Skip to main content
Log in

Attacks on and Countermeasures for Two RFID Protocols

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Radio Frequency Identification (RFID) technology is expected to play a key role in the Internet of Things (IoT) and has applications in a wide variety of domains ranging from automation to healthcare systems. Therefore, the security and privacy of RFID communication is critical. In this paper, we analyze two recent RFID protocols proposed by researchers. Specifically we show that the ownership transfer protocol proposed by Wang et al., is vulnerable to tracing attacks while the mutual authentication protocol proposed by Cho et al. is vulnerable to key disclosure and backward traceable attacks. We propose secure improvements to these protocols to address the vulnerabilities, and improve the scalability of these schemes making them suitable for large-scale deployments.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Ning, H., Liu, H., Mao, J., & Zhang, Y. (2011). Scalable and distributed key array authentication protocol in radio frequency identification-based sensor systems. IET Communications, 5(12), 1755–1768.

    Article  MathSciNet  Google Scholar 

  2. Qian, X., Liu, X., Yang, S., & Zuo, C. (2014). Security and privacy analysis of tree-LSHB+ protocol. Wireless Personal Communications, 77(4), 3125–3141.

    Article  Google Scholar 

  3. Deng, G., Li, H., Zhang, Y., & Wang, J. (2013). Tree-LSHB+: An LPN-based lightweight mutual authentication RFID protocol. Wireless Personal Communications, 72(1), 159–174.

    Article  Google Scholar 

  4. Munilla, J., Guo, F., & Susilo, W. (2013). Cryptanalaysis of an EPCC1G2 standard compliant ownership transfer scheme. Wireless Personal Communications, 72(1), 245–258.

    Article  Google Scholar 

  5. Chen, C. L., & Chien, C. F. (2013). An ownership transfer scheme using mobile RFIDs. Wireless Personal Communications, 68(3), 1093–1119.

    Article  Google Scholar 

  6. Jin, C., Xu, C., Zhang, X., & Li, F. (2016). A secure ECC-based RFID mutual authentication protocol to enhance patient medication safety. Journal of Medical Systems, 40(1), 1–6.

    Article  Google Scholar 

  7. Bapat, A. C., & Nimbhorkar, S. U. (2016). Multilevel secure RFID based object tracking system. Procedia Computer Science, 78, 336–341.

    Article  Google Scholar 

  8. Zhong, R. Y., Lan, S., Xu, C., Dai, Q., & Huang, G. Q. (2016). Visualization of RFID-enabled shopfloor logistics big data in cloud manufacturing. The International Journal of Advanced Manufacturing Technology, 84(1), 5–16.

    Article  Google Scholar 

  9. Luo, H., Wen, G., Su, J., & Huang, Z. (2016). SLAP: Succinct and lightweight authentication protocol for low-cost RFID system. Wireless Networks, 1–10.

  10. Tewari, A., & Gupta, B. B. (2016). Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. Journal of Supercomputing, 1–18.

  11. Sundaresan, S., Doss, R., & Piramuthu, S. (2014). A robust grouping proof protocol for RFID EPC C1G2 tags. IEEE Transactions on Information Forensics and Security, 9(6), 961–975.

    Article  Google Scholar 

  12. Wang, X., & Yuan, C. W. (2014). Scalable and resynchronisable radio frequency identification ownership transfer protocol based on a sliding window mechanism. IET Information Security, 8(3), 161–170.

    Article  Google Scholar 

  13. Song, B., & Mitchell, C. J. (2011). Scalable RFID security protocols supporting tag ownership transfer. Computer Communications, 34(4), 556–566.

    Article  Google Scholar 

  14. Hopper, N. J., & Blum, M. (2001). Secure human identification protocols. In Cryptology-ASIACRYPT 2001, lecture notes in computer science, vol. 2248, pp. 52–66.

  15. Madhavan, M., Thangaraj, A., Sankarasubramanian, Y., & Viswanathan, K. (2010). NLHB: A non-linear hopper-blum protocol. In Proc. 2010 int. conf. symposium on information theory, pp. 2498–2502.

  16. Cho, J. S., Yeo, S. S., & Kim, S. K. (2011). Securing against brute-force attacks: A hash-based RFID mutual authentication protocol using a secret value. Computer Communications, 34(3), 391–397.

    Article  Google Scholar 

  17. Cho, J. S., Jeong, Y. S., & Park, S. O. (2015). Consideration on the brute-force attack cost and retrieval cost. Computers & Mathematics with Applications, 69(1), 58–65.

    Article  MATH  Google Scholar 

  18. Kim, H. (2012). Desynchronization attacks on hash-based RFID mutual authentication protocol. Journal of Security Engineering, 9(4), 357–365.

    Google Scholar 

  19. Dehkordi, M. H., & Farzaneh, Y. (2014). Improvement of the hash-based RFID mutual authentication protocol. Wireless Personal Communications, 75(1), 219–232.

    Article  Google Scholar 

  20. Alagheband, M. R., & Aref, M. R. (2014). Simulation-based traceability analysis of RFID authentication protocols. Wireless Personal Communications, 77(2), 1019–1038.

    Article  Google Scholar 

  21. Chen, X. Q., Cao, T. J., & Zhai, J. X. (2016). Untraceability Analysis of Two RFID Authentication Protocols. Chinese Journal of Electronics, 25(5), 912–920.

    Article  Google Scholar 

  22. Kardaş, S., Çelik, S., Arslan, A., & Levi, A. (2013). An efficient and private RFID authentication protocol supporting ownership transfer. In G. Avoine & O. Kara (Eds.), Lightweight cryptography for security and privacy, vol. 8162 (pp. 130–141). Springer: Heidelberg.

  23. Vaudenay, S. (2007). On privacy models for RFID. In K. Kurosawa (Ed.) Advances in cryptology-ASIACRYPT 2007, vol. 4833 (68–87). Springer: Heidelberg.

  24. Wu, L., Zhang, Y., Li, L., & Shen, J. (2016). Efficient and anonymous authentication scheme for wireless body area networks. Journal of Medical Systems, 40(6), 1–12.

    Article  Google Scholar 

  25. Wang, C., & Zhang, Y. (2015). New authentication scheme for wireless body area, networks using the bilinear pairing. Journal of Medical Systems, 39(11), 1–8.

    Article  Google Scholar 

  26. Mete, N., & Aglayan, M. U. (2015). Providing destructive privacy and scalability in rfid systems using pufs. Ad Hoc Networks, 32((C)), 32–42.

    Google Scholar 

  27. Vaudenay, S. (2007). On privacy models for RFID. In Proceedings of the advances in crypotology 13th international conference on theory and application of cryptology and information security, ASIACRYPT’07, Springer-Verlag, Berlin, Heidelberg, 2007, pp. 68–87.

Download references

Acknowledgements

The authors would like to thank the anonymous referee for their valuable discussions and comments. Moreover, this research was partially supported by Educational Commission of Jiangsu Province of China (Grant No. 2015JSJJG261); Xuzhou medical university excellent persons Scientific Research Foundation (Grant No. D2016006, D2016007, 53591506); The practice inovation trainng program projects for the Jiangsu College students (Grant No. 20161031308H, 201610313043Y); Innovation Project of JiangSu Province (2012); Educational Commission of Jiangsu Province of China (Grant No. 2015JSJJG261); Funding was provided by Research Funds for the Central Universities (Grant No. 2015XKMS086); The Natural Science Foundation of the Jiangsu Higher Education Institutions of China (Grant No. 16KJB180028).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Xiuqing Chen.

Ethics declarations

Conflict of interest

The authors declare no conflict of interest.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chen, X., Cao, T., Doss, R. et al. Attacks on and Countermeasures for Two RFID Protocols. Wireless Pers Commun 96, 5825–5848 (2017). https://doi.org/10.1007/s11277-017-4449-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-017-4449-z

Keywords

Navigation