Abstract
Radio Frequency Identification (RFID) technology is expected to play a key role in the Internet of Things (IoT) and has applications in a wide variety of domains ranging from automation to healthcare systems. Therefore, the security and privacy of RFID communication is critical. In this paper, we analyze two recent RFID protocols proposed by researchers. Specifically we show that the ownership transfer protocol proposed by Wang et al., is vulnerable to tracing attacks while the mutual authentication protocol proposed by Cho et al. is vulnerable to key disclosure and backward traceable attacks. We propose secure improvements to these protocols to address the vulnerabilities, and improve the scalability of these schemes making them suitable for large-scale deployments.
Similar content being viewed by others
References
Ning, H., Liu, H., Mao, J., & Zhang, Y. (2011). Scalable and distributed key array authentication protocol in radio frequency identification-based sensor systems. IET Communications, 5(12), 1755–1768.
Qian, X., Liu, X., Yang, S., & Zuo, C. (2014). Security and privacy analysis of tree-LSHB+ protocol. Wireless Personal Communications, 77(4), 3125–3141.
Deng, G., Li, H., Zhang, Y., & Wang, J. (2013). Tree-LSHB+: An LPN-based lightweight mutual authentication RFID protocol. Wireless Personal Communications, 72(1), 159–174.
Munilla, J., Guo, F., & Susilo, W. (2013). Cryptanalaysis of an EPCC1G2 standard compliant ownership transfer scheme. Wireless Personal Communications, 72(1), 245–258.
Chen, C. L., & Chien, C. F. (2013). An ownership transfer scheme using mobile RFIDs. Wireless Personal Communications, 68(3), 1093–1119.
Jin, C., Xu, C., Zhang, X., & Li, F. (2016). A secure ECC-based RFID mutual authentication protocol to enhance patient medication safety. Journal of Medical Systems, 40(1), 1–6.
Bapat, A. C., & Nimbhorkar, S. U. (2016). Multilevel secure RFID based object tracking system. Procedia Computer Science, 78, 336–341.
Zhong, R. Y., Lan, S., Xu, C., Dai, Q., & Huang, G. Q. (2016). Visualization of RFID-enabled shopfloor logistics big data in cloud manufacturing. The International Journal of Advanced Manufacturing Technology, 84(1), 5–16.
Luo, H., Wen, G., Su, J., & Huang, Z. (2016). SLAP: Succinct and lightweight authentication protocol for low-cost RFID system. Wireless Networks, 1–10.
Tewari, A., & Gupta, B. B. (2016). Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. Journal of Supercomputing, 1–18.
Sundaresan, S., Doss, R., & Piramuthu, S. (2014). A robust grouping proof protocol for RFID EPC C1G2 tags. IEEE Transactions on Information Forensics and Security, 9(6), 961–975.
Wang, X., & Yuan, C. W. (2014). Scalable and resynchronisable radio frequency identification ownership transfer protocol based on a sliding window mechanism. IET Information Security, 8(3), 161–170.
Song, B., & Mitchell, C. J. (2011). Scalable RFID security protocols supporting tag ownership transfer. Computer Communications, 34(4), 556–566.
Hopper, N. J., & Blum, M. (2001). Secure human identification protocols. In Cryptology-ASIACRYPT 2001, lecture notes in computer science, vol. 2248, pp. 52–66.
Madhavan, M., Thangaraj, A., Sankarasubramanian, Y., & Viswanathan, K. (2010). NLHB: A non-linear hopper-blum protocol. In Proc. 2010 int. conf. symposium on information theory, pp. 2498–2502.
Cho, J. S., Yeo, S. S., & Kim, S. K. (2011). Securing against brute-force attacks: A hash-based RFID mutual authentication protocol using a secret value. Computer Communications, 34(3), 391–397.
Cho, J. S., Jeong, Y. S., & Park, S. O. (2015). Consideration on the brute-force attack cost and retrieval cost. Computers & Mathematics with Applications, 69(1), 58–65.
Kim, H. (2012). Desynchronization attacks on hash-based RFID mutual authentication protocol. Journal of Security Engineering, 9(4), 357–365.
Dehkordi, M. H., & Farzaneh, Y. (2014). Improvement of the hash-based RFID mutual authentication protocol. Wireless Personal Communications, 75(1), 219–232.
Alagheband, M. R., & Aref, M. R. (2014). Simulation-based traceability analysis of RFID authentication protocols. Wireless Personal Communications, 77(2), 1019–1038.
Chen, X. Q., Cao, T. J., & Zhai, J. X. (2016). Untraceability Analysis of Two RFID Authentication Protocols. Chinese Journal of Electronics, 25(5), 912–920.
Kardaş, S., Çelik, S., Arslan, A., & Levi, A. (2013). An efficient and private RFID authentication protocol supporting ownership transfer. In G. Avoine & O. Kara (Eds.), Lightweight cryptography for security and privacy, vol. 8162 (pp. 130–141). Springer: Heidelberg.
Vaudenay, S. (2007). On privacy models for RFID. In K. Kurosawa (Ed.) Advances in cryptology-ASIACRYPT 2007, vol. 4833 (68–87). Springer: Heidelberg.
Wu, L., Zhang, Y., Li, L., & Shen, J. (2016). Efficient and anonymous authentication scheme for wireless body area networks. Journal of Medical Systems, 40(6), 1–12.
Wang, C., & Zhang, Y. (2015). New authentication scheme for wireless body area, networks using the bilinear pairing. Journal of Medical Systems, 39(11), 1–8.
Mete, N., & Aglayan, M. U. (2015). Providing destructive privacy and scalability in rfid systems using pufs. Ad Hoc Networks, 32((C)), 32–42.
Vaudenay, S. (2007). On privacy models for RFID. In Proceedings of the advances in crypotology 13th international conference on theory and application of cryptology and information security, ASIACRYPT’07, Springer-Verlag, Berlin, Heidelberg, 2007, pp. 68–87.
Acknowledgements
The authors would like to thank the anonymous referee for their valuable discussions and comments. Moreover, this research was partially supported by Educational Commission of Jiangsu Province of China (Grant No. 2015JSJJG261); Xuzhou medical university excellent persons Scientific Research Foundation (Grant No. D2016006, D2016007, 53591506); The practice inovation trainng program projects for the Jiangsu College students (Grant No. 20161031308H, 201610313043Y); Innovation Project of JiangSu Province (2012); Educational Commission of Jiangsu Province of China (Grant No. 2015JSJJG261); Funding was provided by Research Funds for the Central Universities (Grant No. 2015XKMS086); The Natural Science Foundation of the Jiangsu Higher Education Institutions of China (Grant No. 16KJB180028).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare no conflict of interest.
Rights and permissions
About this article
Cite this article
Chen, X., Cao, T., Doss, R. et al. Attacks on and Countermeasures for Two RFID Protocols. Wireless Pers Commun 96, 5825–5848 (2017). https://doi.org/10.1007/s11277-017-4449-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-017-4449-z