RFID authentication protocol for mobile readers satisfying EPC-C1-GEN2 standard of passive tags (original) (raw)

An efficient and secure authentication protocol for RFID systems

International Journal of Automation and Computing, 2012

The use of radio frequency identification (RFID) tags may cause privacy violation of users carrying an RFID tag. Due to the unique identification number of the RFID tag, the possible privacy threats are information leakage of a tag, traceability of the consumer, denial of service attack, replay attack and impersonation of a tag, etc. There are a number of challenges in providing privacy and security in the RFID tag due to the limited computation, storage and communication ability of low-cost RFID tags. Many research works have already been conducted using hash functions and pseudorandom numbers. As the same random number can recur many times, the adversary can use the response derived from the same random number for replay attack and it can cause a break in location privacy. This paper proposes an RFID authentication protocol using a static identifier, a monotonically increasing timestamp, a tag side random number and a hash function to protect the RFID system from adversary attacks. The proposed protocol also indicates that it requires less storage and computation than previous existing RFID authentication protocols but offers a larger range of security protection. A simulation is also conducted to verify some of the privacy and security properties of the proposed protocol.

Novel construction of Secure RFID Authentication Protocol

2014

This article proposes an efficient and secure authentication protocol for secure and low-cost RFID systems in random oracles. Security is one of the prime concerns of RFID system. Proposed protocol relies on Elliptic Curve Discrete Logarithm Problem (ECDLP) to achieve security. The protocol achieves the most important security goals scalability, anonymity and anti-cloning for RFID system. A password based protocol has vulnerability on fixed password. This can be exploited by threats. In the proposed protocol, there is a provision to change the password of the Tags. Hence the vulnerability can be reduced in an acceptable level. Computation cost is very less as compare to the other protocols.

A Secure Authentication Scheme for RFID Systems

Procedia Computer Science, 2016

Day by day the importance of Radio Frequency Identification (RFID) systems is increasing for its powerful capabilities in automatic identification, localization and access control of the objects. However, the RFID techniques are plagued to security and privacy issues due to underlying wireless communication channel. In order to come up with a solution, we propose an efficient authentication scheme which uses pseudorandom number generators (PRNG) and some simple cryptographic operations. Moreover, as the current generation tags come with in-built pseudo random generators, the implementations of these operations are possible with low complexity. The secret information stored inside the tags is communicated in a more secure way ensuring confidentiality, integrity, and authentication. The security of our proposed scheme is analyzed against different attacks on RFID and with the performance of some existing protocols. Experimental results show a significant improvement in security with average cost, when compared with the existing techniques.

An Efficient Design and Implementation of Securable RFID Tag-Reader Mutual Authentication Protocol

2015

Radio frequency identification( RFID) is unwired processing task uses the radio signals for communication purpose. By using radio signals RFID pointing out the objects with unique electronic product code. This electronic product code hiving unique identification for single-single objects. The main disadvantages of RFID is, leaking the information as distance increases. As distances increases unsecured authentication start between the tag and reader. At this time unauthorized user may get all the information of the object and as well as unauthorized user may guess the password also. Hence unsecured authentication may generate some security problems and secret-privacy protection problems to the authorized user. EPC Class-1 generation-2 technique generates to many security issues hence to overcome these problems we proposing new pad generation technique instead of EPC Class-1 generation-2 technique. By doing this we producing strong authentication between tag and reader. In this paper ...

Security Analysis of an EPC Class-1 Generation-2 Compliant RFID Authentication Protocol

2018

Design of secure authentication solutions for low-cost RFID tags is still an open and quite challenging problem, though many protocols have been published in the last decade. In 2013, Wei and Zhang proposed a new lightweight RFID authentication protocol that conforms to the EPC-C1G2 standard and claimed that the protocol would be immune against all known attacks on RFID systems. In this paper, we consider the security of this protocol and show that it cannot provide secure authentication for RFID users. An attacker, by following our suggested approach, will be able to impersonate server/reader, and destroy synchronization between the back-end server and the tag. Finally, we enhance this protocol, and by using formal and informal security analysis we show that the enhanced protocol strongly inhibits the security flaws of its predecessor.

A Secure RFID Authentication Protocol with Low Communication Cost

2009 International Conference on Complex, Intelligent and Software Intensive Systems, 2009

Gene Tsudik proposed a Trivial RFID Authentication Protocol (YA-TRAP*), where a valid tag can become incapacitated after exceeding the prestored threshold value and is thus vulnerable to DoS attack. Our scheme solves the problem by allowing a tag to refresh its prestored threshold value. Moreover, our scheme is forward secure and provides reader authentication, resistance against timing, replay, tracking attacks. We show the use of aggregate hash functions in our complete scheme to reduce the reader to server communication cost. The reader uses partial authentication to keep the rougue tags out of the aggregate function.

SLRV: An RFID Mutual Authentication Protocol Conforming to EPC Generation-2 Standard

TELKOMNIKA (Telecommunication Computing Electronics and Control), 2015

Having done an analysis on the security vulnerabilities of Radio Frequency Identification (RFID) through a desynchronization and an impersonation attacks, it is revealed that the secret information (i.e.: secret key and static identifier) shared between the tag and the reader is unnecessary. To overcome the vulnerability, this paper introduces Shelled Lightweight Random Value (SLRV) protocol; a mutual authentication protocol with high-security potentials conforming to electronic product code (EPC) Class-1 Generation-2 Tags, based on lightweight and standard cryptography on the tag's and reader's side, respectively. SLRV prunes de-synchronization attacks where the updating of internal values is only executed on the tag's side and is a condition to a successful mutual authentication. Results of security analysis of SLRV, and comparison with existing protocols, are presented.

An Enhanced Authentication Protocol for RFID Systems

IEEE Access

In this paper, we analyse the security of two mutual authentication protocols that have been recently proposed by Gao et al. (IEEE Access, 7:8376-8384, 2019), a hash-based protocol and a Rabin public key based protocol. Our security analysis clearly shows important security pitfalls in these schemes. More precisely, in each protocol, we introduce efficient approaches to desynchronize the tag and the reader/server. The proposed attacks are almost deterministic and the complexity of each attack is a session for the hash-based and three sessions for Rabin public key based protocol. In addition, in the case of the hash-based protocol, we extend the proposed desynchronization attack to a traceability attack in which the adversary can trace any given tag based on the proposed attack with probability of almost one. In the case of Rabin public key based protocol, we extend the proposed desynchronization attack to a tag impersonation attack with the success probability of one. Besides, we propose an enhanced version of the Rabin public key based protocol to provide a secure authentication between the tag and the reader. We evaluate the security of the proposed protocol formally using the Scyther tool and also in Real-or-Random model.

Security and Privacy on Authentication Protocol for Low-cost RFID

2005

In the near future, radio frequency identification (RFID) technology is expected to play an important role for object identification as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Different from the previous works , our protocol firstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Authentication Scheme for Secured RFID

Advanced Development in information and communication technologies, there are so many things that gives facility to deal with these technology using internet. This advanced technology brings revolution or convenient system for users. This advance technologies are applied to many applications such as healthcare or medical area, provide security in people information personally or financially, provide interactions among different kinds of devices, like smart vehicles management, for patients medical sensors, monitoring CCD cameras, advanced technology based home appliances, smart city, home automation, smart grid, traffic management, RTO offices etc. For that purpose, we need a unique identification system for each task. For providing proper identification we using RFID (Radio-frequency identification) system. Radio-frequency identification (RFID) is the most important wireless communication technologies used in the Internet of Things as it can store sensitive data, used for wireless communication with other objects, and identify/track particular object automatically. To provide better security and performance to RFID authentication scheme, Elliptic Curve Cryptography is going to be used. Elliptical curve cryptography (ECC) is based on a public key cryptosystem based system that is on elliptic curve theory. Elliptic Curve Cryptography can be used to create smaller, faster, and efficient cryptographic keys. ECC authentication scheme is well suited for wireless communications, like mobile phones and smart cards, personal information like financial transaction or some secret medical reports, confidential data where main consideration is to provide secure data. Elliptic curve cryptography (ECC) system is for provide suitable authentication RFID system because it can provide similar security level but using a smaller key size and has low computational system requirements. The low processing associated with ECC authentication scheme is to make suitable for use with RFID tags because they have consuming limited computing power. In this paper we present a survey paper on ECC based RFID authentication scheme that is suitable for many applications where security is main concern.