Weaknesses in another Gen2-based RFID authentication protocol

Author

Safkhani, Masoumeh ; Bagheri, Nasour ; Peris-Lopez, Pedro ; Mitrokotsa, A. ; Hernandez-Castro, J.C.

Author_Institution

Dept. of Electr. Eng., Iran Univ. of Sci. & Technol., Tehran, Iran

fYear

2012

fDate

5-7 Nov. 2012

Firstpage

80

Lastpage

84

Abstract

There is a high need for secure authentication protocols conforming with the EPC Class-1 Generation 2 (Gen2 in short) standard. The security analyses of the new born authentication protocols provide some guidelines and lessons that should be considered in the design of new proposals. In this paper, we scrutinize the security of a Gen2 based RFID authentication protocol which has been recently proposed by Yi et al. [8]. Our security analysis highlights important security pitfalls in this proposal. More precisely, we show a simple approach to desynchronize the tag and the reader. Moreover, we present tag impersonation and reader impersonation attacks. Finally, we show how the use of random numbers does not prevent traceability attack. The success probability of all the proposed attacks is 1 and their complexity is minimal since at most one eavesdropped session of the protocol is required.

Keywords

cryptographic protocols; radiofrequency identification; telecommunication security; EPC class-1 generation 2; Gen2-based RFID authentication protocol; authentication protocol security; protocol eavesdropped session; reader impersonation attacks; security analysis; success probability; tag impersonation attacks; tag-reader desynchronization; traceability attack; Authentication; Educational institutions; Protocols; Radiofrequency identification; Servers; Standards;

fLanguage

English

Publisher

ieee

Conference_Titel

RFID-Technologies and Applications (RFID-TA), 2012 IEEE International Conference on

Conference_Location

Nice

Print_ISBN

978-1-4673-4656-6

Electronic_ISBN

978-1-4673-4658-0

Type

conf

DOI

10.1109/RFID-TA.2012.6404572

Filename

6404572