An Enhanced Authentication Protocol for RFID Systems

被引：23

作者：

Hosseinzadeh, Mehdi ^{[1
,2
]}

Ahmed, Omed Hassan ^{[3
]}

Ahmed, Sarkar Hasan ^{[4
]}

Trinh, Cuong ^{[5
]}

Bagheri, Nasour ^{[6
,7
]}

Kumari, Saru ^{[8
]}

Lansky, Jan ^{[9
]}

Huynh, Bao ^{[10
]}

机构：

[1] Duy Tan Univ, Inst Res & Dev, Da Nang 550000, Vietnam

[2] Iran Univ Med Sci, Hlth Management & Econ Res Ctr, Tehran 1666887635, Iran

[3] Univ Human Dev, Dept Informat Technol, Sulaymaniyah 00964, Iraq

[4] Sulaimani Polytech Univ, Network Dept, Sulaymaniyah 46001, Iraq

[5] Ton Duc Thang Univ, Fac Informat Technol, Artificial Intelligence Lab, Ho Chi Minh City 700000, Vietnam

[6] Shahid Rajaee Teacher Training Univ, Elect Engn Dept, Tehran 1678815811, Iran

[7] Inst Res Fundamental Sci IPM, Sch Comp Sci SCS, Farmanieh Campus, Tehran 1953833511, Iran

[8] Chaudhary Charm Singh Univ, Dept Math, Meerut 250004, Uttar Pradesh, India

[9] Univ Finance & Adm, Fac Econ Studies, Dept Comp Sci & Math, Prague 10100, Czech Republic

[10] Ho Chi Minh City Univ Technol HUTECH, Fac Informat Technol, Ho Chi Minh City 700000, Vietnam

来源：

IEEE ACCESS | 2020年 / 8卷

关键词：

IoT; RFID; mutual authentication; security analysis; desynchronization; traceability; impersonation; real-or-random model; SECURITY; TAXONOMY; SCHEME; IOT;

D O I：

10.1109/ACCESS.2020.3008230

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this paper, we analyse the security of two mutual authentication protocols that have been recently proposed by Gao et al. (IEEE Access, 7:8376-8384, 2019), a hash-based protocol and a Rabin public key based protocol. Our security analysis clearly shows important security pitfalls in these schemes. More precisely, in each protocol, we introduce efficient approaches to desynchronize the tag and the reader/server. The proposed attacks are almost deterministic and the complexity of each attack is a session for the hash-based and three sessions for Rabin public key based protocol. In addition, in the case of the hash-based protocol, we extend the proposed desynchronization attack to a traceability attack in which the adversary can trace any given tag based on the proposed attack with probability of almost one. In the case of Rabin public key based protocol, we extend the proposed desynchronization attack to a tag impersonation attack with the success probability of one. Besides, we propose an enhanced version of the Rabin public key based protocol to provide a secure authentication between the tag and the reader. We evaluate the security of the proposed protocol formally using the Scyther tool and also in Real-or-Random model.

引用

页码：126977 / 126987

页数：11

共 26 条

[1]

Abdalla M, 2005, LECT NOTES COMPUT SC, V3386, P65

[2] Service Management for IoT: Requirements, Taxonomy, Recent Advances and Open Research Challenges [J].

Ahmed, Abdelmuttlib Ibrahim Abdalla ;

Gani, Abdullah ;

Ab Hamid, Siti Hafizah ;

Abdelmaboud, Abdelzahir ;

Syed, Hassan Jamil ;

Mohamed, Riyaz Ahamed Ariyaluran Habeeb ;

Ali, Ihsan .

IEEE ACCESS, 2019, 7 :155472-155488

[3]

[Anonymous], 2018, SUBMISSION REQUIREME

[4]

Armando A, 2005, LECT NOTES COMPUT SC, V3576, P281

[5] Survey on Prominent RFID Authentication Protocols for Passive Tags [J].

Baashirah, Rania ;

Abuzneid, Abdelshakour .

SENSORS, 2018, 18 (10)

[6] Automated formal analysis of a protocol for secure file sharing on untrusted storage [J].

Blanchet, Bruno ;

Chaudhuri, Avik .

PROCEEDINGS OF THE 2008 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 2008, :417-+

[7] A computationally sound mechanized prover for security protocols [J].

Blanchet, Bruno .

2006 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2006, :140-154

[8]

Burrows M., 1989, 39 DIG EQ SYST RES C

[9]

Cremers CJF, 2008, LECT NOTES COMPUT SC, V5123, P414

[10] ON THE SECURITY OF PUBLIC KEY PROTOCOLS [J].

DOLEV, D ;

YAO, AC .

IEEE TRANSACTIONS ON INFORMATION THEORY, 1983, 29 (02) :198-208

← 1 2 3 →