A New Strong Adversary Model for RFID Authentication Protocols
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F04274644%3A_____%2F20%3A%230000649" target="_blank" >RIV/04274644:_____/20:#0000649 - isvavai.cz</a>
Výsledek na webu
<a href="https://ieeexplore.ieee.org/document/9134736" target="_blank" >https://ieeexplore.ieee.org/document/9134736</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1109/ACCESS.2020.3007771" target="_blank" >10.1109/ACCESS.2020.3007771</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
A New Strong Adversary Model for RFID Authentication Protocols
Popis výsledku v původním jazyce
Radio Frequency Identication (RFID) systems represent a key technology for ubiquitous computing and for the deployment of the Internet of Things (IoT). In RFID technology, authentication pro- tocols are often necessary in order to conrm the identity of the parties involved (i.e. RFID readers, RFID tags and/or database servers). In this article, we analyze the security of a mutual authentication protocol proposed byWang and Ma. Our security analysis clearly shows major security pitfalls in this protocol. Firstly, we show two approaches that an adversary may use to mislead an honest reader into thinking that it is communicating with a legitimate database. Secondly, we show how an adversary that has compromised some tags can impersonate an RFID reader to a legitimate database. Furthermore, we present a new adversary model, which pays heed on cases missed by previous proposals. In contrast to previous models where the communication between an RFID reader and a back-end server is through a secure channel, our model facilitates the security analysis of more general schemes where this communication channel (RFID reader-to-server) is insecure. This model determines whether the compromise of RFID tags has any impact on the security of the reader- to-server communication or vice versa. In a secure protocol, the possible compromise of RFID tags should not affect the RFID reader-server communication. In this paper, we show that compromising of RFID tags in Wang and Ma protocol has a direct impact on the reader-server security. Finally, we propose a new authentication protocol that offers an adequate security level and is resistant against the mentioned security risks. The security proofs of the proposed protocol are supported with Gong-Needham-Yahalom (GNY) logic and Scyther tool, which are formal methods to evaluate the security of a cryptographic protocol.
Název v anglickém jazyce
A New Strong Adversary Model for RFID Authentication Protocols
Popis výsledku anglicky
Radio Frequency Identication (RFID) systems represent a key technology for ubiquitous computing and for the deployment of the Internet of Things (IoT). In RFID technology, authentication pro- tocols are often necessary in order to conrm the identity of the parties involved (i.e. RFID readers, RFID tags and/or database servers). In this article, we analyze the security of a mutual authentication protocol proposed byWang and Ma. Our security analysis clearly shows major security pitfalls in this protocol. Firstly, we show two approaches that an adversary may use to mislead an honest reader into thinking that it is communicating with a legitimate database. Secondly, we show how an adversary that has compromised some tags can impersonate an RFID reader to a legitimate database. Furthermore, we present a new adversary model, which pays heed on cases missed by previous proposals. In contrast to previous models where the communication between an RFID reader and a back-end server is through a secure channel, our model facilitates the security analysis of more general schemes where this communication channel (RFID reader-to-server) is insecure. This model determines whether the compromise of RFID tags has any impact on the security of the reader- to-server communication or vice versa. In a secure protocol, the possible compromise of RFID tags should not affect the RFID reader-server communication. In this paper, we show that compromising of RFID tags in Wang and Ma protocol has a direct impact on the reader-server security. Finally, we propose a new authentication protocol that offers an adequate security level and is resistant against the mentioned security risks. The security proofs of the proposed protocol are supported with Gong-Needham-Yahalom (GNY) logic and Scyther tool, which are formal methods to evaluate the security of a cryptographic protocol.
Klasifikace
Druh
J<sub>imp</sub> - Článek v periodiku v databázi Web of Science
CEP obor
—
OECD FORD obor
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Návaznosti výsledku
Projekt
—
Návaznosti
I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Ostatní
Rok uplatnění
2020
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název periodika
IEEE Access
ISSN
2169-3536
e-ISSN
2169-3536
Svazek periodika
8
Číslo periodika v rámci svazku
1
Stát vydavatele periodika
US - Spojené státy americké
Počet stran výsledku
17
Strana od-do
125029-125045
Kód UT WoS článku
000554569800001
EID výsledku v databázi Scopus
2-s2.0-85088699338