A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags

Abstract : In this paper, we describe a vulnerability against one of the most efficient authentication protocols for low-cost RFID tags proposed by Song. The protocol defines a weak attacker as an intruder which can manipulate the communication between a reader and tag without accessing the internal data of a tag. It has been claimed that the Song protocol is able to resist weak attacks, such as denial of service (DoS) attack; however, we found that a weak attacker is able to desynchronise a tag, which is one kind of DoS attack. Moreover, the database in the Song protocol must use a brute force search to retrieve the tag’s records affecting the operational performance of the server. Finally, we propose an improved protocol which can prevent the security problems in Song protocol and enhance the server’s scalability performance.
Document type :
Conference papers
Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.102-110, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_8〉
Liste complète des métadonnées

Cited literature [9 references]  Display  Hide  Download

https://hal.inria.fr/hal-01463848
Contributor : Hal Ifip <>
Submitted on : Thursday, February 9, 2017 - 5:24:35 PM
Last modification on : Thursday, February 9, 2017 - 5:37:18 PM
Document(s) archivé(s) le : Wednesday, May 10, 2017 - 2:39:42 PM

File

978-3-642-39218-4_8_Chapter.pd...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Sarah Abughazalah, Konstantinos Markantonakis, Keith Mayes. A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags. Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.102-110, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_8〉. 〈hal-01463848〉

Share

Metrics

Record views

178

Files downloads

26