A New Strong Adversary Model for RFID Authentication Protocols
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F04274644%3A_____%2F20%3A%230000649" target="_blank" >RIV/04274644:_____/20:#0000649 - isvavai.cz</a>
Result on the web
<a href="https://ieeexplore.ieee.org/document/9134736" target="_blank" >https://ieeexplore.ieee.org/document/9134736</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1109/ACCESS.2020.3007771" target="_blank" >10.1109/ACCESS.2020.3007771</a>
Alternative languages
Result language
angličtina
Original language name
A New Strong Adversary Model for RFID Authentication Protocols
Original language description
Radio Frequency Identication (RFID) systems represent a key technology for ubiquitous computing and for the deployment of the Internet of Things (IoT). In RFID technology, authentication pro- tocols are often necessary in order to conrm the identity of the parties involved (i.e. RFID readers, RFID tags and/or database servers). In this article, we analyze the security of a mutual authentication protocol proposed byWang and Ma. Our security analysis clearly shows major security pitfalls in this protocol. Firstly, we show two approaches that an adversary may use to mislead an honest reader into thinking that it is communicating with a legitimate database. Secondly, we show how an adversary that has compromised some tags can impersonate an RFID reader to a legitimate database. Furthermore, we present a new adversary model, which pays heed on cases missed by previous proposals. In contrast to previous models where the communication between an RFID reader and a back-end server is through a secure channel, our model facilitates the security analysis of more general schemes where this communication channel (RFID reader-to-server) is insecure. This model determines whether the compromise of RFID tags has any impact on the security of the reader- to-server communication or vice versa. In a secure protocol, the possible compromise of RFID tags should not affect the RFID reader-server communication. In this paper, we show that compromising of RFID tags in Wang and Ma protocol has a direct impact on the reader-server security. Finally, we propose a new authentication protocol that offers an adequate security level and is resistant against the mentioned security risks. The security proofs of the proposed protocol are supported with Gong-Needham-Yahalom (GNY) logic and Scyther tool, which are formal methods to evaluate the security of a cryptographic protocol.
Czech name
—
Czech description
—
Classification
Type
J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
—
Continuities
I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Others
Publication year
2020
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Name of the periodical
IEEE Access
ISSN
2169-3536
e-ISSN
2169-3536
Volume of the periodical
8
Issue of the periodical within the volume
1
Country of publishing house
US - UNITED STATES
Number of pages
17
Pages from-to
125029-125045
UT code for WoS article
000554569800001
EID of the result in the Scopus database
2-s2.0-85088699338