaces, 29(2), 254–259.CrossRef
50.
Yoon, E.-J. (2012). Improvement of the securing RFID systems conforming to EPC class 1 generation 2 standard. Expert Systems with Applications, 39(1), 1589–1594.CrossRef
51.
Ha, J., Moon, S., Zhou, J., & Ha, J. (2008). A new formal proof model for RFID location privacy. In European symposium on research in computer security (pp. 267–281). Springer.
52.
Jung, S. W., & Jung, S. (2013). Hmac-based RFID authentication protocol with minimal retrieval at server. In The fifth international conference on evolving internet (pp. 52–55).
53.
Chen, Y.-Y., Huang, D.-C., Tsai, M.-L., & Jan, J.-K. (2012). A design of tamper resistant prescription RFID access control system. Journal of medical systems, 36(5), 2795–2801.CrossRef
54.
Liu, B.-H., Nguyen, N.-T., Pham, V.-T., & Yeh, Y.-H. (2016). A maximum-weight-independent-set-based algorithm for reader-coverage collision avoidance arrangement in rfid networks. IEEE Sensors Journal, 16(5), 1342–1350.CrossRef
55.
Rahman, F., Hoque, M. E., & Ahamed, S. I. (2017). Anonpri: A secure anonymous private authentication protocol for rfid systems. Information Sciences, 379, 195–210.CrossRef
56.
Rahman, F., Bhuiyan, M. Z. A., & Ahamed, S. I. (2017). A privacy preserving framework for rfid based healthcare systems. Future Generation Computer Systems, 72, 339–352.CrossRef
57.
Nguyen, N.-T., Liu, B.-H., & Pham, V.-T. (2016). A dynamic-range-based algorithm for reader-tag collision avoidance deployment in rfid networks. In Electronics, information, and communications (ICEIC), 2016 international conference on IEEE (pp. 1–4).
58.
Mohd, B. J., Hayajneh, T., Khalaf, Z. A., Yousef, A., & Mustafa, K. (2016). Modeling and optimization of the lightweight hight block cipher design with fpga implementation. Security and Communication Networks, 9(13), 2200–2216.
59.
Mohd, B. J., Hayajneh, T., & Vasilakos, A. V. (2015). A survey on lightweight block ciphers for low-resource devices: Comparative study and open issues. Journal of Network and Computer Applications, 58, 73–93.CrossRef
60.
Ouafi, K., & Phan, R.C.-W. (2008). Privacy of recent RFID authentication protocols. In Information security practice and experience (pp. 263–277). Springer.
61.
Abdolmaleki, B., Baghery, K., Akhbari, B., & Aref, M. R. (2014). Attacks and improvements on two new-found RFID authentication protocols. In Telecommunications (IST), 2014 7th international symposium on IEEE (pp. 895–900).
62.
Juels, A. (2006). RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communications, 24(2), 381–394.MathSciNetCrossRef
63.
Vaudenay, S. (2007). On privacy models for RFID. In International Conference on the Theory and Application of Cryptology and Information Security (pp. 68–87). Springer.
64.
65.
Avoine, G. (2005). Adversarial model for radio frequency identification. IACR Cryptology ePrint Archive, 2005, 49.
66.
Juels, A., & Weis, S. A. (2009). Defining strong privacy for RFID. ACM Transactions on Information and System Security (TISSEC), 13(1), 7.CrossRef
67.
Deng, R. H., Li, Y., Yung, M., & Zhao, Y. (2010). A new framework for RFID privacy. In European Symposium on Research in Computer Security (pp. 1–18). Springer.
68.
Hermans, J., Pashalidis, A., Vercauteren, F., & Preneel, B. (2011). A new RFID privacy model. In European symposium on research in computer security (pp. 568–587). Springer.
69.
Habibi, M. H., Aref, M. R., & Ma, D. (2011). Addressing flaws in RFID authentication protocols. In International conference on cryptology in India (pp. 216–235). Springer.
70.
Phan, R. C.-W., Wu, J., Ouafi, K., & Stinson, D. R. (2011). Privacy analysis of forward and backward untraceable RFID authentication schemes. Wireless Personal Communications, 61(1), 69–81.CrossRef
71.
Alagheband, M. R., & Aref, M. R. (2013). Unified privacy analysis of new-found RFID authentication protocols. Security and Communication Networks, 6(8), 999–1009.CrossRef
72.
Wang, S., Liu, S., & Chen, D. (2015). Security analysis and improvement on two RFID authentication protocols. Wireless Personal Communications, 82(1), 21–33.CrossRef
73.
Safkhani, M., Peris-Lopez, P., Hernandez-Castro, J. C., & Bagheri, N. (2014). Cryptanalysis of the cho et al. protocol: A hash-based RFID tag mutual authentication protocol. Journal of Computational and Applied Mathematics, 259, 571–577.MathSciNetMATHCrossRef
Metadaten
Titel
Breaking anonymity of some recent lightweight RFID authentication protocols
Publikationsdatum
02.04.2018
Erschienen in
Wireless Networks / Ausgabe 3/2019
Print ISSN: 1022-0038
Elektronische ISSN: 1572-8196
DOI
https://doi.org/10.1007/s11276-018-1717-0

Weitere Artikel der Ausgabe 3/2019

Wireless Networks 3/2019 Zur Ausgabe

OriginalPaper

Investigation on outage capacity of spectrum sharing system using CSI and SSI under received power constraints

OriginalPaper

Efficient algorithms for physical layer security in one-way relay systems

OriginalPaper

Indoor navigation systems based on data mining techniques in internet of things: a survey

OriginalPaper

A new hybrid key pre-distribution scheme for wireless sensor networks

OriginalPaper

A fuzzy geographical routing approach to support real-time multimedia transmission for vehicular ad hoc networks

OriginalPaper

Performance analysis of cooperative spectrum monitoring in cognitive radio network

Neuer Inhalt

    Bildnachweise