Computer Networks
RFID Systems and Security and Privacy Implications
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
PERCOMW '04 Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops
Strengthening EPC tags against cloning
Proceedings of the 4th ACM workshop on Wireless security
RFID security without extensive cryptography
Proceedings of the 3rd ACM workshop on Security of ad hoc and sensor networks
A Lightweight RFID Protocol to protect against Traceability and Cloning attacks
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards
Computer Standards & Interfaces
Protocols for RFID tag/reader authentication
Decision Support Systems
Security analysis of a cryptographically-enabled RFID device
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
An efficient authentication protocol for RFID systems resistant to active attacks
EUC'07 Proceedings of the 2007 conference on Emerging direction in embedded and ubiquitous computing
Low-cost and strong-security RFID authentication protocol
EUC'07 Proceedings of the 2007 conference on Emerging direction in embedded and ubiquitous computing
RFID systems: a survey on security threats and proposed solutions
PWC'06 Proceedings of the 11th IFIP TC6 international conference on Personal Wireless Communications
Efficient RFID authentication protocol for ubiquitous computing environment
EUC'05 Proceedings of the 2005 international conference on Embedded and Ubiquitous Computing
Shoehorning security into the EPC tag standard
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
RFID security and privacy: a research survey
IEEE Journal on Selected Areas in Communications
Securing RFID systems conforming to EPC Class 1 Generation 2 standard
Expert Systems with Applications: An International Journal
Weaknesses in two recent lightweight RFID authentication protocols
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Flaws on RFID grouping-proofs. Guidelines for future sound protocols
Journal of Network and Computer Applications
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
A minimum disclosure approach to authentication and privacy in RFID systems
Computer Networks: The International Journal of Computer and Telecommunications Networking
Based on mobile RFID for membership stores system conforming EPC C1G2 standards
International Journal of Ad Hoc and Ubiquitous Computing
An Ownership Transfer Scheme Using Mobile RFIDs
Wireless Personal Communications: An International Journal
Strengthening the Security of EPC C-1 G-2 RFID Standard
Wireless Personal Communications: An International Journal
Design of a secure RFID authentication scheme preceding market transactions
Mobile Information Systems - Emerging Wireless and Mobile Technologies
Hi-index | 0.00 |
In 2006, the standard EPC Class-1 Generation-2 (EPC-C1G2) was ratified both by EPCglobal and ISO. This standard can be considered as a ''universal'' specification for low-cost RFID tags. Although it represents a great advance for the consolidation of RFID technology, it does not pay due attention to security and, as expected, its security level is very low. In 2007, Chien et al. published a mutual authentication protocol conforming to EPC-C1G2 which tried to correct all its security shortcomings. In this article, we point out various major security flaws in Chien et al.'s proposal. We show that none of the authentication protocol objectives are met. Unequivocal identification of tagged items is not guaranteed because of possible birthday attacks. Furthermore, an attacker can impersonate not only legitimate tags, but also the back-end database. The protocol does not provide forward security either. Location privacy is easily jeopardized by a straightforward tracking attack. Finally, we show how a successful auto-desynchronization (DoS attack) can be accomplished in the back-end database despite the security measures taken against it.