A Lightweight RFID Protocol to protect against Traceability and Cloning attacks
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
IEEE Transactions on Dependable and Secure Computing
Security Analysis of the SASI Protocol
IEEE Transactions on Dependable and Secure Computing
Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI
IEEE Transactions on Dependable and Secure Computing
Lightweight mutual authentication and ownership transfer for RFID systems
INFOCOM'10 Proceedings of the 29th conference on Information communications
Improvement of the RFID authentication scheme based on quadratic residues
Computer Communications
Defending RFID authentication protocols against DoS attacks
Computer Communications
A review of RFID technology and its managerial applications in different industries
Journal of Engineering and Technology Management
ACSP: A novel security protocol against counting attack for UHF RFID systems
Computers & Mathematics with Applications
Secure and Serverless RFID Authentication and Search Protocols
IEEE Transactions on Wireless Communications
RFID security and privacy: a research survey
IEEE Journal on Selected Areas in Communications
Data fusion of multi-sensor for IOT precise measurement based on improved PSO algorithms
Computers & Mathematics with Applications
Intelligent fault prediction system based on internet of things
Computers & Mathematics with Applications
| Hi-index | 7.29 |
Radio frequency identification systems need secure protocols to provide confidentiality, privacy protection, mutual authentication, etc. These protocols should resist active and passive attacks such as forgery, traceability, replay and de-synchronization attacks. Cho et al. recently proposed a hash-based mutual authentication protocol (Cho et al., 2012) and claimed that their scheme addresses all privacy (Juels, 2006) and forgery concerns (Dimitriou, 2005; Yang et al., 2005) linked to RFID technology. However, we show in the following that the protocol fails to bear out many of the authors' security claims, which renders the protocol useless. More precisely, we present the following attacks on this protocol:1.De-synchronization attack: the success probability of the attack is 1 while the attack complexity is one run of the protocol. 2.Tag impersonation attack: the success probability of the attack is 14 for two runs of the protocol. 3.Reader impersonation attack: the success probability of the attack is 18 for two runs of the protocol. We also show an additional and more general attack, which is still possible when the conditions needed for the ones above do not hold, and that highlights the poor design of the group ID (RID"i^t). Additionally we show how all the above mentioned attacks are applicable against another protocol, highly reminiscent of that of Cho et al. (2012) and designed in Cho et al. (2011), and also against an enhanced version of the Cho et al. protocol proposed by Kim (2012). Finally we end up by showing how slight modifications in the original protocol can prevent the aforementioned security faults.