| RFID (Radio Frequency Identification) is a non-contact and automated object identificationtechnology that uses radio signal to identify an object carrying the identification information. Dueto the automatic identification process and low-cost tag, RFID has found widespread use in manyapplications. However, the security and privacy issues have raised people’s concerns. In most RFIDsystems, tags are typically designed to be inexpensive for mass distribution, thus they have limitedmemory capacity, computational and processing ability. These inherent limitations of low-cost tagscould not afford the use of traditional cryptographic primitives which are costly in suchenvironments.The paper focuses on the wireless channel between a tag and a reader, and provide an in-depthanalysis of the security and privacy threatens on communications between tags and readers, as wellas the existing attacks. On this basis, the security requirements and countermeasures are analyzed.The following achievements are obtained in this paper:First, analysis of the security of RFID ultra-lightweight authentication protocol. The security ofthe RAPLT protocol, proposed by Jeon and Yoon, is analyzed. Utilizing the linear property of themerge operation, the adversary can deduce the shared secrets with overwhelming probability aftereavesdropping about100round authentication messages. In addition, the security of theimprovement of LMAP protocol proposed by Jitendra et al is analyzed. Using the structureweakness of the protocol, and the property of bitwise operations, the adversary can discover all thesecrets after eavesdropping about20round authentication messages.Second, analyze and design the authentication protocol conforming to EPC C-1G-2standard.The security of SRP+protocol is analyzed. It suffers from the desynchronization attack and passivedisclosure attack, and the attack complexity is O (216)evaluation of the PRNG function. Inaddition, a new modified version of SRP++protocol is presented. The security analysis show thenew protocol can resist disclosure attack with the exhaustive search complexity to O (232), which isthe optimal security bound.Third, analyze and design the authentication protocol satisfying the forward security. Thesecurity of the protocol proposed by Yi-pin et al is in-depth analyzed. It’s vulnerable to forwardsecurity attack, and it is danger to let the server save the tag secret information. In addition, basedon the difficulty of the Computation Diffie-Hellman problem,a new ECC-based RFIDauthentication protocol satisfying the forward security is designed. The performance and securityof this new protocol is detailed analyzed. |
PDF Full Text Request