Skip to main content

Cryptanalysis of the Cho et al. protocol: A hash-based RFID tag mutual authentication protocol

Safkhani, Masoumeh, Peris-Lopez, Pedro, Hernandez-Castro, Julio C., Bagheri, Nasour (2014) Cryptanalysis of the Cho et al. protocol: A hash-based RFID tag mutual authentication protocol. Journal of Computational and Applied Mathematics, 259 (Pt B). pp. 571-577. ISSN 0377-0427. (doi:10.1016/j.cam.2013.09.073) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided)

PDF (Restricted due to publisher policy) - Publisher pdf
Restricted to Repository staff only
Contact us about this Publication
[img]
Official URL
http://dx.doi.org/10.1016/j.cam.2013.09.073

Abstract

Radio frequency identification systems need secure protocols to provide confidentiality, privacy protection, mutual authentication, etc. These protocols should resist active and passive attacks such as forgery, traceability, replay and de-synchronization attacks. Cho et al. recently proposed a hash-based mutual authentication protocol (Cho et al., 2012) and claimed that their scheme addresses all privacy (Juels, 2006) and forgery concerns (Dimitriou, 2005; Yang et al., 2005) linked to RFID technology. However, we show in the following that the protocol fails to bear out many of the authors’ security claims, which renders the protocol useless. More precisely, we present the following attacks on this protocol:

1.

2.

3.

We also show an additional and more general attack, which is still possible when the conditions needed for the ones above do not hold, and that highlights the poor design of the group ID (View the MathML source). Additionally we show how all the above mentioned attacks are applicable against another protocol, highly reminiscent of that of Cho et al. (2012) and designed in Cho et al. (2011), and also against an enhanced version of the Cho et al. protocol proposed by Kim (2012). Finally we end up by showing how slight modifications in the original protocol can prevent the aforementioned security faults.

Item Type: Article
DOI/Identification number: 10.1016/j.cam.2013.09.073
Uncontrolled keywords: RFID; Privacy; Authentication; De-synchronization attack; Tag impersonation attack; Reader impersonation attack
Subjects: Q Science
Q Science > QA Mathematics (inc Computing science)
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: Julio Hernandez-Castro
Date Deposited: 22 Nov 2014 00:28 UTC
Last Modified: 03 Mar 2020 04:06 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/45298 (The current URI for this page, for reference purposes)
Hernandez-Castro, Julio C.: https://orcid.org/0000-0002-6432-5328
  • Depositors only (login required):

Downloads

Downloads per month over past year