Security Analysis on Anonymous Mutual Authentication Protocol for RFID Tag without Back-End Database and its Improvement

RFID (Radio Frequency IDentification) system has been widely used in our life, such as transport systems, passports, automotive, animal tracking, human implants, library, and so on. However, the RFID authentication protocols between RF (Radio Frequency) tags and the RF readers have been bring about various privacy problems that anonymity of the tags, tracking, eavesdropping, and so on. Many researchers have proposed the solution of the problems. However, they still have the problem, such as location privacy, mutual authentication. In this paper, we show the problems of the previous protocols, and then we propose a more secure and efficient RFID authentication protocol.

Authors:

• Songyi Kim
• Kwangwoo Lee
• Seungjoo Kim
• Dongho Won

Keywords:

• RFID
• mutual authentication
• serverless
• anonymity.

References:

[1] C.C. Tan, B.Sheng, and Qun Li, "Serverless Search and Authentication
Protocols for RFID", Pervasive Computing and Communications
2007(PerCom 2007), pp.3-12, August. 2007.
[2] C.C. Tan, B.Sheng, and Qun Li, "Secure and Serverless RFID
Authentication and Search Protocols", IEEE Transactions on Wireless
Communications, vol.7, no.4, pp.1400-1407, April. 2008.
[3] S. Han, T.S.Dillon, and E. Chang, "Anonymous Mutual Authentication
Protocol for RFID Tag Without Back-End Database", Springer, Mobile
Sensor Networks 2007(MSN 2007), Lecture Notes in Computer Science
vol.4864, pp.623-632, November 2007.
[4] Dirk Henrici and Paul Muller, "Hash-based Enhancement of Location
Privacy for Radio-Frequency Identification Devices using Varying
Identifiers", Proceedings of Workshop on Pervasive Computing and
Communications Security, pp.149-153, 2004.
[5] JangYoung Chung, YoungSik Hong, "RFID Authentication Protocol
Verification in Serverless Environment", Korea information science
society, vol.35, no.1-(A), pp.140-145, June 2008.
[6] Keunwoo Rhee, Jin Kwak, Seungjoo Kim, and Dongho Won,
"Challenge-Response Based RFID Authentication Protocol for
Distributed Database Environment", International Conference on
Security in pervasive Computing (SPC), pp.70-84, 2008.
[7] Hye-Jin Kwon, Jae-Wook Lee, Dong-Ho Jeon, and Soon-Ja Kim, "Easy
to Search for Tags on Database and Secure Mutual Authentication
Protocol for RFID system", Korea institute of information security and
cryptology, vol. 18, no.5, pp.125-134, 2008.
[8] Batbold Toiruul, KyungOh Lee, HyunJun Lee, YoungHan Lee, and Yoon
Young Park, "Mutual-Authentication Mechanism for RFID Systems",
Lecture Notes in Computer Science, vol.4325, pp.449-460, 2006.
[9] Manfred Aigner and Martin Feldhofer, "Secure Symmetric
Authentication for RFID Tags", Telecommunication and Mobile
Computing(TCMC), March 2005.
[10] Sheikh I. Ahamed, Farzana Rahman, Endadul Hoque, Fahim Kawsar, and
Tatsuo Nakajima, "S3PR:Secure Serverless Search Protocols for RFID",
Information Security and Assurance, pp.187-192, April 2008.