nach oben

The Journal of Supercomputing

Erschienen in:

12.09.2017

DoS, impersonation and de-synchronization attacks against an ultra-lightweight RFID mutual authentication protocol for IoT

verfasst von: Seyed Farhad Aghili, Maede Ashouri-Talouki, Hamid Mala

Erschienen in: The Journal of Supercomputing | Ausgabe 1/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In recent years, RFID (radio-frequency identification) systems are widely used in many applications. One of the most important applications for this technology is the Internet of things (IoT). Therefore, researchers have proposed several authentication protocols that can be employed in RFID-based IoT systems, and they have claimed that their protocols can satisfy all security requirements of these systems. However, in RFID-based IoT systems we have mobile readers that can be compromised by the adversary. Due to this attack, the adversary can compromise a legitimate reader and obtain its secrets. So, the protocol designers must consider the security of their proposals even in the reader compromised scenario. In this paper, we consider the security of the ultra-lightweight RFID mutual authentication (ULRMAPC) protocol recently proposed by Fan et al. They claimed that their protocol could be applied in the IoT systems and provide strong security. However, in this paper we show that their protocol is vulnerable to denial of service, reader and tag impersonation and de-synchronization attacks. To provide a solution, we present a new authentication protocol, which is more secure than the ULRMAPC protocol and also can be employed in RFID-based IoT systems.

Vorheriger Artikel Energy constrained scheduling of stochastic tasks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Akgün M, Uekae T, Caglayan MU (2014) Vulnerabilities of RFID security protocol based on chaotic maps. In: 2014 IEEE 22nd International Conference on Network Protocols. IEEE, pp 648–653

Alamr AA, Kausar F, Kim J (2016) A secure ECC-based RFID mutual authentication protocol for internet of things. J Supercomput 1–14. doi:10.1007/s11227-016-1861-1

An R, Feng H, Liu Q, Li L (2016) Three elliptic curve cryptography-based RFID authentication protocols for internet of things. In: International Conference on Broadband and Wireless Computing, Communication and Applications. Springer, pp 857–878

Avoine G, Lauradoux C, Martin T (2009) When compromised readers meet RFID. In: Information Security Applications. Springer pp 36–50

Benssalah M, Djeddou M, Drouiche K (2014) Security enhancement of the authenticated RFID security mechanism based on chaotic maps. Secur Commun Netw 7(12):2356–2372CrossRef

Chen CL, Jan JK, Chien CF (2010) Based on mobile RFID device to design a secure mutual authentication scheme for market application. In: 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA). IEEE, pp 423–428

Chen Y, Chou JS (2015) ECC-based untraceable authentication for large-scale active-tag RFID systems. Electron Commer Res 15(1):97–120CrossRef

Cheng ZY, Liu Y, Chang CC, Chang SC (2013) Authenticated RFID security mechanism based on chaotic maps. Secur Commun Netw 6(2):247–256CrossRef

Chien HY (2007) Sasi: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans Dependable Secure Comput 4(4):337–340CrossRef

10.

Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetCrossRefMATH

11.

Erguler I (2015) A potential weakness in RFID-based internet-of-things systems. Pervasive Mob Comput 20:115–126CrossRef

12.

EPCglobal Inc. (2008) Class 1 Generation 2 UHF Air Interface protocol standard version 1.09. Available online at http://www.epcglobalinc.org/standardstechnology/specifications.html

13.

Fan K, Ge N, Gong Y, Li H, Su R, Yang Y (2017) An ultra-lightweight RFID authentication scheme for mobile commerce. Peer-to-Peer Netw 10(2):368–376CrossRef

14.

Fan K, Gong Y, Liang C, Li H, Yang Y (2015) Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for IoT in 5G. Secur Commun Netw 9(16):3095–3104CrossRef

15.

Finkenzeller K (2010) Fundamentals and applications in contactless smart cards, radio frequency identification and near-field communication. In: RFID Handbook, 3rd edn. Wiley, Hoboken, NJ, USA. doi:10.1002/9780470665121

16.

Grasso J (2004) The EPCglobal network: overview of design, benefits, and security. EPCglobal Inc. Position Paper 24

17.

Grossklags J, Good N (2007) Empirical studies on software notices to inform policy makers and usability designers. In: International Conference on Financial Cryptography and Data Security. Springer, pp 341–355

18.

He D, Zeadally S (2015) An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J 2(1):72–83CrossRef

19.

Juels A (2006) RFID security and privacy: a research survey. IEEE J Sel Areas Commun 24(2):381–394

20.

Khattab A, Jeddi Z, Amini E, Bayoumi M (2017) RBS RFID security and the internet of things. In: RFID Security. Springer, pp 147–162

21.

Lee JY, Lin WC, Huang YH (2014) A lightweight authentication protocol for internet of things. In: 2014 International Symposium on Next-Generation Electronics (ISNE). IEEE, pp 1–2

22.

Lei H, Yong G, Na-Na L, Zeng-Yu C (2007) A security-provable authentication and key agreement protocol in RFID system. In: 2007 International Conference on Wireless Communications, Networking and Mobile Computing

23.

Li CT, Lee CC, Weng CY, Chen CM (2017) Towards secure authenticating of cache in the reader for RFID-based IoT systems. Peer-to-Peer Networking and Applications, pp 1–11

24.

Liu Z, Liu D, Li L, Lin H, Yong Z (2015) Implementation of a new RFID authentication protocol for EPC Gen2 standard. IEEE Sens J 15(2):1003–1011CrossRef

25.

Musa A, Dabo AAA (2016) A review of RFID in supply chain management: 2000–2015. Glob J Flex Syst Manag 17(2):189–228CrossRef

26.

Peris-Lopez P, Hernandez-Castro JC, Tapiador JM, Ribagorda A (2008) Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In: International Workshop on Information Security Applications. Springer, pp 56–68

27.

Prodanoff ZG (2010) Optimal frame size analysis for framed slotted aloha based RFID networks. Comput Commun 33(5):648–653CrossRef

28.

Safkhani M, Bagheri N (2017) Passive secret disclosure attack on an ultralightweight authentication protocol for internet of things. J Supercomput 73(8):3579–3585CrossRef

29.

Shen H, Shen J, Khan MK, Lee JH (2016) Efficient RFID authentication using elliptic curve cryptography for the internet of things. Wirel Pers Commun 1–14. doi:10.1007/s11277-016-3739-1

30.

Song B, Mitchell CJ (2008) RFID authentication protocol for low-cost tags. In: Proceedings of the first ACM conference on Wireless Network Security. ACM, pp 140–147

31.

Tewari A, Gupta B (2017) Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. J Supercomput 73(3):1085–1102CrossRef

32.

Wang KH, Chen CM, Fang W, Wu TY (2017) On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J Supercomput 1–6. doi:10.1007/s11227-017-2105-8

33.

Weinstein R (2005) RFID: a technical overview and its application to the enterprise. IT Prof 7(3):27–33CrossRef

34.

Yan T, Wen Q (2010) A secure mobile RFID architecture for the internet of things. In: 2010 IEEE International Conference on Information Theory and Information Security (ICITIS). IEEE, pp 616–619

35.

Zhu W, Yu J, Wang T (2012) A security and privacy model for mobile RFID systems in the internet of things. In: 2012 IEEE 14th International Conference on Communication Technology (ICCT). IEEE, pp 726–732

Titel: DoS, impersonation and de-synchronization attacks against an ultra-lightweight RFID mutual authentication protocol for IoT
verfasst von: Seyed Farhad Aghili
Maede Ashouri-Talouki
Hamid Mala
Publikationsdatum: 12.09.2017
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 1/2018
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-017-2139-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 1/2018

General queuing model for optimal seamless delivery of payload processing in multi-core processors

Dynamic performance isolation management for cloud computing services

Interactive 3D simulation for fluid–structure interactions using dual coupled GPUs

A novel buffer management scheme based on particle swarm optimization for SSD

Energy-efficient load balancing scheme for two-tier communication in wireless sensor networks

On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags