PERCOMW '04 Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops
Privacy and security in library RFID: issues, practices, and architectures
Proceedings of the 11th ACM conference on Computer and communications security
RFID security without extensive cryptography
Proceedings of the 3rd ACM workshop on Security of ad hoc and sensor networks
A Lightweight RFID Protocol to protect against Traceability and Cloning attacks
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards
Computer Standards & Interfaces
Defining Strong Privacy for RFID
PERCOMW '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops
RFID authentication protocol for low-cost tags
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Attacks and improvements to an RIFD mutual authentication protocol and its extensions
Proceedings of the second ACM conference on Wireless network security
Security in RFID and Sensor Networks
Security in RFID and Sensor Networks
When Compromised Readers Meet RFID
Information Security Applications
Low-cost and strong-security RFID authentication protocol
EUC'07 Proceedings of the 2007 conference on Emerging direction in embedded and ubiquitous computing
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Traceable privacy of recent provably-secure RFID protocols
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Classifying RFID attacks and defenses
Information Systems Frontiers
Scalable RFID security protocols supporting tag ownership transfer
Computer Communications
Strong and robust RFID authentication enabling perfect ownership transfer
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
RFID traceability: a multilayer problem
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Challenge-eesponse based RFID authentication protocol for distributed database environment
SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
| Hi-index | 0.00 |
Radio frequency identification (RFID) tag delegation enables a centralized back-end server to delegate the right to identify and authenticate a tag to specified readers. This should be used to mitigate the computational load on the server side and also to solve the issues in terms of latency and dependency on network connectivity. In this study, we describe a basic RFID delegation architecture and then under this model, we investigate the security of an RFID delegation protocol: Song Mitchell delegation (SMD), which is recently proposed by Song and Mitchell. We point out security flaws that have gone unnoticed in the design and present two attacks namely, a tag impersonation attack and a desynchronization attack against it. We also discover a subtle flaw by which a delegated entity can still keep its delegation rights after the expire of them--this infringes security policy of the scheme. More precisely, we show that the protocol will be still vulnerable to previously mentioned attacks, even if the back-end server ends the delegation right of a delegated reader and update the secrets of the delegated tags. To counteract such flaws, we improve the SMD protocol with a stateful variant so that it provides the claimed security properties.