Abstract
In this paper, we describe a vulnerability against one of the most efficient authentication protocols for low-cost RFID tags proposed by Song. The protocol defines a weak attacker as an intruder which can manipulate the communication between a reader and tag without accessing the internal data of a tag. It has been claimed that the Song protocol is able to resist weak attacks, such as denial of service (DoS) attack; however, we found that a weak attacker is able to desynchronise a tag, which is one kind of DoS attack. Moreover, the database in the Song protocol must use a brute force search to retrieve the tag’s records affecting the operational performance of the server. Finally, we propose an improved protocol which can prevent the security problems in Song protocol and enhance the server’s scalability performance.
Chapter PDF
References
Weis, S.: Security and privacy in Radio Frequency Identification devices. PhD thesis, Massachusetts Institute of Technology (2003)
Avoine, G.: Cryptography in Radio Frequency Identification and fair exchange protocols. PhD thesis, Ecole Polytechnique Federale de Lausanne, EPFL (2005)
Habibi, M., Gardeshi, M., Alaghband, M.: Practical attacks on a RFID authentication protocol conforming to EPC Class 1 Generation 2 standard. arXiv preprint arXiv:1102.0763 (2011)
Song, B., Mitchell, C.: RFID authentication protocol for low-cost tags. In: Proceedings of the First ACM Conference on Wireless Network Security, pp. 140–147. ACM (2008)
Cai, S., Li, Y., Li, T., Deng, R.: Attacks and improvements to an RIFD mutual authentication protocol and its extensions. In: Proceedings of the Second ACM Conference on Wireless Network Security, pp. 51–58. ACM (2009)
Rizomiliotis, P., Rekleitis, E., Gritzalis, S.: Security analysis of the Song-Mitchell authentication protocol for low-cost RFID tags. IEEE Communications Letters 13(4), 274–276 (2009)
Song, B.: RFID Authentication Protocols using Symmetric Cryptography. PhD thesis, Royal Holloway, University of London (2009)
Yeh, T., Wang, Y., Kuo, T., Wang, S.: Securing RFID systems conforming to EPC Class 1 Generation 2 Standard. Expert Systems with Applications 37(12), 7678–7683 (2010)
Chien, H., Chen, C.: Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 Standards. Computer Standards Interfaces 29(2), 254–259 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Abughazalah, S., Markantonakis, K., Mayes, K. (2013). A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds) Security and Privacy Protection in Information Processing Systems. SEC 2013. IFIP Advances in Information and Communication Technology, vol 405. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39218-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-39218-4_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39217-7
Online ISBN: 978-3-642-39218-4
eBook Packages: Computer ScienceComputer Science (R0)