Attacks and Improvements to an RFID Mutual Authentication Protocol

Author

Shaoying CAI
Yingjiu LI, Singapore Management UniversityFollow
Tieyan LI
Robert H. DENG, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Publication Date

3-2009

Abstract

In WiSec'08, Song and Mitchell proposed an RFID mutual authentication protocol. Song also extended this protocol for RFID tag ownership transfer. These two protocols are designed to have the most security properties in the literature. We discover that, however, the mutual authentication protocol is vulnerable to both tag impersonation attack and reader impersonation attack, which enable an adversary to impersonate any legitimate reader or tag. We also discover that the ownership transfer protocol is vulnerable to a de-synchronization attack, which prevents a legitimate reader from authenticating a legitimate tag, and vice versa. We analyze the vulnerabilities of these protocols and propose our revisions to eliminate the vulnerabilities with comparable storage and computational requirements.

Discipline

Information Security

Research Areas

Information Security and Trust

Publication

Proceedings of the Second ACM Conference on Wireless Network Security WiSec '09: Zurich, Switzerland, March 16-18, 2009

First Page

51

Last Page

58

ISBN

9781605584607

Identifier

10.1145/1514274.1514282

Publisher

ACM

Citation

CAI, Shaoying; LI, Yingjiu; LI, Tieyan; and DENG, Robert H.. Attacks and Improvements to an RFID Mutual Authentication Protocol. (2009). Proceedings of the Second ACM Conference on Wireless Network Security WiSec '09: Zurich, Switzerland, March 16-18, 2009. 51-58.
Available at: https://ink.library.smu.edu.sg/sis_research/274

Additional URL

http://dx.doi.org/10.1145/1514274.1514282