Practical attacks on a mutual authentication scheme under the EPC Class-1 Generation-2 standard

Peris-Lopez, Pedro and Li, Tieyan and Hernandez-Castro, Julio C. and Tapiador, Juan E. (2009) Practical attacks on a mutual authentication scheme under the EPC Class-1 Generation-2 standard. Computer Communications, 32 (7-10). pp. 1185-1193. ISSN 0140-3664. (Access to this publication is restricted)

PDF
Restricted to Repository staff only
Contact us about this Publication Download (436kB)
[img]
Official URL
http://dx.doi.org/10.1016/j.comcom.2009.03.010

Abstract

The EPC Class-1 Generation-2 RFID standard provides little security, as has been shown in previous works such as [S. Karthikeyan, M. Nesterenko, RFID security without extensive cryptography, in: Proceedings of the 3rd ACM Workshop on Security of Ad Hoc and Sensor Networks, 2005, pp. 63-67; D.N. Duc, J. Park, H. Lee, K. Kim, Enhancing security of EPCglobal Gen-2 RFID tag against traceability and cloning, in: The 2006 Symposium on Cryptography and Information Security, 2006; H.Y. Chien, C.H. Chen, Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards, Computer Standards & Interfaces 29 (2007) 254-259; P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, A. Ribagorda, Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard, in: Proceedings of Int'l Conference on RFID Security (RFIDSec)'07, Jul 2007; T.L. Lim, T. Li, Addressing the weakness in a lightweight RFID tag-reader mutual authentication scheme, in Proceedings of the IEEE Int'l Global Telecommunications Conference (GLOBECOM) 2007, Nov 2007, pp. 59-63]. In particular, the security of an RFID tag's access and kill passwords is almost non-existent. Konidala and Kim recently proposed a new mutual authentication scheme [D.M. Konidala, Z. Kim, K. Kim, A simple and cost-effective RFID tag-reader mutual authentication scheme, in: Proceedings of Int'l Conference on RFID Security (RFIDSec)'07, Jul 2007, pp. 141-152] - an improved version of their first attempt [D.M. Konidala, K. Kim, RFID tag-reader mutual authentication scheme utilizing tag's access password, Auto-ID Labs White Paper WP-HARDWARE-033, Jan 2007] - in which a tag's access and kill passwords are used for authentication. In this paper, we show that the new scheme continues to present serious security flaws. The 16 least significant bits of the access password can be obtained with probability 2- 2, and the 16 most significant bits with a probability greater than 2- 5. Finally, we show how an attacker can recover the entire kill password with probability 2- 2.

Item Type: Article
Uncontrolled keywords: Attacks; EPC-C1G2 standard; RFID; Security
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Divisions: Faculties > Science Technology and Medical Studies > School of Computing > Security Group
Depositing User: Julio Hernandez-Castro
Date Deposited: 24 Oct 2012 13:04
Last Modified: 18 Mar 2013 16:34
Resource URI: http://kar.kent.ac.uk/id/eprint/31950 (The current URI for this page, for reference purposes)
  • Depositors only (login required):

Downloads

Downloads per month over past year