De-synchronization attack on RFID authentication protocols

Author

Lo, N.W. ; Yeh, Kuo-Hui

Author_Institution

Dept. of Inf. Manage., Nat. Taiwan Univ. of Sci. & Technol., Taipei, Taiwan

fYear

2010

fDate

17-20 Oct. 2010

Firstpage

566

Lastpage

570

Abstract

In order to protect privacy of RFID tag against malicious tag tracing activities, many RFID authentication protocols with the secret key update scheme have been proposed to support forward security. These proposals are symmetric key based in common due to the lack of computational resource to perform heavy asymmetric cryptographic operations in low-cost tags. In this paper, we have demonstrated that four RFID authentication protocols are vulnerable to a de-synchronization attack. The secret values shared between any given tag and the backend server can easily be de-synchronized through a series of attack process (or incomplete protocol runs). Our results indicate that these four schemes are naturally limited by their essential design and more rigorous security analyses are accordingly required. In addition, any extension from these four protocols may incur the insecurity owing to the same underlying protocol design.

Keywords

authorisation; cryptographic protocols; radiofrequency identification; RFID authentication protocol; asymmetric cryptographic operation; desynchronization attack; malicious tag tracing; secret key update scheme; symmetric key; Authentication; Cryptography; Protocols; Radiofrequency identification; Servers; Synchronization; Authentication; De-synchronization attack; Privacy; RFID; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Theory and its Applications (ISITA), 2010 International Symposium on

Conference_Location

Taichung

Print_ISBN

978-1-4244-6016-8

Electronic_ISBN

978-1-4244-6017-5

Type

conf

DOI

10.1109/ISITA.2010.5649726

Filename

5649726