Vulnerability of an RFID authentication protocol proposed in at secubiq 2005

Authors:
Daesung Kwon;Daewan Han;Jooyoung Lee;Yongjin Yeom
Affiliations:
National Security Research Institute, Daejeon, Korea;National Security Research Institute, Daejeon, Korea;National Security Research Institute, Daejeon, Korea;National Security Research Institute, Daejeon, Korea
Venue:
EUC'06 Proceedings of the 2006 international conference on Emerging Directions in Embedded and Ubiquitous Computing
Year:
2006

Citing 8
Cited 2

The blocker tag: selective blocking of RFID tags for consumer privacy

Proceedings of the 10th ACM conference on Computer and communications security
Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers

PERCOMW '04 Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops
A Scalable and Provably Secure Hash-Based RFID Protocol

PERCOMW '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops
A Lightweight RFID Protocol to protect against Traceability and Cloning attacks

SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Efficient authentication for low-cost RFID systems

ICCSA'05 Proceedings of the 2005 international conference on Computational Science and its Applications - Volume Part I
Efficient RFID authentication protocol for ubiquitous computing environment

EUC'05 Proceedings of the 2005 international conference on Embedded and Ubiquitous Computing
Challenge-eesponse based RFID authentication protocol for distributed database environment

SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
RFID security and privacy: a research survey

IEEE Journal on Selected Areas in Communications

HGLAP - Hierarchical group-index based lightweight authentication protocol for distributed RFID system

EUC'07 Proceedings of the 2007 conference on Emerging direction in embedded and ubiquitous computing
A lightweight anti-desynchronization RFID authentication protocol

Information Systems Frontiers

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we analyze the security of the RFID authentication protocol proposed by Choi et al. at SecUbiq 2005. They claimed that their protocol is secure against all possible threats considered in RFID systems. However, we show that the protocol is vulnerable to an impersonation attack. Moreover, an attacker is able to trace a tag by querying it twice, given the initial information from $2^{\lceil(log_2(\ell+1)\rceil)}$ + 1(≈ℓ+2) consecutive sessions and 2 · $2^{\lceil log_2(\ell+1)\rceil}$ (≈2(ℓ+1)) consecutive queries, where ℓ is the length of secret values (in binary).