New Findings on RFID Authentication Schemes against De-synchronization Attack

Publication Type

Journal Article

Publication Date

2012

Abstract

In order to protect privacy of RFID tag against malicious tag tracing activities, most RFID authentication protocols support forward/backward security properties by updating the same secret values held at both tag end and database end asynchronously during each authentication session. However, in real network environments an adversary may easily interrupt or interfere transmission of necessary key update message in each authentication session such that key re synchronization between tag and database cannot be completed, which is named as de-synchronization attack. To defend against this security threat, recent RFID authentication schemes have applied redundant secret/key design to allow a tag with de-synchronized secret to successfully communicate with server/database in its next authentication session. In this paper, we first categorize existing authentification protocols into three types based on their key update mechanisms. Then security evaluation on de-synchronization attack is conducted for type I and II protocols. Two attack models and theorems show that synchronization mechanisms used in type I and II schemes cannot defend against de-synchronization attack. Finally, three remarks are further presented to support our important finding: most existing RFID authentication schemes cannot simultaneously provide forward/backward security and resistance for de- synchronization attack in practical setting.

Keywords

De-synchronization attack, RFID authentication, Tag identification, Security

Discipline

Numerical Analysis and Scientific Computing

Publication

International Journal of Innovative Computing Information and Control (IJICIC)

Volume

8

Issue

7a

First Page

4431-4449

ISSN

1349-4198

Link to Full Text

Share

COinS