A Lightweight RFID Mutual Authentication Protocol with Ownership Transfer

Fu, Xiaotong; Guo, Yandong

doi:10.1007/978-3-642-36252-1_7

Cited by 9 publications

(12 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“… Nam, Kim, Park and Won fixed Lee, Kim and Yong Authentication Protocol [6]: Activates R1.2, R2.3, revealing replay attack [17].  JSXLC RFID Authentication Protocol [44]: Activates R1.1, revealing freshness attack [15].…”

Section: Results For Other Security Protocolsmentioning

confidence: 99%

See 1 more Smart Citation

A Novel Security Protocol Attack Detection Logic with Unique Fault Discovery Capability for Freshness Attacks and Interleaving Session Attacks

Jurcut

Coffey

Dojen

2019

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

This paper introduces a new logic-based technique for detecting security protocol weaknesses that are exploitable by freshness and interleaving session attacks. This technique is realised as a special purpose logic to be used throughout the protocol design stage, where a draft of the protocol is subjected to formal analysis prior to its publication or deployment. For any detected failures the analysis also reveals their cause, facilitating design corrections.The proposed Attack Detection Logic is introduced and its details, including the language, predicates, axioms, rules, semantics as well as soundness and completeness are presented. The effectiveness of the logic is evaluated in a case study, where it is demonstrated how to use the Attack Detection Logic as part of the design process of security protocols. Further, the logic is applied to a range of security protocols, including protocols with known weaknesses and protocols that are known to be secure. The logic's ability to detect various attacks is established by demonstrating that for protocols with known weaknesses, at least one detection rule is activated and no detection rule is activated for protocols without weaknesses. This case study confirms the logic's ability to detect design weaknesses exploitable by freshness and interleaving session attacks.

show abstract

Section: Results For Other Security Protocolsmentioning

confidence: 99%

“… Attack on ID-based scheme for mobile environment detected by Wang and Ma in 2013 [14].  Attack on lightweight RFID authentication protocol detected by Fu and Guo in 2013 [15].  Attack on RAPP ultra-lightweight RFID protocol detected by Zhuang et al in 2013 [16].…”

Section: Introductionmentioning

confidence: 99%

A Novel Security Protocol Attack Detection Logic with Unique Fault Discovery Capability for Freshness Attacks and Interleaving Session Attacks

Jurcut

Coffey

Dojen

2019

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…Also, in addition to not being EPC compliant due to the use of hash operations and encryption functions, the protocol does not handle the privacy among the shared owners. More recent protocols such as [50][51][52][53][54][55][56][57] are not suitable for low-cost passive tags because they use hash functions or keyed encryption functions. New shared secret between TTP and Owners in a Owner-Group STs n New shared secret between TTP and Tags in a Tag-Group S1r; S2r…”

Section: Related Workmentioning

confidence: 99%

Secure ownership transfer for multi-tag multi-owner passive RFID environment with individual-owner-privacy

Sundaresan

Doss

Zhou

et al. 2015

Computer Communications

View full text Add to dashboard Cite

“…2) LKY scheme steps The LKY scheme steps are formalised as follows: S1: TTP receivefrom A at [ {Nttp}H({A}datax)); G5: TTP know at [3] A send at [3] H({Nttp}H({A}datax),Nttp); G6: TTP know at [3] NOT(Zero send at [0] H({Nttp}H({A}datax),Nttp)); Goals G1-G4 relate to authentication of TTP to A. G1 states that A knows at step 2 that TTP is the source of message component H({Na}H({A}datax),Na), which is the reply to A's nonce challenge. G2 states that A knows that this message component has been created during the current protocol run.…”

Section: A Formalisation Of Lky Schemementioning

confidence: 99%

“…The formalized goals are similar to the LKY scheme. G1: A know at [2] TTP send at [2] H({Na}H({A}datax), Na, TTP); G2: A know at [2] NOT(Zero send at [0] H({Na}H({A}datax), Na, TTP)); G3: A know at [2] TTP send at [2] {Nttp}H({A}datax); G4: A know at [2] NOT (Zero send at [0] {Nttp}H({A}datax)); G5: TTP know at [3] A send at [3] H({Nttp}H({A}datax), Nttp, A); G6: TTP know at [3] NOT(Zero send at [0] H({Nttp}H({A}datax), Nttp, A));…”

Section: ) Goalsmentioning

confidence: 99%

Establishing and Fixing Security Protocols Weaknesses Using a Logic-based Verification Tool

Jurcut

Coffey

Dojen

2013

JCM

View full text Add to dashboard Cite

Formal verification aims at providing a rigid and thorough means of evaluating the correctness of security protocols and also establishing that the protocols are free of weaknesses that can be exploited by attacks. This paper discusses the process of formal verification using a logic-based verification tool. The verification tool with attack detection capabilities is introduced, and the verification process is demonstrated by way of a case study on two published security protocols that provide mutual authentication using smart cards. The performed verification reveals new weaknesses in the protocols that can be exploited by a replay attack and a parallel session attack. The impact of these attacks is that an attacker is able to masquerade as a legitimate remote user to cheat the system. The reasoning why these attacks are possible is detailed and an amended protocol, resistant to these attacks is proposed. Formal verification of the amended protocol provides confidence in the correctness and effectiveness of the proposed modifications.

show abstract

A Lightweight RFID Mutual Authentication Protocol with Ownership Transfer

Cited by 9 publications

References 10 publications

A Novel Security Protocol Attack Detection Logic with Unique Fault Discovery Capability for Freshness Attacks and Interleaving Session Attacks

A Novel Security Protocol Attack Detection Logic with Unique Fault Discovery Capability for Freshness Attacks and Interleaving Session Attacks

Secure ownership transfer for multi-tag multi-owner passive RFID environment with individual-owner-privacy

Establishing and Fixing Security Protocols Weaknesses Using a Logic-based Verification Tool

Contact Info

Product

Resources

About