Investigating the Performances and Vulnerabilities of Two New Protocols Based on R-RAPSE
📝 Abstract
Radio Frequency IDentification (RFID) is a pioneer technology which has depicted a new lifestyle for humanity in all around the world. Every day we observe an increase in the scope of RFID applications and no one cannot withdraw its numerous usage around him/herself. An important issue which should be considered is providing privacy and security requirements of an RFID system. Recently in 2014, Cai et al. proposed two improved RFID authentication protocols based on R-RAPS rules by the names of IHRMA and I2SRS. In this paper, we investigate the privacy of the aforementioned protocols based on Ouafi and Phan formal privacy model and show that both IHRMA and I2SRS protocols cannot provide private authentication for RFID users. Moreover, we showthat these protocols are vulnerable to impersonation, DoS and traceability attacks. Then, by considering the drawbacks of the studied protocols and implementation of messages with new structures, we present two improved efficient and secure authentication protocols to ameliorate the performance of Cai et al schemes. Our analysis illustrate that the existing weaknesses of the discussed protocols are eliminated in our proposed protocols.
💡 Analysis
Radio Frequency IDentification (RFID) is a pioneer technology which has depicted a new lifestyle for humanity in all around the world. Every day we observe an increase in the scope of RFID applications and no one cannot withdraw its numerous usage around him/herself. An important issue which should be considered is providing privacy and security requirements of an RFID system. Recently in 2014, Cai et al. proposed two improved RFID authentication protocols based on R-RAPS rules by the names of IHRMA and I2SRS. In this paper, we investigate the privacy of the aforementioned protocols based on Ouafi and Phan formal privacy model and show that both IHRMA and I2SRS protocols cannot provide private authentication for RFID users. Moreover, we showthat these protocols are vulnerable to impersonation, DoS and traceability attacks. Then, by considering the drawbacks of the studied protocols and implementation of messages with new structures, we present two improved efficient and secure authentication protocols to ameliorate the performance of Cai et al schemes. Our analysis illustrate that the existing weaknesses of the discussed protocols are eliminated in our proposed protocols.
📄 Content
Investigating the Performances and Vulnerabilities of Two
New Protocols Based on R-RAPSE
Seyed Salman Sajjadi Ghaemmaghami1, Afrooz Haghbin2 and Mahtab Mirmohseni3
1 Department of Computer Engineering, Science and Research branch,
Islamic Azad University, Tehran, Iran
Salman.ghaemmaghami@srbiau.ac.ir
2 Department of Computer Engineering, Science and Research branch,
Islamic Azad University, Tehran, Iran
haghbin@srbiau.ac.ir
3 Department of Electrical Engineering, Sharif University of Technology, Tehran, Iran
mirmohseni@sharif.edu
Abstract
Radio Frequency IDentification (RFID) is a pioneer
technology which has depicted a new lifestyle for humanity
in all around the world. Every day we observe an increase in
the scope of RFID applications and no one cannot withdraw
its numerous usage around him/herself. An important issue
which should be considered is providing privacy and
security requirements of an RFID system. Recently in 2014,
Cai et al. proposed two improved RFID authentication
protocols based on R-RAPS rules by the names of IHRMA
and I2SRS. In this paper, we investigate the privacy of the
aforementioned protocols based on Ouafi and Phan formal
privacy model and show that both IHRMA and I2SRS
protocols cannot provide private authentication for RFID
users. Moreover, we show that these protocols are vulnerable
to impersonation, DoS and traceability attacks. Then, by
considering the drawbacks of the studied protocols and
implementation of messages with new structures, we present
two improved efficient and secure authentication protocols
to ameliorate the performance of Cai et al.’s schemes. Our
analysis illustrate that the existing weaknesses of the
discussed protocols are eliminated in our proposed
protocols.
Keywords: Authentication, RFID protocol, Privacy,
Security,
Ouafi
Phan
privacy
model,
Traceability,
Impersonation
- Introduction
Nowadays, our world is transitioning from an internet
of connected individuals to an internet in which
everything and everyone is connected, also known as
Internet of Things (IoT) [1]. Radio Frequency
IDentification (RFID) is a technology which provides
a contactless identification through magnetic waves.
Health-care, livestock and animal tracking, access
control, transportation and supply chain can be
mentioned as its applications which play an important
roles to prepare the structures for developing the
concept of IoT [2-6]. As it is shown in Fig. 1, RFID
systems involve three main parts: back-end server,
reader and tag. The tag is a microchip which can be
attached to different objects with different purposes in
an RFID system that falls in one of the three classes:
active, passive and semi-active [7]. A passive tag does
not have any battery and obtains sufficient energy to
reply the reader from the magnetic field achieved
through sending the request by the reader. An active
tag contains an inner battery, allows it to start a new
connection with the reader over than only be a
responder. Although the semi-active tag holds an inner
battery, it just responds to the received queries from
the reader, and performing the internal operations are
the only usage of the internal battery [8]. Decreasing
the size and cost of RFID tags, have been led to
popularity and vast implementation of passive tags in
most of novel applications. The back-end server stores
all the information of the tags and the readers, and
establishes a connection with the tag via tranceiving
data with the reader and after investigating the
correctness of transferred messages, authenticates the
reader and the tag. Although, RFID technology is
developing rapidly and providing comfort for users,
deficiency of supplying the necessary security, will
result in irreparable damages [9]. Therefore, scholars
have proposed various type of protocols to provide
security and privacy of end-users in RFID systems,
which generally classify into four classes based on the
deployed cryptographic functions [10]. Full-fledged
are the first classes, include ordinary cryptographic
functions such as public or private key cryptography
systems, one-way hash functions and so forth [2].
Random Number Generators (RNG) and one-way
Fig. 1. A System model of RFID systems
hash functions are permitted to use in the second class. The third class is called lightweight, includes RNG functions and Cyclic Redundancy Code (CRC) checksums[4]. Finally, ultra-lightweight is the last classification, limited to the usage of simple bitwise operators such as AND, OR and XOR [11]. By paying attention to the mentioned classification, several protocols have been presented in the last few years [6, 12-16]. Yeh et al. proposed an RFID authentication protocol based on EPC Class 1 Generation 2 standard in 2010 which supplies tag privacy [6]. In 2011, Yoon declared that Yeh et al.’s protocol is still vulnerable to data integrity and forward secrecy prob
This content is AI-processed based on ArXiv data.