Skip to main content

Tipp

Weitere Artikel dieser Ausgabe durch Wischen aufrufen

Erschienen in: Wireless Personal Communications 2/2022

27.06.2022

Security of an RFID Based Authentication Protocol with Bitwise Operations for Supply Chain

verfasst von: Muhammad Arslan Akram, Adnan Noor Mian

Erschienen in: Wireless Personal Communications | Ausgabe 2/2022

Einloggen, um Zugang zu erhalten
share
TEILEN

Abstract

Due to the stringent computational capabilities of low-cost RFID tags, several lightweight secure authentication protocols have been proposed for an RFID-based supply chain using bitwise operations. In this paper, we study the vulnerabilities associated with bitwise operations by doing cryptanalysis of a secure lightweight authentication protocol for RFID tags. The bitwise operations like rotation and XOR show that the protocol is vulnerable to tag, reader, and supply chain node impersonation attacks. We find that the major cause of the vulnerability is bitwise operations and suggest using the physically unclonable functions rather than bitwise operations to secure such lightweight protocols. We provide formal analysis using AVISPA tool and show that protocol is vulnerable to various attacks.
Literatur
1.
Zurück zum Zitat Dabbene, F., Gay, P., & Tortia, C. (2014). Traceability issues in food supply chain management: A review. Biosystems Engineering, 120, 65–80. CrossRef Dabbene, F., Gay, P., & Tortia, C. (2014). Traceability issues in food supply chain management: A review. Biosystems Engineering, 120, 65–80. CrossRef
2.
Zurück zum Zitat Xin, X., Zhang, Y & Yang, J. (2020) Elp2im: Efficient and low power bitwise operation processing in DRAM, in: 2020 IEEE International Symposium on High Performance Computer Architecture (HPCA), IEEE, pp. 303–314. Xin, X., Zhang, Y & Yang, J. (2020) Elp2im: Efficient and low power bitwise operation processing in DRAM, in: 2020 IEEE International Symposium on High Performance Computer Architecture (HPCA), IEEE, pp. 303–314.
3.
Zurück zum Zitat Safkhani, M., & Shariat, M. (2018). Implementation of secret disclosure attack against two IoT lightweight authentication protocols. The Journal of Supercomputing, 74(11), 6220–6235. CrossRef Safkhani, M., & Shariat, M. (2018). Implementation of secret disclosure attack against two IoT lightweight authentication protocols. The Journal of Supercomputing, 74(11), 6220–6235. CrossRef
4.
Zurück zum Zitat Sidorov, M., Ong, M. T., Sridharan, R. V., Nakamura, J., Ohmura, R., & Khor, J. H. (2019). Ultralightweight mutual authentication RFID protocol for blockchain enabled supply chains. IEEE Access, 7, 7273–7285. CrossRef Sidorov, M., Ong, M. T., Sridharan, R. V., Nakamura, J., Ohmura, R., & Khor, J. H. (2019). Ultralightweight mutual authentication RFID protocol for blockchain enabled supply chains. IEEE Access, 7, 7273–7285. CrossRef
5.
Zurück zum Zitat Mujahid, U., Najam-ul Islam, M., & Sarwar, S. (2017). A new ultralightweight RFID authentication protocol for passive low cost tags: Kmap. Wireless Personal Communications, 94(3), 725–744. CrossRef Mujahid, U., Najam-ul Islam, M., & Sarwar, S. (2017). A new ultralightweight RFID authentication protocol for passive low cost tags: Kmap. Wireless Personal Communications, 94(3), 725–744. CrossRef
6.
Zurück zum Zitat Safkhani, M., Camara, C., Peris-Lopez, P., & Bagheri, N. (2021). Rseap2: An enhanced version of RSEAP, an RFID based authentication protocol for vehicular cloud computing. Vehicular Communications, 28, 100311. CrossRef Safkhani, M., Camara, C., Peris-Lopez, P., & Bagheri, N. (2021). Rseap2: An enhanced version of RSEAP, an RFID based authentication protocol for vehicular cloud computing. Vehicular Communications, 28, 100311. CrossRef
7.
Zurück zum Zitat Sun, D.-Z., & Mu, Y. (2017). Security of grouping-proof authentication protocol for distributed RFID systems. IEEE Wireless Communications Letters, 7(2), 254–257. CrossRef Sun, D.-Z., & Mu, Y. (2017). Security of grouping-proof authentication protocol for distributed RFID systems. IEEE Wireless Communications Letters, 7(2), 254–257. CrossRef
8.
Zurück zum Zitat Izza, S., Benssalah, M., & Drouiche, K. (2021). An enhanced scalable and secure RFID authentication protocol for WBAN within an IoT environment. Journal of Information Security and Applications, 58, 102705. CrossRef Izza, S., Benssalah, M., & Drouiche, K. (2021). An enhanced scalable and secure RFID authentication protocol for WBAN within an IoT environment. Journal of Information Security and Applications, 58, 102705. CrossRef
9.
Zurück zum Zitat Jangirala, S., Das, A. K., & Vasilakos, A. V. (2019). Designing secure lightweight blockchain-enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment. IEEE Transactions on Industrial Informatics, 16(11), 7081–93. CrossRef Jangirala, S., Das, A. K., & Vasilakos, A. V. (2019). Designing secure lightweight blockchain-enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment. IEEE Transactions on Industrial Informatics, 16(11), 7081–93. CrossRef
10.
Zurück zum Zitat Gluhak, A & Presser, M. The internet of things connecting the real world with the digital world, EURESCOM message. Gluhak, A & Presser, M. The internet of things connecting the real world with the digital world, EURESCOM message.
11.
Zurück zum Zitat Baashirah, R., & Abuzneid, A. (2018). Survey on prominent RFID authentication protocols for passive tags. Sensors, 18(10), 3584. CrossRef Baashirah, R., & Abuzneid, A. (2018). Survey on prominent RFID authentication protocols for passive tags. Sensors, 18(10), 3584. CrossRef
12.
Zurück zum Zitat He, D., Kumar, N., Chilamkurti, N., & Lee, J.-H. (2014). Lightweight ECC based RFID authentication integrated with an id verifier transfer protocol. Journal of Medical Systems, 38(10), 1–6. CrossRef He, D., Kumar, N., Chilamkurti, N., & Lee, J.-H. (2014). Lightweight ECC based RFID authentication integrated with an id verifier transfer protocol. Journal of Medical Systems, 38(10), 1–6. CrossRef
13.
Zurück zum Zitat Lee, C.-I., & Chien, H.-Y. (2015). An elliptic curve cryptography-based RFID authentication securing e-health system. International Journal of Distributed Sensor Networks, 11(12), 642425. CrossRef Lee, C.-I., & Chien, H.-Y. (2015). An elliptic curve cryptography-based RFID authentication securing e-health system. International Journal of Distributed Sensor Networks, 11(12), 642425. CrossRef
14.
Zurück zum Zitat Liao, Y.-P., & Hsiao, C.-M. (2014). A secure ecc-based RFID authentication scheme integrated with id-verifier transfer protocol. Ad hoc Networks, 18, 133–146. CrossRef Liao, Y.-P., & Hsiao, C.-M. (2014). A secure ecc-based RFID authentication scheme integrated with id-verifier transfer protocol. Ad hoc Networks, 18, 133–146. CrossRef
15.
Zurück zum Zitat Li, N., Mu, Y., Susilo, W., Guo, F., & Varadharajan, V. (2015). Vulnerabilities of an ecc-based RFID authentication scheme. Security and Communication Networks, 8(17), 3262–3270. CrossRef Li, N., Mu, Y., Susilo, W., Guo, F., & Varadharajan, V. (2015). Vulnerabilities of an ecc-based RFID authentication scheme. Security and Communication Networks, 8(17), 3262–3270. CrossRef
16.
Zurück zum Zitat He, D., & Zeadally, S. (2014). An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet of Things Journal, 2(1), 72–83. CrossRef He, D., & Zeadally, S. (2014). An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet of Things Journal, 2(1), 72–83. CrossRef
17.
Zurück zum Zitat Fan, K., Gong, Y., Liang, C., Li, H., & Yang, Y. (2016). Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for IoT in 5G. Security and Communication Networks, 9(16), 3095–3104. CrossRef Fan, K., Gong, Y., Liang, C., Li, H., & Yang, Y. (2016). Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for IoT in 5G. Security and Communication Networks, 9(16), 3095–3104. CrossRef
18.
Zurück zum Zitat Li, C.-T., Lee, C.-C., Weng, C.-Y., & Chen, C.-M. (2018). Towards secure authenticating of cache in the reader for RFID-based IoT systems. Peer-to-Peer Networking and Applications, 11(1), 198–208. CrossRef Li, C.-T., Lee, C.-C., Weng, C.-Y., & Chen, C.-M. (2018). Towards secure authenticating of cache in the reader for RFID-based IoT systems. Peer-to-Peer Networking and Applications, 11(1), 198–208. CrossRef
19.
Zurück zum Zitat Air, R., Protocol, I & Version, M. EPC TM radio-frequency identity protocols generation-2 UHF RFID specification for RFID air interface. Air, R., Protocol, I & Version, M. EPC TM radio-frequency identity protocols generation-2 UHF RFID specification for RFID air interface.
20.
Zurück zum Zitat Yang, Q., Gasti, P., Zhou, G., Farajidavar, A., & Balagani, K. S. (2016). On inferring browsing activity on smartphones via usb power analysis side-channel. IEEE Transactions on Information Forensics and Security, 12(5), 1056–1066. CrossRef Yang, Q., Gasti, P., Zhou, G., Farajidavar, A., & Balagani, K. S. (2016). On inferring browsing activity on smartphones via usb power analysis side-channel. IEEE Transactions on Information Forensics and Security, 12(5), 1056–1066. CrossRef
21.
Zurück zum Zitat Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P. H., Héam, P.-C., Kouchnarenko, O & Mantovani, J. et al. (2005).The AVISPA tool for the automated validation of internet security protocols and applications, in: International Conference on Computer Aided Verification, Springer, pp. 281–285. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P. H., Héam, P.-C., Kouchnarenko, O & Mantovani, J. et al. (2005).The AVISPA tool for the automated validation of internet security protocols and applications, in: International Conference on Computer Aided Verification, Springer, pp. 281–285.
22.
Zurück zum Zitat Gope, P., Das, A. K., Kumar, N., & Cheng, Y. (2019). Lightweight and physically secure anonymous mutual authentication protocol for real-time data access in industrial wireless sensor networks. IEEE Transactions on Industrial Informatics, 15(9), 4957–4968. CrossRef Gope, P., Das, A. K., Kumar, N., & Cheng, Y. (2019). Lightweight and physically secure anonymous mutual authentication protocol for real-time data access in industrial wireless sensor networks. IEEE Transactions on Industrial Informatics, 15(9), 4957–4968. CrossRef
23.
Zurück zum Zitat Kumar, N., Aujla, G. S., Das, A. K., & Conti, M. (2019). Eccauth: A secure authentication protocol for demand response management in a smart grid system. IEEE Transactions on Industrial Informatics, 15(12), 6572–6582. CrossRef Kumar, N., Aujla, G. S., Das, A. K., & Conti, M. (2019). Eccauth: A secure authentication protocol for demand response management in a smart grid system. IEEE Transactions on Industrial Informatics, 15(12), 6572–6582. CrossRef
24.
Zurück zum Zitat Xue, K., Meng, W., Li, S., Wei, D. S., Zhou, H., & Yu, N. (2019). A secure and efficient access and handover authentication protocol for Internet of Things in space information networks. IEEE Internet of Things Journal, 6(3), 5485–5499. CrossRef Xue, K., Meng, W., Li, S., Wei, D. S., Zhou, H., & Yu, N. (2019). A secure and efficient access and handover authentication protocol for Internet of Things in space information networks. IEEE Internet of Things Journal, 6(3), 5485–5499. CrossRef
25.
Zurück zum Zitat Koeberl, P., Li, J., Rajan, A & Vishik, C. (Jun. 13 2013) Offline device authentication and anti-counterfeiting using physically unclonable functions, US Patent App. 13/313,298 . Koeberl, P., Li, J., Rajan, A & Vishik, C. (Jun. 13 2013) Offline device authentication and anti-counterfeiting using physically unclonable functions, US Patent App. 13/313,298 .
Metadaten
Titel
Security of an RFID Based Authentication Protocol with Bitwise Operations for Supply Chain
verfasst von
Muhammad Arslan Akram
Adnan Noor Mian
Publikationsdatum
27.06.2022
Verlag
Springer US
Erschienen in
Wireless Personal Communications / Ausgabe 2/2022
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI
https://doi.org/10.1007/s11277-022-09826-4

Weitere Artikel der Ausgabe 2/2022

Wireless Personal Communications 2/2022 Zur Ausgabe