An Enhanced Authentication Protocol for RFID Systems
In this paper, we analyse the security of two mutual authentication protocols that have been recently proposed by Gao et al. (IEEE Access, 7:8376-8384, 2019), a hash-based protocol and a Rabin public key based protocol. Our security analysis clearly shows important security pitfalls in these schemes...
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2020-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9137126/ |
| _version_ | 1819158748786065408 |
|---|---|
| author | Mehdi Hosseinzadeh Omed Hassan Ahmed Sarkar Hasan Ahmed Cuong Trinh Nasour Bagheri Saru Kumari Jan Lansky Bao Huynh |
| author_facet | Mehdi Hosseinzadeh Omed Hassan Ahmed Sarkar Hasan Ahmed Cuong Trinh Nasour Bagheri Saru Kumari Jan Lansky Bao Huynh |
| author_sort | Mehdi Hosseinzadeh |
| collection | DOAJ |
| description | In this paper, we analyse the security of two mutual authentication protocols that have been recently proposed by Gao et al. (IEEE Access, 7:8376-8384, 2019), a hash-based protocol and a Rabin public key based protocol. Our security analysis clearly shows important security pitfalls in these schemes. More precisely, in each protocol, we introduce efficient approaches to desynchronize the tag and the reader/server. The proposed attacks are almost deterministic and the complexity of each attack is a session for the hash-based and three sessions for Rabin public key based protocol. In addition, in the case of the hash-based protocol, we extend the proposed desynchronization attack to a traceability attack in which the adversary can trace any given tag based on the proposed attack with probability of almost one. In the case of Rabin public key based protocol, we extend the proposed desynchronization attack to a tag impersonation attack with the success probability of one. Besides, we propose an enhanced version of the Rabin public key based protocol to provide a secure authentication between the tag and the reader. We evaluate the security of the proposed protocol formally using the Scyther tool and also in Real-or-Random model. |
| first_indexed | 2024-12-22T16:29:36Z |
| format | Article |
| id | doaj.art-5607b6a0013446f184e99d7526120a63 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-22T16:29:36Z |
| publishDate | 2020-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-5607b6a0013446f184e99d7526120a632022-12-21T18:20:05ZengIEEEIEEE Access2169-35362020-01-01812697712698710.1109/ACCESS.2020.30082309137126An Enhanced Authentication Protocol for RFID SystemsMehdi Hosseinzadeh0https://orcid.org/0000-0003-1088-4551Omed Hassan Ahmed1Sarkar Hasan Ahmed2https://orcid.org/0000-0001-5729-073XCuong Trinh3https://orcid.org/0000-0003-4946-938XNasour Bagheri4https://orcid.org/0000-0002-6818-5342Saru Kumari5https://orcid.org/0000-0003-4929-5383Jan Lansky6https://orcid.org/0000-0003-2485-1494Bao Huynh7https://orcid.org/0000-0002-1882-6877Institute of Research and Development, Duy Tan University, Da Nang, VietnamDepartment of Information Technology, University of Human Development, Sulaymaniyah, IraqNetwork Department, Sulaimani Polytechnic University, Sulaymaniyah, IraqArtificial Intelligence Laboratory, Faculty of Information Technology, Ton Duc Thang University, Ho Chi Minh City, VietnamElectrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran, IranDepartment of Mathematics, Chaudhary Charan Singh University, Meerut, IndiaDepartment of Computer Science and Mathematics, Faculty of Economic Studies, University of Finance and Administration, Prague, Czech RepublicFaculty of Information Technology, Ho Chi Minh City University of Technology (HUTECH), Ho Chi Minh City, VietnamIn this paper, we analyse the security of two mutual authentication protocols that have been recently proposed by Gao et al. (IEEE Access, 7:8376-8384, 2019), a hash-based protocol and a Rabin public key based protocol. Our security analysis clearly shows important security pitfalls in these schemes. More precisely, in each protocol, we introduce efficient approaches to desynchronize the tag and the reader/server. The proposed attacks are almost deterministic and the complexity of each attack is a session for the hash-based and three sessions for Rabin public key based protocol. In addition, in the case of the hash-based protocol, we extend the proposed desynchronization attack to a traceability attack in which the adversary can trace any given tag based on the proposed attack with probability of almost one. In the case of Rabin public key based protocol, we extend the proposed desynchronization attack to a tag impersonation attack with the success probability of one. Besides, we propose an enhanced version of the Rabin public key based protocol to provide a secure authentication between the tag and the reader. We evaluate the security of the proposed protocol formally using the Scyther tool and also in Real-or-Random model.https://ieeexplore.ieee.org/document/9137126/IoTRFIDmutual authenticationsecurity analysisdesynchronizationtraceability |
| spellingShingle | Mehdi Hosseinzadeh Omed Hassan Ahmed Sarkar Hasan Ahmed Cuong Trinh Nasour Bagheri Saru Kumari Jan Lansky Bao Huynh An Enhanced Authentication Protocol for RFID Systems IEEE Access IoT RFID mutual authentication security analysis desynchronization traceability |
| title | An Enhanced Authentication Protocol for RFID Systems |
| title_full | An Enhanced Authentication Protocol for RFID Systems |
| title_fullStr | An Enhanced Authentication Protocol for RFID Systems |
| title_full_unstemmed | An Enhanced Authentication Protocol for RFID Systems |
| title_short | An Enhanced Authentication Protocol for RFID Systems |
| title_sort | enhanced authentication protocol for rfid systems |
| topic | IoT RFID mutual authentication security analysis desynchronization traceability |
| url | https://ieeexplore.ieee.org/document/9137126/ |
| work_keys_str_mv | AT mehdihosseinzadeh anenhancedauthenticationprotocolforrfidsystems AT omedhassanahmed anenhancedauthenticationprotocolforrfidsystems AT sarkarhasanahmed anenhancedauthenticationprotocolforrfidsystems AT cuongtrinh anenhancedauthenticationprotocolforrfidsystems AT nasourbagheri anenhancedauthenticationprotocolforrfidsystems AT sarukumari anenhancedauthenticationprotocolforrfidsystems AT janlansky anenhancedauthenticationprotocolforrfidsystems AT baohuynh anenhancedauthenticationprotocolforrfidsystems AT mehdihosseinzadeh enhancedauthenticationprotocolforrfidsystems AT omedhassanahmed enhancedauthenticationprotocolforrfidsystems AT sarkarhasanahmed enhancedauthenticationprotocolforrfidsystems AT cuongtrinh enhancedauthenticationprotocolforrfidsystems AT nasourbagheri enhancedauthenticationprotocolforrfidsystems AT sarukumari enhancedauthenticationprotocolforrfidsystems AT janlansky enhancedauthenticationprotocolforrfidsystems AT baohuynh enhancedauthenticationprotocolforrfidsystems |