Peris-Lopez, Pedro, Li, Tieyan, Hernandez-Castro, Julio C., Tapiador, Juan E. (2009) Practical attacks on a mutual authentication scheme under the EPC Class-1 Generation-2 standard. Computer Communications, 32 (7-10). pp. 1185-1193. ISSN 0140-3664. (doi:10.1016/j.comcom.2009.03.010) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:31950)
|
PDF
Language: English Restricted to Repository staff only |
|
|
|
![[thumbnail of Practical attacks on a mutual authentication scheme under the EPC Class-1 Generation-2 standard.pdf]](https://kar.kent.ac.uk/style/images/fileicons/application_pdf.png) |
| Official URL: http://dx.doi.org/10.1016/j.comcom.2009.03.010 |
|
Abstract
The EPC Class-1 Generation-2 RFID standard provides little security, as has been shown in previous works such as [S. Karthikeyan, M. Nesterenko, RFID security without extensive cryptography, in: Proceedings of the 3rd ACM Workshop on Security of Ad Hoc and Sensor Networks, 2005, pp. 63-67; D.N. Duc, J. Park, H. Lee, K. Kim, Enhancing security of EPCglobal Gen-2 RFID tag against traceability and cloning, in: The 2006 Symposium on Cryptography and Information Security, 2006; H.Y. Chien, C.H. Chen, Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards, Computer Standards & Interfaces 29 (2007) 254-259; P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, A. Ribagorda, Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard, in: Proceedings of Int'l Conference on RFID Security (RFIDSec)'07, Jul 2007; T.L. Lim, T. Li, Addressing the weakness in a lightweight RFID tag-reader mutual authentication scheme, in Proceedings of the IEEE Int'l Global Telecommunications Conference (GLOBECOM) 2007, Nov 2007, pp. 59-63]. In particular, the security of an RFID tag's access and kill passwords is almost non-existent. Konidala and Kim recently proposed a new mutual authentication scheme [D.M. Konidala, Z. Kim, K. Kim, A simple and cost-effective RFID tag-reader mutual authentication scheme, in: Proceedings of Int'l Conference on RFID Security (RFIDSec)'07, Jul 2007, pp. 141-152] - an improved version of their first attempt [D.M. Konidala, K. Kim, RFID tag-reader mutual authentication scheme utilizing tag's access password, Auto-ID Labs White Paper WP-HARDWARE-033, Jan 2007] - in which a tag's access and kill passwords are used for authentication. In this paper, we show that the new scheme continues to present serious security flaws. The 16 least significant bits of the access password can be obtained with probability 2- 2, and the 16 most significant bits with a probability greater than 2- 5. Finally, we show how an attacker can recover the entire kill password with probability 2- 2.
| Item Type: | Article |
|---|---|
| DOI/Identification number: | 10.1016/j.comcom.2009.03.010 |
| Uncontrolled keywords: | Attacks; EPC-C1G2 standard; RFID; Security |
| Subjects: | Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science |
| Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
| Depositing User: | Julio Hernandez Castro |
| Date Deposited: | 24 Oct 2012 13:04 UTC |
| Last Modified: | 05 Nov 2024 10:14 UTC |
| Resource URI: | https://kar.kent.ac.uk/id/eprint/31950 (The current URI for this page, for reference purposes) |
University of Kent Author Information
Hernandez-Castro, Julio C..
| Creator's ORCID: |
 https://orcid.org/0000-0002-6432-5328
|
|---|---|
| CReDIT Contributor Roles: |
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):
Altmetric
Altmetric
