How to construct random functions
Journal of the ACM (JACM)
Privacy and security in library RFID: issues, practices, and architectures
Proceedings of the 11th ACM conference on Computer and communications security
A Scalable and Provably Secure Hash-Based RFID Protocol
PERCOMW '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops
YA-TRAP: Yet Another Trivial RFID Authentication Protocol
PERCOMW '06 Proceedings of the 4th annual IEEE international conference on Pervasive Computing and Communications Workshops
The Evolution of RFID Security
IEEE Pervasive Computing
A Secure and Efficient RFID Protocol that could make Big Brother (partially) Obsolete
PERCOM '06 Proceedings of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications
A Lightweight RFID Protocol to protect against Traceability and Cloning attacks
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Robust, anonymous RFID authentication with constant key-lookup
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A Framework for Assessing RFID System Security and Privacy Risks
IEEE Pervasive Computing
Proceedings of the 15th ACM conference on Computer and communications security
Secure RFID Identification and Authentication with Triggered Hash Chain Variants
ICPADS '08 Proceedings of the 2008 14th IEEE International Conference on Parallel and Distributed Systems
Unidirectional key distribution across time and space with applications to RFID security
SS'08 Proceedings of the 17th conference on Security symposium
RFID guardian: a battery-powered mobile device for RFID privacy management
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
RFID security and privacy: a research survey
IEEE Journal on Selected Areas in Communications
Securing low-cost RFID systems: An unconditionally secure approach
Journal of Computer Security - 2010 Workshop on RFID Security (RFIDSec'10 Asia)
| Hi-index | 0.00 |
In ASIACCS'08, Burmester, Medeiros and Motta proposed an anonymous RFID authentication protocol (BMM protocol [2]) that preserves the security and privacy properties, and achieves better scalability compared with other contemporary approaches. We analyze BMM protocol and find that some of security properties (especial untraceability) are not fulfilled as originally claimed. We consider a subtle attack, in which an adversary can manipulate the messages transmitted between a tag and a reader for several continuous protocol runs, and can successfully trace the tag after these interactions. Our attack works under a weak adversary model, in which an adversary can eavesdrop, intercept and replay the protocol messages, while stronger assumptions such as physically compromising of the secret on a tag, are not necessary. Based on our attack, more advanced attacking strategy can be designed on cracking a whole RFID-enabled supply chain if BMM protocol is implemented. To counteract such flaw, we improve the BMM protocol so that it maintains all the security and efficiency properties as claimed in [2].