A Vulnerability Analysis of Multi-Context RFID Mutual Authentication Protocol (다중 컨텍스트 RFID 상호 인증 프로토콜의 보안 취약점 분석)

김영백; Kim Sung soo (김성수); 정경호; 김수용; 윤태진; 안광선

A Vulnerability Analysis of Multi-Context RFID Mutual Authentication Protocol

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2013, 18(10), pp.71-79
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science

김영백 ¹, Kim Sung soo ², 정경호 ³, 김수용 ⁴, 윤태진 ², 안광선 ³

¹한국전자통신연구원
²경운대학교
³경북대학교
⁴영진전문대학

Accredited

ABSTRACT

In this paper, we analyze the security vulnerability through the several attack scenarios for the MCR-MAP(Multi-Context RFID Mutual Authentication Protocol) proposed by Ahn et al. And we propose the secure mutual authentication protocol that improved a prior MCR-MAP. The suggested protocol uses the ID of the legal tag and the timestamp generated by the server, when the tag tries to authenticate. And when the tag creates the credential, we create the new secret key computing the XOR operation between the secret key shared with the server and the tag timestamp generated by the server. As a result, the proposed protocol provides the secure mutual authentication and then is safe to spoofing attack. Also it provides forward-secrecy and then is safe to offline brute-burst attack. In this paper, we compare and verify the security vulnerability of the prior and the proposed protocol through the security analysis.

KEYWORDS

Multi-Context, RFID, Mutual Authentication

Citation status

* References for papers published after 2023 are currently being built.

[journal] M. Weiser / 1993 / Some Computer Science Issues in Ubiquitous Computing / Communications of the ACM 36(7) : 74~84

[book] K. Finkenzeller / 2003 / RFID Handbook: Fundamentals and applications in Contactless Smart Cards and Identification / John Wiley &Sons Ltd : 195~219

[journal] Selim Volkan Kaya / 2009 / Public key cryptography based privacy preserving multi-context RFID infrastructure / Ad Hoc Networks 7 : 136~152

[journal] H.S. Ahn / 2011 / Privacy Preserving and Relay Attack Preventing Multi-Context RFID Mutual Authentication Protocol / Journal of KICS 36(8) : 1028~1037

[journal] N. Borselius / 2002 / Mobile Agent Security / Electronics and Communication Engineering Journal 14(5) : 211~218

[journal] A. Juels / 2006 / RFID Security and Privacy : A Research Survey / IEEE Journal of Selected Areas in Communications 24(2) : 381~394

[confproc] A. Juels / 2003 / The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy / 10th ACM Computer and Communications Security Conference (CCS'03) : 103~111

[journal] S. Weis / 2005 / Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems / In Security in Pervasive Computing, LNCS 2802 : 201~212

[confproc] M. Ohkubo / 2003 / A Cryptographic Approach to “Privacy-Friendly” tag / RFID Privacy Workshop

[confproc] A. Juels / 2003 / Squealing Euros : Privacy protection in RFID-enabled banknotes / Financial cryptography International conference, LNCS 2742 : 103~123

[confproc] P. Golle / 2003 / Universal Re-encryption for mixnets / RSA Conference Cryptographers Track '04, LNCS 2964 : 163~178

[journal] 강유성 / 2010 / Design Implementation of Lightweight and High Speed Security Protocol Suitable for UHF Passive RFID Systems / 정보보호학회논문지 / 한국정보보호학회 20(4) : 117~134

[journal] M. Feldhofer / 2004 / Strong Authentication for RFID Systems Using the AES Algorithm / Cryptographic Hardware and Embedded Systems, LNCS 3156 : 85~140

[confproc] T. Good / 2009 / A low-frequency RFID to challenge security and privacy concerns / Proceedings of IEEE 6th International Conference on Mobile Adhoc and Sensor Systems (MASS'09) : 856~863

[confproc] M. Kim / 2007 / Low-cost Cryptographic Circuits for authentication in Radio Frequency Identification Systems / Proceedings of International symposium on Consumber Electronics (ISCE'06) : 1~5

[journal] A. Kerckhoffs / 1883 / La cryptographie militaire / Journal des sciences militaires 9 : 5~83

[other] / 2005 / EPCTM Generation 1 Tag Data Standards Version 1.1 Rev.1.27, EPCglobal / Standard Specification

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65