Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions
description
Transcript of Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions
![Page 1: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/1.jpg)
Attacks and Improvements to an RFID Mutual Authentication Protocol
and its Extensions
Shaoying Cai1 Yingjiu Li1
Tieyan Li2 Robert H. Deng1
1Singapore Management University2Institute for Infocomm Research (I2R)
March 16-18, 2009, Zurich, Switzerland
Second ACM Conference on Wireless Network Security (WiSec ‘09)
![Page 2: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/2.jpg)
OverallRFID Authentication Protocol for Low-Cost Tags B. Song and C. J. Mitchell (WiSec 08)
RFID Tag Ownership TransferB. Song (RFIDsec 08)
Tag impersonation attack
Server impersonation attack
De-synchronization attack
Song-Mitchell Protocol
Song’s Secret Update Protocol
![Page 3: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/3.jpg)
Outline
• RFID Background
• Attacks and Improvements to
the Song–Mitchell Protocol
• Attacks and Improvements to
the Song’s Secret Update Protocol
• Conclusions
![Page 4: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/4.jpg)
Radio Frequency Identification System
Components: Tag, Reader, Back-end database Characteristics: Wireless connection ( tag reader ) Limited capability of the tags
100 meters
Tag Reader
Attacker
Attacker Model: Active attacker
Backend Server
![Page 5: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/5.jpg)
Privacy and Security Concerns of Mutual Authentication Protocol
• Tag information privacy• Tag location privacy• Resistance to server\tag impersonation attack• Resistance to replay attack• Resistance to de-synchronization attack• Forward and backward security
![Page 6: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/6.jpg)
Privacy Concerns of Ownership Transfer
• New owner privacy
• Old owner privacy
• Authorization recovery
![Page 7: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/7.jpg)
Song-Mitchell Mutual Authentication Protocol
ti = h(si)
Implicit tag authentication
Identification
Server authenticatio
nUpdate
Update
![Page 8: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/8.jpg)
Server Impersonation Attackr1
M1 , M2
M3
M1 , M3
r1’
M1’, M2’
M3’
Em, you are valid.I’m
server
L1R3L1R3
R1L3R1L3
]'[M][M][M]'[M
]'[M][M][M]'[M
Result ?
![Page 9: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/9.jpg)
Result of Server Impersonation Attack
r1
M1 , M2
TiSearch database,
Search…
Search….
But,
[(si,ti)new, (si,ti)old]
Server [t’]
Who are
you?
It’s me, Ti….I was
changed by Attacker.
![Page 10: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/10.jpg)
Tag Impersonation Attack
r1
’M1’, M2’
r1
M1, M2
M3
Yeah, you are Ti.
I’m serve
r'M M
rr 'MM
22
11
'11
I’m tag Ti
Ti
Result ?
![Page 11: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/11.jpg)
Vulnerability Analysis
baba :
>> :
S >> l/2 = [S]R || [S]L
![Page 12: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/12.jpg)
Modified Song-Mitchell Protocol
)||( 212 rrfM it
)||( 112 tMrfM t
srhM )2(3
)( 23 rhMsi
![Page 13: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/13.jpg)
Song's secret update protocol
ti ti’
![Page 14: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/14.jpg)
De-Synchronization Attack
r1 , M1, M2
r2’, M3’
Ti
r1 , M1’ , M2’
Update Ti’s secret
to ti’
Ti
L1R2L1R2
R1L2R1L2
l 1
]'[M][M][M]'[M
]'[M][M][M]'[M
1} {0, 'M
R
Updates to ti’’
![Page 15: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/15.jpg)
Modified Tag Update Protocol
)'()(2 inewi thsM
)'(2 ii thMs
![Page 16: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/16.jpg)
Conclusions Song-Mitchell mutual authentication protocol
Tag secret update protocol
Server impersonation attack
Tag impersonation attack
De-synchronization attack
![Page 17: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/17.jpg)
Discussion
F denotes a computationally complex function such as hash and keyed hash, and k is an integer between 1 and 2N
• Performance
• Formal Proof
Will be given in our future work.
![Page 18: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.fdocuments.us/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/18.jpg)
Q & A?