New Findings on RFID Authentication Schemes against De-synchronization Attack

In order to protect privacy of RFID tag against malicious tag tracing activities, most RFID authentication protocols support forward/backward security properties by updating the same secret values held at both tag end and database end asynchronously during each authentication session. However, in re...

Full description

Saved in:
Bibliographic Details
Main Authors: YEH, Kuo-Hui, LO, Nai-Wei, LI, Yingjiu, CHEN, Yung-Chun, WU, Tzong-Chen
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2012
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/1629
http://www.ijicic.org/ijicic-11-03059.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:In order to protect privacy of RFID tag against malicious tag tracing activities, most RFID authentication protocols support forward/backward security properties by updating the same secret values held at both tag end and database end asynchronously during each authentication session. However, in real network environments an adversary may easily interrupt or interfere transmission of necessary key update message in each authentication session such that key re synchronization between tag and database cannot be completed, which is named as de-synchronization attack. To defend against this security threat, recent RFID authentication schemes have applied redundant secret/key design to allow a tag with de-synchronized secret to successfully communicate with server/database in its next authentication session. In this paper, we first categorize existing authentification protocols into three types based on their key update mechanisms. Then security evaluation on de-synchronization attack is conducted for type I and II protocols. Two attack models and theorems show that synchronization mechanisms used in type I and II schemes cannot defend against de-synchronization attack. Finally, three remarks are further presented to support our important finding: most existing RFID authentication schemes cannot simultaneously provide forward/backward security and resistance for de- synchronization attack in practical setting.