Security&Privacy Analysis For RFID And Protocol Design

RFID (Radio Frequency Identification) is kind of technology which uses RF communication realizing contactless identification automatically in nowadays, RFID has a significant advantage on multiplexing rate and communication distance comparing to traditional identification technology such as barcode technology, therefore RFID technology is increasingly being accepted.However, just because of the growing popularity of RFID applications, more and more sensitive information related to the user’s personal privacy is gradually exposed to complex public environment. Meanwhile, considering the expanding scale of RFID systems, manufacturers have to reduce the manufacturing cost of RFID components, which restricts the hardware performance inevitably, and brings a certain limit on the design and deployment of RFID security strategy. Therefore, this gave rise to many scholars’ increasing concerns for privacy and security issues of low-cost RFID system.This paper focuses on the security and privacy issues of RFID system as well as RFID authentication protocol between the reader and tag.We also analyzed many security risks and attack threats associated with every component RFID system in depth, and proposed a security authentication scheme based on cryptography. Currently, We have achieved some research results as follows:1) In consideration of existing requirements of security and privacy requirement for RFID system, divide the multifarious RFID attacks into different layers based on attacker’s various angles.2) By analyzing typical vulnerabilities against RFID authentication protocol, we proposed a novel desynchronization attack, and the attack path and result shows this kind of attack can cause the secret-keys of database and Tags out of sync without any tamper, intercept and replays.3) In consideration of the new kind of desynchronization attack and limitations of low-cost RFID systems, we proposed a lightweight mutual authentication protocol named ADMA. Based on the theory of colored petri nets, we emulated the proposed protocol on formalization ways, showing its resistibility to desynchronization from malicious readers. Simultaneously, it is able to meet the general need of security and privacy. Compared with similar protocols in terms of storage and computing performance, the proposed protocol is more suitable for low-cost RFID systems.