Skip to main content
main-content
Top

Hint

Swipe to navigate through the articles of this issue

Published in: Wireless Personal Communications 2/2022

27-06-2022

Security of an RFID Based Authentication Protocol with Bitwise Operations for Supply Chain

Authors: Muhammad Arslan Akram, Adnan Noor Mian

Published in: Wireless Personal Communications | Issue 2/2022

Login to get access
share
SHARE

Abstract

Due to the stringent computational capabilities of low-cost RFID tags, several lightweight secure authentication protocols have been proposed for an RFID-based supply chain using bitwise operations. In this paper, we study the vulnerabilities associated with bitwise operations by doing cryptanalysis of a secure lightweight authentication protocol for RFID tags. The bitwise operations like rotation and XOR show that the protocol is vulnerable to tag, reader, and supply chain node impersonation attacks. We find that the major cause of the vulnerability is bitwise operations and suggest using the physically unclonable functions rather than bitwise operations to secure such lightweight protocols. We provide formal analysis using AVISPA tool and show that protocol is vulnerable to various attacks.
Literature
1.
go back to reference Dabbene, F., Gay, P., & Tortia, C. (2014). Traceability issues in food supply chain management: A review. Biosystems Engineering, 120, 65–80. CrossRef Dabbene, F., Gay, P., & Tortia, C. (2014). Traceability issues in food supply chain management: A review. Biosystems Engineering, 120, 65–80. CrossRef
2.
go back to reference Xin, X., Zhang, Y & Yang, J. (2020) Elp2im: Efficient and low power bitwise operation processing in DRAM, in: 2020 IEEE International Symposium on High Performance Computer Architecture (HPCA), IEEE, pp. 303–314. Xin, X., Zhang, Y & Yang, J. (2020) Elp2im: Efficient and low power bitwise operation processing in DRAM, in: 2020 IEEE International Symposium on High Performance Computer Architecture (HPCA), IEEE, pp. 303–314.
3.
go back to reference Safkhani, M., & Shariat, M. (2018). Implementation of secret disclosure attack against two IoT lightweight authentication protocols. The Journal of Supercomputing, 74(11), 6220–6235. CrossRef Safkhani, M., & Shariat, M. (2018). Implementation of secret disclosure attack against two IoT lightweight authentication protocols. The Journal of Supercomputing, 74(11), 6220–6235. CrossRef
4.
go back to reference Sidorov, M., Ong, M. T., Sridharan, R. V., Nakamura, J., Ohmura, R., & Khor, J. H. (2019). Ultralightweight mutual authentication RFID protocol for blockchain enabled supply chains. IEEE Access, 7, 7273–7285. CrossRef Sidorov, M., Ong, M. T., Sridharan, R. V., Nakamura, J., Ohmura, R., & Khor, J. H. (2019). Ultralightweight mutual authentication RFID protocol for blockchain enabled supply chains. IEEE Access, 7, 7273–7285. CrossRef
5.
go back to reference Mujahid, U., Najam-ul Islam, M., & Sarwar, S. (2017). A new ultralightweight RFID authentication protocol for passive low cost tags: Kmap. Wireless Personal Communications, 94(3), 725–744. CrossRef Mujahid, U., Najam-ul Islam, M., & Sarwar, S. (2017). A new ultralightweight RFID authentication protocol for passive low cost tags: Kmap. Wireless Personal Communications, 94(3), 725–744. CrossRef
6.
go back to reference Safkhani, M., Camara, C., Peris-Lopez, P., & Bagheri, N. (2021). Rseap2: An enhanced version of RSEAP, an RFID based authentication protocol for vehicular cloud computing. Vehicular Communications, 28, 100311. CrossRef Safkhani, M., Camara, C., Peris-Lopez, P., & Bagheri, N. (2021). Rseap2: An enhanced version of RSEAP, an RFID based authentication protocol for vehicular cloud computing. Vehicular Communications, 28, 100311. CrossRef
7.
go back to reference Sun, D.-Z., & Mu, Y. (2017). Security of grouping-proof authentication protocol for distributed RFID systems. IEEE Wireless Communications Letters, 7(2), 254–257. CrossRef Sun, D.-Z., & Mu, Y. (2017). Security of grouping-proof authentication protocol for distributed RFID systems. IEEE Wireless Communications Letters, 7(2), 254–257. CrossRef
8.
go back to reference Izza, S., Benssalah, M., & Drouiche, K. (2021). An enhanced scalable and secure RFID authentication protocol for WBAN within an IoT environment. Journal of Information Security and Applications, 58, 102705. CrossRef Izza, S., Benssalah, M., & Drouiche, K. (2021). An enhanced scalable and secure RFID authentication protocol for WBAN within an IoT environment. Journal of Information Security and Applications, 58, 102705. CrossRef
9.
go back to reference Jangirala, S., Das, A. K., & Vasilakos, A. V. (2019). Designing secure lightweight blockchain-enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment. IEEE Transactions on Industrial Informatics, 16(11), 7081–93. CrossRef Jangirala, S., Das, A. K., & Vasilakos, A. V. (2019). Designing secure lightweight blockchain-enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment. IEEE Transactions on Industrial Informatics, 16(11), 7081–93. CrossRef
10.
go back to reference Gluhak, A & Presser, M. The internet of things connecting the real world with the digital world, EURESCOM message. Gluhak, A & Presser, M. The internet of things connecting the real world with the digital world, EURESCOM message.
11.
go back to reference Baashirah, R., & Abuzneid, A. (2018). Survey on prominent RFID authentication protocols for passive tags. Sensors, 18(10), 3584. CrossRef Baashirah, R., & Abuzneid, A. (2018). Survey on prominent RFID authentication protocols for passive tags. Sensors, 18(10), 3584. CrossRef
12.
go back to reference He, D., Kumar, N., Chilamkurti, N., & Lee, J.-H. (2014). Lightweight ECC based RFID authentication integrated with an id verifier transfer protocol. Journal of Medical Systems, 38(10), 1–6. CrossRef He, D., Kumar, N., Chilamkurti, N., & Lee, J.-H. (2014). Lightweight ECC based RFID authentication integrated with an id verifier transfer protocol. Journal of Medical Systems, 38(10), 1–6. CrossRef
13.
go back to reference Lee, C.-I., & Chien, H.-Y. (2015). An elliptic curve cryptography-based RFID authentication securing e-health system. International Journal of Distributed Sensor Networks, 11(12), 642425. CrossRef Lee, C.-I., & Chien, H.-Y. (2015). An elliptic curve cryptography-based RFID authentication securing e-health system. International Journal of Distributed Sensor Networks, 11(12), 642425. CrossRef
14.
go back to reference Liao, Y.-P., & Hsiao, C.-M. (2014). A secure ecc-based RFID authentication scheme integrated with id-verifier transfer protocol. Ad hoc Networks, 18, 133–146. CrossRef Liao, Y.-P., & Hsiao, C.-M. (2014). A secure ecc-based RFID authentication scheme integrated with id-verifier transfer protocol. Ad hoc Networks, 18, 133–146. CrossRef
15.
go back to reference Li, N., Mu, Y., Susilo, W., Guo, F., & Varadharajan, V. (2015). Vulnerabilities of an ecc-based RFID authentication scheme. Security and Communication Networks, 8(17), 3262–3270. CrossRef Li, N., Mu, Y., Susilo, W., Guo, F., & Varadharajan, V. (2015). Vulnerabilities of an ecc-based RFID authentication scheme. Security and Communication Networks, 8(17), 3262–3270. CrossRef
16.
go back to reference He, D., & Zeadally, S. (2014). An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet of Things Journal, 2(1), 72–83. CrossRef He, D., & Zeadally, S. (2014). An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet of Things Journal, 2(1), 72–83. CrossRef
17.
go back to reference Fan, K., Gong, Y., Liang, C., Li, H., & Yang, Y. (2016). Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for IoT in 5G. Security and Communication Networks, 9(16), 3095–3104. CrossRef Fan, K., Gong, Y., Liang, C., Li, H., & Yang, Y. (2016). Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for IoT in 5G. Security and Communication Networks, 9(16), 3095–3104. CrossRef
18.
go back to reference Li, C.-T., Lee, C.-C., Weng, C.-Y., & Chen, C.-M. (2018). Towards secure authenticating of cache in the reader for RFID-based IoT systems. Peer-to-Peer Networking and Applications, 11(1), 198–208. CrossRef Li, C.-T., Lee, C.-C., Weng, C.-Y., & Chen, C.-M. (2018). Towards secure authenticating of cache in the reader for RFID-based IoT systems. Peer-to-Peer Networking and Applications, 11(1), 198–208. CrossRef
19.
go back to reference Air, R., Protocol, I & Version, M. EPC TM radio-frequency identity protocols generation-2 UHF RFID specification for RFID air interface. Air, R., Protocol, I & Version, M. EPC TM radio-frequency identity protocols generation-2 UHF RFID specification for RFID air interface.
20.
go back to reference Yang, Q., Gasti, P., Zhou, G., Farajidavar, A., & Balagani, K. S. (2016). On inferring browsing activity on smartphones via usb power analysis side-channel. IEEE Transactions on Information Forensics and Security, 12(5), 1056–1066. CrossRef Yang, Q., Gasti, P., Zhou, G., Farajidavar, A., & Balagani, K. S. (2016). On inferring browsing activity on smartphones via usb power analysis side-channel. IEEE Transactions on Information Forensics and Security, 12(5), 1056–1066. CrossRef
21.
go back to reference Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P. H., Héam, P.-C., Kouchnarenko, O & Mantovani, J. et al. (2005).The AVISPA tool for the automated validation of internet security protocols and applications, in: International Conference on Computer Aided Verification, Springer, pp. 281–285. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P. H., Héam, P.-C., Kouchnarenko, O & Mantovani, J. et al. (2005).The AVISPA tool for the automated validation of internet security protocols and applications, in: International Conference on Computer Aided Verification, Springer, pp. 281–285.
22.
go back to reference Gope, P., Das, A. K., Kumar, N., & Cheng, Y. (2019). Lightweight and physically secure anonymous mutual authentication protocol for real-time data access in industrial wireless sensor networks. IEEE Transactions on Industrial Informatics, 15(9), 4957–4968. CrossRef Gope, P., Das, A. K., Kumar, N., & Cheng, Y. (2019). Lightweight and physically secure anonymous mutual authentication protocol for real-time data access in industrial wireless sensor networks. IEEE Transactions on Industrial Informatics, 15(9), 4957–4968. CrossRef
23.
go back to reference Kumar, N., Aujla, G. S., Das, A. K., & Conti, M. (2019). Eccauth: A secure authentication protocol for demand response management in a smart grid system. IEEE Transactions on Industrial Informatics, 15(12), 6572–6582. CrossRef Kumar, N., Aujla, G. S., Das, A. K., & Conti, M. (2019). Eccauth: A secure authentication protocol for demand response management in a smart grid system. IEEE Transactions on Industrial Informatics, 15(12), 6572–6582. CrossRef
24.
go back to reference Xue, K., Meng, W., Li, S., Wei, D. S., Zhou, H., & Yu, N. (2019). A secure and efficient access and handover authentication protocol for Internet of Things in space information networks. IEEE Internet of Things Journal, 6(3), 5485–5499. CrossRef Xue, K., Meng, W., Li, S., Wei, D. S., Zhou, H., & Yu, N. (2019). A secure and efficient access and handover authentication protocol for Internet of Things in space information networks. IEEE Internet of Things Journal, 6(3), 5485–5499. CrossRef
25.
go back to reference Koeberl, P., Li, J., Rajan, A & Vishik, C. (Jun. 13 2013) Offline device authentication and anti-counterfeiting using physically unclonable functions, US Patent App. 13/313,298 . Koeberl, P., Li, J., Rajan, A & Vishik, C. (Jun. 13 2013) Offline device authentication and anti-counterfeiting using physically unclonable functions, US Patent App. 13/313,298 .
Metadata
Title
Security of an RFID Based Authentication Protocol with Bitwise Operations for Supply Chain
Authors
Muhammad Arslan Akram
Adnan Noor Mian
Publication date
27-06-2022
Publisher
Springer US
Published in
Wireless Personal Communications / Issue 2/2022
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI
https://doi.org/10.1007/s11277-022-09826-4

Other articles of this Issue 2/2022

Wireless Personal Communications 2/2022 Go to the issue