Abstract : In this paper, we describe a vulnerability against one of the most efficient authentication protocols for low-cost RFID tags proposed by Song. The protocol defines a weak attacker as an intruder which can manipulate the communication between a reader and tag without accessing the internal data of a tag. It has been claimed that the Song protocol is able to resist weak attacks, such as denial of service (DoS) attack; however, we found that a weak attacker is able to desynchronise a tag, which is one kind of DoS attack. Moreover, the database in the Song protocol must use a brute force search to retrieve the tag’s records affecting the operational performance of the server. Finally, we propose an improved protocol which can prevent the security problems in Song protocol and enhance the server’s scalability performance.
Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.102-110, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_8〉
https://hal.inria.fr/hal-01463848
Contributeur : Hal Ifip
<>
Soumis le : jeudi 9 février 2017 - 17:24:35
Dernière modification le : jeudi 9 février 2017 - 17:37:18
Document(s) archivé(s) le : mercredi 10 mai 2017 - 14:39:42
Sarah Abughazalah, Konstantinos Markantonakis, Keith Mayes. A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags. Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.102-110, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_8〉. 〈hal-01463848〉