On the security of mutual authentication protocols for RFID systems: the case of wei et al.'s protocol

Authors:
Masoumeh Safkhani;Nasour Bagheri;Somitra Kumar Sanadhya;Majid Naderi;Hamid Behnam
Affiliations:
Electrical Engineering Department, Iran University of Science and Technology, Tehran, Iran;Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran, Iran;Indraprastha Institute of Information Technology, Delhi (IIIT-Delhi), New Delhi, India;Electrical Engineering Department, Iran University of Science and Technology, Tehran, Iran;Electrical Engineering Department, Iran University of Science and Technology, Tehran, Iran
Venue:
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Year:
2011

Citing 26
Cited 1

A Design Principle for Hash Functions

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Privacy and security in library RFID: issues, practices, and architectures

Proceedings of the 11th ACM conference on Computer and communications security
Secure Access Control Schemes for RFID Systems with Anonymity

MDM '06 Proceedings of the 7th International Conference on Mobile Data Management
Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards

Computer Standards & Interfaces
SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity

IEEE Transactions on Dependable and Secure Computing
RFID authentication protocol for low-cost tags

WiSec '08 Proceedings of the first ACM conference on Wireless network security
Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard

Computer Standards & Interfaces
A Gen2-Based RFID Authentication Protocol for Security and Privacy

IEEE Transactions on Mobile Computing
Anti-cloning protocol suitable to EPCglobal Class-1 Generation-2 RFID systems

Computer Standards & Interfaces
Improvement of an EPC Gen2 Compliant RFID Authentication Protocol

IAS '09 Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01
Security analysis of the Song-Mitchell authentication protocol for low-cost RFID tags

IEEE Communications Letters
Conformation of EPC Class 1 Generation 2 standards RFID system with mutual authentication and privacy protection

Engineering Applications of Artificial Intelligence
Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI

IEEE Transactions on Dependable and Secure Computing
An efficient mutual authentication scheme for EPCglobal class-1 generation-2 RFID system

EUC'07 Proceedings of the 2007 conference on Emerging direction in embedded and ubiquitous computing
RFID mutual authentication protocols

Decision Support Systems
A Novel Anonymous RFID Authentication Protocol Providing Strong Privacy and Security

MINES '10 Proceedings of the 2010 International Conference on Multimedia Information Networking and Security
The design of RFID access control protocol using the strategy of indefinite-index and challenge-response

Computer Communications
Scalable RFID security protocols supporting tag ownership transfer

Computer Communications
A Mutual Authentication Protocol for Low-Cost RFID System

APSCC '10 Proceedings of the 2010 IEEE Asia-Pacific Services Computing Conference
A Mutual Authentication Protocol for RFID

IT Professional
Short communication: Improvement of the securing RFID systems conforming to EPC Class 1 Generation 2 standard

Expert Systems with Applications: An International Journal
Tag Impersonation Attack on Two RFID Mutual Authentication Protocols

ARES '11 Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security
M2AP: a minimalist mutual-authentication protocol for low-cost RFID tags

UIC'06 Proceedings of the Third international conference on Ubiquitous Intelligence and Computing
Shoehorning security into the EPC tag standard

SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Secure and Serverless RFID Authentication and Search Protocols

IEEE Transactions on Wireless Communications

On the Designing of a Tamper Resistant Prescription RFID Access Control System

Journal of Medical Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Authentication is one of the most basic and important cryptographic tasks. Mutual authentication protocols play a crucial role on the security of RFID systems. In this paper, we consider the security of a recently proposed mutual authentication protocol by Wei et al. which is a hash based protocol. We present efficient tag impersonation attack, two desynchronization attacks, reader impersonation attack and traceability attack against this protocol. The success probabilities of the attacks are "1" or 1−2−(n−1), where n is the length of the secret value shared between the tag and the reader. The complexity of each one of the presented attacks is only two runs of protocol. Vulnerabilities presented in the present work rule out the practical usage of this protocol. To the best of our knowledge, this is the first security analysis of Wei et al.'s protocol. Finally, we exhibit an improved version of this protocol, which is immune against the attacks presented in this work.