Title :
Security on the Design of RFID Access Control Protocol Using the Strategy of Indefinite-Index and Challenge-Response
Author :
Chen, Bae-Ling ; Kuo, Wen-Chung ; Wuu, Lih-Chyau
Author_Institution :
Grad. Sch. of Eng. Sci. & Tech., Nat. Yunlin Univ. of Sci. & Tech., Douliou, Taiwan
Abstract :
Chen, Tsai, and Jan (Chen et al. for short) recently proposed a Radio Frequency Identification (RFID) access control scheme, which includes an authentication mechanism and an access right authorization mechanism designed for a low-cost RFID system. Chen et al. does not only show security weaknesses of Weis´s and Chien´s access control schemes, but also claim their proposed scheme can resist the man-in-the-middle attack, the spoofed reader attack, the spoofed tag attack and guarantee mutual authentication and location privacy. However, we found that Chen et al.´s scheme is vulnerable to the impersonating reader attack and does not have any defense mechanism against denial-of-service (DoS) attack such as resource exhaustion attack. In this paper, we will show that Chen et al.´s scheme is insecure and suffers from aforementioned potential security vulnerabilities.
Keywords :
access protocols; authorisation; radiofrequency identification; telecommunication security; DoS; RFID access control protocol; authentication mechanism; authorization mechanism; denial-of-service; radio frequency identification; resource exhaustion attack; spoofed reader attack; spoofed tag attack; Access control; Authentication; Databases; Protocols; Radiofrequency identification; Servers; RFID security; access control; authentication; denial-of-service (DoS) attack; spoofed reader attack;
Conference_Titel :
Genetic and Evolutionary Computing (ICGEC), 2011 Fifth International Conference on
Conference_Location :
Xiamen
Print_ISBN :
978-1-4577-0817-6
Electronic_ISBN :
978-0-7695-4449-6
DOI :
10.1109/ICGEC.2011.10
