Title: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions
1Attacks and Improvements to an RFID Mutual
Authentication Protocol and its Extensions
Second ACM Conference on Wireless Network
Security (WiSec 09)
- Shaoying Cai1 Yingjiu Li1
- Tieyan Li2 Robert H. Deng1
1Singapore Management University 2Institute for
Infocomm Research (I2R) March 16-18, 2009,
Zurich, Switzerland
2Overall
RFID Authentication Protocol for Low-Cost Tags
B. Song and C. J. Mitchell (WiSec 08)
Tag impersonation attack
Song-Mitchell Protocol
Server impersonation attack
RFID Tag Ownership Transfer B. Song (RFIDsec 08)
Songs Secret Update Protocol
De-synchronization attack
3Outline
- RFID Background
- Attacks and Improvements to
- the SongMitchell Protocol
- Attacks and Improvements to
- the Songs Secret Update
Protocol - Conclusions
4Radio Frequency Identification System
Components Tag, Reader, Back-end database
Characteristics Wireless connection ( tag ??
reader ) Limited
capability of the tags
Attacker Model Active attacker
100 meters
Tag
Reader
Backend Server
Attacker
5Privacy and Security Concerns of Mutual
Authentication Protocol
- Tag information privacy
- Tag location privacy
- Resistance to server\tag impersonation attack
- Resistance to replay attack
- Resistance to de-synchronization attack
- Forward and backward security
6Privacy Concerns of Ownership Transfer
- New owner privacy
- Old owner privacy
- Authorization recovery
7Song-Mitchell Mutual Authentication Protocol
ti h(si)
Identification
Implicit tag authentication
Update
Server authentication
Update
8Server Impersonation Attack
r1
M1 , M2
M3
Em, you are valid.
M1 , M3
Im server
r1
Result ?
M1, M2
M3
9Result of Server Impersonation Attack
(si,ti)new, (si,ti)old
Ti
Server
t
Search database, Search Search. But,
r1
M1 , M2
Its me, Ti. I was changed by Attacker.
Who are you?
10Tag Impersonation Attack
Im server
Ti
r1
M1, M2
Yeah, you are Ti.
Im tag Ti
r1
Result ?
M1, M2
M3
11Vulnerability Analysis
gtgt
S gtgt l/2 SR SL
12Modified Song-Mitchell Protocol
13Song's secret update protocol
ti ? ti
14De-Synchronization Attack
Update Tis secret to ti
Ti
r1 , M1, M2
Ti
r1 , M1 , M2
r2, M3
Updates to ti
15Modified Tag Update Protocol
16Conclusions
Song-Mitchell mutual authentication protocol
Server impersonation attack
Tag impersonation attack
Tag secret update protocol
De-synchronization attack
17Discussion
F denotes a computationally complex function such
as hash and keyed hash, and k is an integer
between 1 and 2N
Will be given in our future work.
18 Q A?
19 Thank you!
- Shaoying Cai
- sycai_at_smu.edu.sg