A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags

Abstract : In this paper, we describe a vulnerability against one of the most efficient authentication protocols for low-cost RFID tags proposed by Song. The protocol defines a weak attacker as an intruder which can manipulate the communication between a reader and tag without accessing the internal data of a tag. It has been claimed that the Song protocol is able to resist weak attacks, such as denial of service (DoS) attack; however, we found that a weak attacker is able to desynchronise a tag, which is one kind of DoS attack. Moreover, the database in the Song protocol must use a brute force search to retrieve the tag’s records affecting the operational performance of the server. Finally, we propose an improved protocol which can prevent the security problems in Song protocol and enhance the server’s scalability performance.
Type de document :
Communication dans un congrès
Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.102-110, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_8〉
Liste complète des métadonnées

Littérature citée [9 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01463848
Contributeur : Hal Ifip <>
Soumis le : jeudi 9 février 2017 - 17:24:35
Dernière modification le : jeudi 9 février 2017 - 17:37:18
Document(s) archivé(s) le : mercredi 10 mai 2017 - 14:39:42

Fichier

978-3-642-39218-4_8_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Sarah Abughazalah, Konstantinos Markantonakis, Keith Mayes. A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags. Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.102-110, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_8〉. 〈hal-01463848〉

Partager

Métriques

Consultations de la notice

244

Téléchargements de fichiers

41