Security and Privacy Analysis of Song---Mitchell RFID Authentication Protocol

Authors:
Mohammad Hassan Habibi;Mohammad Reza Aref
Affiliations:
College of Information Sciences and Technology, Pennsylvania State University, University Park, USA;College of Information Sciences and Technology, Pennsylvania State University, University Park, USA
Venue:
Wireless Personal Communications: An International Journal
Year:
2013

Citing 27
Cited 1

A Scalable and Provably Secure Hash-Based RFID Protocol

PERCOMW '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops
Strengthening EPC tags against cloning

Proceedings of the 4th ACM workshop on Wireless security
YA-TRAP: Yet Another Trivial RFID Authentication Protocol

PERCOMW '06 Proceedings of the 4th annual IEEE international conference on Pervasive Computing and Communications Workshops
A Lightweight RFID Protocol to protect against Traceability and Cloning attacks

SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
RFID Applied

RFID Applied
Universally composable and forward-secure RFID authentication and authenticated key exchange

ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Ubiquitous computing in the real world: lessons learnt from large scale RFID deployments

Personal and Ubiquitous Computing
RFID authentication protocol for low-cost tags

WiSec '08 Proceedings of the first ACM conference on Wireless network security
A New Formal Proof Model for RFID Location Privacy

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Algebraic Attacks on RFID Protocols

WISTP '09 Proceedings of the 3rd IFIP WG 11.2 International Workshop on Information Security Theory and Practice. Smart Devices, Pervasive Systems, and Ubiquitous Networks
Security analysis of the Song-Mitchell authentication protocol for low-cost RFID tags

IEEE Communications Letters
RFID privacy: relation between two notions, minimal condition, and efficient construction

Proceedings of the 16th ACM conference on Computer and communications security
Scalable RFID Pseudonym Protocol

NSS '09 Proceedings of the 2009 Third International Conference on Network and System Security
E-passport: the global traceability or how to feel like a UPS package

WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
Passive attacks on a class of authentication protocols for RFID

ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
On privacy models for RFID

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Privacy of recent RFID authentication protocols

ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Traceable privacy of recent provably-secure RFID protocols

ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Untraceability of RFID protocols

WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Vulnerability analysis of RFID protocols for tag ownership transfer

Computer Networks: The International Journal of Computer and Telecommunications Networking
Classifying RFID attacks and defenses

Information Systems Frontiers
Cryptanalysis of the David-Prasad RFID ultralightweight authentication protocol

RFIDSec'10 Proceedings of the 6th international conference on Radio frequency identification: security and privacy issues
Scalable RFID security protocols supporting tag ownership transfer

Computer Communications
A new RFID privacy model

ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Strong and robust RFID authentication enabling perfect ownership transfer

ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Reducing time complexity in RFID systems

SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography

Tree-LSHB+: An LPN-Based Lightweight Mutual Authentication RFID Protocol

Wireless Personal Communications: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many applications, such as e-passport, e-health, credit cards, and personal devices that utilize Radio frequency Identification (RFID) devices for authentication require strict security and privacy. However, RFID tags suffer from some inherent weaknesses due to restricted hardware capabilities and are vulnerable to eavesdropping, interception, or modification. The synchronization and untraceability characteristics are the major determinants of RFID authentication protocols. They are strongly related to privacy of tags and availability, respectively. In this paper, we analyze a new lightweight RFID authentication protocol, Song and Mitchell, in terms of privacy and security. We prove that not only is the scheme vulnerable to desynchronization attack, but it suffers from traceability and backward traceability as well. Finally, our improved scheme is proposed which can prevent aforementioned attacks.