attacks and improvements to an rfid mutual authentication protocol and its extensions
Post on 06-Jan-2016
39 Views
Preview:
DESCRIPTION
TRANSCRIPT
Attacks and Improvements to an RFID Mutual Authentication Protocol
and its Extensions
Shaoying Cai1 Yingjiu Li1
Tieyan Li2 Robert H. Deng1
1Singapore Management University2Institute for Infocomm Research (I2R)
March 16-18, 2009, Zurich, Switzerland
Second ACM Conference on Wireless Network Security (WiSec ‘09)
OverallRFID Authentication Protocol for Low-Cost Tags B. Song and C. J. Mitchell (WiSec 08)
RFID Tag Ownership TransferB. Song (RFIDsec 08)
Tag impersonation attack
Server impersonation attack
De-synchronization attack
Song-Mitchell Protocol
Song’s Secret Update Protocol
Outline
• RFID Background
• Attacks and Improvements to
the Song–Mitchell Protocol
• Attacks and Improvements to
the Song’s Secret Update Protocol
• Conclusions
Radio Frequency Identification System
Components: Tag, Reader, Back-end database Characteristics: Wireless connection ( tag reader ) Limited capability of the tags
100 meters
Tag Reader
Attacker
Attacker Model: Active attacker
Backend Server
Privacy and Security Concerns of Mutual Authentication Protocol
• Tag information privacy• Tag location privacy• Resistance to server\tag impersonation attack• Resistance to replay attack• Resistance to de-synchronization attack• Forward and backward security
Privacy Concerns of Ownership Transfer
• New owner privacy
• Old owner privacy
• Authorization recovery
Song-Mitchell Mutual Authentication Protocol
ti = h(si)
Implicit tag authentication
Identification
Server authenticatio
nUpdate
Update
Server Impersonation Attackr1
M1 , M2
M3
M1 , M3
r1’
M1’, M2’
M3’
Em, you are valid.I’m
server
L1R3L1R3
R1L3R1L3
]'[M][M][M]'[M
]'[M][M][M]'[M
Result ?
Result of Server Impersonation Attack
r1
M1 , M2
TiSearch database,
Search…
Search….
But,
[(si,ti)new, (si,ti)old]
Server [t’]
Who are
you?
It’s me, Ti….I was
changed by Attacker.
Tag Impersonation Attack
r1
’M1’, M2’
r1
M1, M2
M3
Yeah, you are Ti.
I’m serve
r'M M
rr 'MM
22
11
'11
I’m tag Ti
Ti
Result ?
Vulnerability Analysis
baba :
>> :
S >> l/2 = [S]R || [S]L
Modified Song-Mitchell Protocol
)||( 212 rrfM it
)||( 112 tMrfM t
srhM )2(3
)( 23 rhMsi
Song's secret update protocol
ti ti’
De-Synchronization Attack
r1 , M1, M2
r2’, M3’
Ti
r1 , M1’ , M2’
Update Ti’s secret
to ti’
Ti
L1R2L1R2
R1L2R1L2
l 1
]'[M][M][M]'[M
]'[M][M][M]'[M
1} {0, 'M
R
Updates to ti’’
Modified Tag Update Protocol
)'()(2 inewi thsM
)'(2 ii thMs
Conclusions Song-Mitchell mutual authentication protocol
Tag secret update protocol
Server impersonation attack
Tag impersonation attack
De-synchronization attack
Discussion
F denotes a computationally complex function such as hash and keyed hash, and k is an integer between 1 and 2N
• Performance
• Formal Proof
Will be given in our future work.
Q & A?
Thank you!
Shaoying Cai:
sycai@smu.edu.sg
top related