Information Technology Reference
In-Depth Information
1. The total number of session requests which can be issued by the reader is
limited to
max
for each tag, which makes the protocol vulnerable to DoS
attacks.
2. The attacker may know the set of acceptable
(or at least a large pair
of this set) from another RFID system or by tampering. The attacker can
send
i
=
max
and
L
max
to a tag and waste its set of acceptable
{
i, L
i
}
{
i, L
i
}
.
i
∗
)
>
0 condition makes the protocol vulnerable to DoS attack.
Moreover, the reader needs to be aware of the tag which is going to be
interrogated next, and this is not a plausible assumption for many appli-
cations. On the other hand, if we remove the (
i
3. The (
i
−
i
∗
)
>
0 condition, the
protocol becomes vulnerable to another attack. The attacker may listen to
the communications between the tags and the reader in another RFID sys-
tem, eavesdrop and save a valid (
i, L
i
) pair, and use it for an RFID system
somewhere else to ruin the synchronization between the tag and the reader.
4. If we remove the (
i
−
i
∗
)
>
0 condition from the protocol, an attacker can
eavesdrop on the previous communication between the tag and the reader
and use one of the previously used valid (
i, L
i
) pairs to interrogate the tag
again. The tag replies with
extid
=
g
(
id, i
) and the attacker can track the
tag by sending the request message repeatedly.
5. An attacker may find a valid (
i, L
i
) pair from another RFID system as ex-
plained above. Then, it can send the valid pair along with the request mes-
sage to a captured tag and obtain the
−
R
,extid
=
g
(
id, i
)
{
}
information in
R
,extid
=
g
(
id, i
)
the second step. Using the
information, the attacker is
now able to impersonate itself as the actual tag to the legitimate reader.
{
}
4Tan
et al.
RFID Protocol
In this Section, we explain the lightweight protocol proposed by Tan
et al.
[3]. This scheme uses a server-less authentication protocol that aims to pro-
vide the same level of security as the previous protocols, without needing a
central database system. In this scheme, each reader has a unique identifier
r
i
where the index
i
is used to distinguish between different readers. Each tag has
a unique identifier
id
and a unique secret
t
j
where the index
j
is used to distin-
guish between different tags. The secret
t
j
is only known by the tag itself and
a central database. A one-way hash function
h
is known by both the tags and
the readers and
f
(
a, b
)=
h
(
a
is the concatenation operation. It
should be noted that the reader does not have access to the secret
t
j
of the tags,
but it knows the value of
f
(
r
i
,t
j
) for each tag [3]. Details of the the server-less
protocol is shown in Fig. 4. Here,
||
b
)inwhich
||
shows the XOR operation. This protocol
can resist the DoS, cloning, replay and physical attacks [3]. However, it still has
some security issues as explained below:
⊕
1. A malicious user can send a request message to the tag after step (3) and
force it to generate a new challenge
n
j
. At this point, the reader waits for
h
(
f
(
r
i
,t
j
))
m
and
h
(
f
(
r
i
,t
j
)
||
n
i
||
n
j
)
⊕
id
j
while the tag is expecting a new
n
i
and
r
i
as the third step.
Search WWH ::
Custom Search