Practical attacks on a mutual authentication scheme under the EPC Class-1 Generation-2 standard

Peris-López, Pedro; Li, Tieyan; Hernández-Castro, Julio; Tapiador, Juan E.

doi:10.1016/j.comcom.2009.03.010

Cited by 30 publications

(28 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is much more difficult for an adversary to recover the access password under the correlation attack, or to forge a successful authentication under the dictionary attack. However, PerisLopez et al showed how the access password can be disclosed under the assumption of an active attacker [16]. In addition, Lim et al exposed that the correlation attack can be used against this scheme in a different way -to recover the kill password after eavesdropping over multiple authentication sessions [17].…”

Section: Related Workmentioning

confidence: 99%

Lightweight Props on the Weak Security of EPC Class-1 Generation-2 Standard

Peris-López

Hernández-Castro³

2010

IEICE Trans. Inf. & Syst.

Self Cite

View full text Add to dashboard Cite

SUMMARYIn 2006 EPCglobal and the International Organization for Standards (ISO) ratified the EPC Class-1 Generation-2 (Gen-2) [1] and the ISO 18000-6C standards [2], respectively. These efforts represented major advancements in the direction of universal standardization for low-cost RFID tags. However, a cause for concern is that security issues do not seem to be properly addressed. In this paper, we propose a new lightweight RFID tag-reader mutual authentication scheme for use under the EPCglobal framework. The scheme is based on previous work by Konidala and Kim [3]. We attempt to mitigate the weaknesses observed in the original scheme and, at the same time, consider other possible adversarial threats as well as constraints on low-cost RFID tags requirements.

show abstract

Section: Related Workmentioning

confidence: 99%

Lightweight Props on the Weak Security of EPC Class-1 Generation-2 Standard

Peris-López

Hernández-Castro³

2010

IEICE Trans. Inf. & Syst.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Their protocol tried to apply CRC as cryptographic hash function for message authentication. However, CRC functions are linear and should not be used for any cryptographic purpose-only for detection of random errors in the channel [9]. So attacker is able to impersonate a tag or a reader, to trace a tag, and even to launch a DoS attack.…”

Section: Related Workmentioning

confidence: 99%

“…In 2007 Chien et al [8] proposed a mutual authentication protocol conforming to EPC-C1G2 standard, the security of their scheme heavily relied on the abuse of the cyclic redundancy code (CRC). However, Peris-Lopez et al [9]showed that the protocol cannot resist to tag impersonation, desynchronization attacking and location tracking. So the Chien et al's protocol not only is vulnerable to such attacks, but also does not provide tag privacy.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Cryptanalysis and Improvement of Mutual Authentication Protocol for EPC C1G2 passive RFID Tag

2017

IJCSI

View full text Add to dashboard Cite

A Radio Frequency Identification (RFID) system is a contactless automatic identification system that uses small and low-cost tags. The restricted computation ability and limited memory capacity of low-cost tags make existing RFID systems vulnerable. EPC Class 1 Generation 2 (EPC-C1G2) is the most popular standard for low cost passive RFID tags, for improving security of this standard; many security schemes are designed since the release of the EPC-C1G2. In 2013 Pang et al.'s, proposed an improved authentication protocol for low cost RFID systems. They claimed that this protocol is secure against various attacks. In this paper, we show that this protocol is still vulnerable against other attacks which didn't discussed by Bezhad et al. Then, an improved protocol is proposed to fix the vulnerabilities, moreover we show that the proposed protocol is conforms to EPC-C1G2.

show abstract

“…Although these protocols tried to provide secure and untraceable communication for RFID systems, however many weaknesses have been found in them [16,17,18,19,20,21]. In this context, Yeh et al have recently proposed a RFID mutual authentication protocol compatible with EPC C-1 G-2 standard [22] that we name SRP (Securing RFID Protocol) in this paper.…”

Section: Introductionmentioning

confidence: 99%

Attacks on a Lightweight Mutual Authentication Protocol under EPC C-1 G-2 Standard

Habibi

Alagheband

Aref

2011

Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication

View full text Add to dashboard Cite

Abstract. Yeh et al. have recently proposed a mutual authentication protocol based on EPC Class-1 Gen.-2 standard. They claim their protocol is secure against adversarial attacks and also provides forward secrecy. In this paper we show that the proposed protocol does not have cited security features properly. A powerful and practical attack is presented on this protocol whereby the whole security of the protocol is broken. Furthermore, Yeh et al.'s protocol does not assure the untraceabilitiy and backwarduntraceabilitiy attributes. We also will propose our revision to safeguard the Yeh et al.'s protocol against cited attacks.

show abstract

Practical attacks on a mutual authentication scheme under the EPC Class-1 Generation-2 standard

Cited by 30 publications

References 6 publications

Lightweight Props on the Weak Security of EPC Class-1 Generation-2 Standard

Lightweight Props on the Weak Security of EPC Class-1 Generation-2 Standard

Cryptanalysis and Improvement of Mutual Authentication Protocol for EPC C1G2 passive RFID Tag

Attacks on a Lightweight Mutual Authentication Protocol under EPC C-1 G-2 Standard

Contact Info

Product

Resources

About