An Enhanced Authentication Protocol for RFID Systems

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F04274644%3A_____%2F20%3A%230000650" target="_blank" >RIV/04274644:_____/20:#0000650 - isvavai.cz</a>

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/9137126" target="_blank" >https://ieeexplore.ieee.org/document/9137126</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/ACCESS.2020.3008230" target="_blank" >10.1109/ACCESS.2020.3008230</a>

Jazyk výsledku

angličtina

Název v původním jazyce

An Enhanced Authentication Protocol for RFID Systems

Popis výsledku v původním jazyce

In this paper, we analyse the security of two mutual authentication protocols that have been recently proposed by Gao et al. (IEEE Access, 7:8376–8384, 2019), a hash-based protocol and a Rabin public key based protocol. Our security analysis clearly shows important security pitfalls in these schemes. More precisely, in each protocol, we introduce efficient approaches to desynchronize the tag and the reader/server. The proposed attacks are almost deterministic and the complexity of each attack is a session for the hash-based and three sessions for Rabin public key based protocol. In addition, in the case of the hash-based protocol, we extend the proposed desynchronization attack to a traceability attack in which the adversary can trace any given tag based on the proposed attack with probability of almost one. In the case of Rabin public key based protocol, we extend the proposed desynchronization attack to a tag impersonation attack with the success probability of one. Besides, we propose an enhanced version of the Rabin public key based protocol to provide a secure authentication between the tag and the reader. We evaluate the security of the proposed protocol formally using the Scyther tool and also in Real-or-Random model.

Název v anglickém jazyce

An Enhanced Authentication Protocol for RFID Systems

Popis výsledku anglicky

In this paper, we analyse the security of two mutual authentication protocols that have been recently proposed by Gao et al. (IEEE Access, 7:8376–8384, 2019), a hash-based protocol and a Rabin public key based protocol. Our security analysis clearly shows important security pitfalls in these schemes. More precisely, in each protocol, we introduce efficient approaches to desynchronize the tag and the reader/server. The proposed attacks are almost deterministic and the complexity of each attack is a session for the hash-based and three sessions for Rabin public key based protocol. In addition, in the case of the hash-based protocol, we extend the proposed desynchronization attack to a traceability attack in which the adversary can trace any given tag based on the proposed attack with probability of almost one. In the case of Rabin public key based protocol, we extend the proposed desynchronization attack to a tag impersonation attack with the success probability of one. Besides, we propose an enhanced version of the Rabin public key based protocol to provide a secure authentication between the tag and the reader. We evaluate the security of the proposed protocol formally using the Scyther tool and also in Real-or-Random model.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2020

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

IEEE Access

ISSN

2169-3536

e-ISSN

2169-3536

Svazek periodika

8

Číslo periodika v rámci svazku

1

Stát vydavatele periodika

US - Spojené státy americké

Počet stran výsledku

11

Strana od-do

126977-126987

Kód UT WoS článku

000551816100001

EID výsledku v databázi Scopus

2-s2.0-85089246729