Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

12-2009

Abstract

In ASIACCS'08, Burmester, Medeiros and Motta proposed an anonymous RFID authentication protocol (BMM protocol [2]) that preserves the security and privacy properties, and achieves better scalability compared with other contemporary approaches. We analyze BMM protocol and find that some of security properties (especial untraceability) are not fulfilled as originally claimed. We consider a subtle attack, in which an adversary can manipulate the messages transmitted between a tag and a reader for several continuous protocol runs, and can successfully trace the tag after these interactions. Our attack works under a weak adversary model, in which an adversary can eavesdrop, intercept and replay the protocol messages, while stronger assumptions such as physically compromising of the secret on a tag, are not necessary. Based on our attack, more advanced attacking strategy can be designed on cracking a whole RFID-enabled supply chain if BMM protocol is implemented. To counteract such flaw, we improve the BMM protocol so that it maintains all the security and efficiency properties as claimed in [2].

Keywords

Anonymous, Authentication, Privacy, RFID

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Information Systems Security: 5th International Conference, ICISS 2009 Kolkata, India, December 14-18: Proceedings

Volume

5905

First Page

71

Last Page

85

ISBN

9783642107726

Identifier

10.1007/978-3-642-10772-6_7

Publisher

Springer

City or Country

Berlin

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1007/978-3-642-10772-6_7

Download

Share

COinS