attacks and improvements to an rfid mutual authentication protocol and its extensions
DESCRIPTION
Second ACM Conference on Wireless Network Security (WiSec ‘09). Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions. Shaoying Cai 1 Yingjiu Li 1 Tieyan Li 2 Robert H. Deng 1. 1 Singapore Management University - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/1.jpg)
Attacks and Improvements to an RFID Mutual Authentication Protocol
and its Extensions
Shaoying Cai1 Yingjiu Li1
Tieyan Li2 Robert H. Deng1
1Singapore Management University2Institute for Infocomm Research (I2R)
March 16-18, 2009, Zurich, Switzerland
Second ACM Conference on Wireless Network Security (WiSec ‘09)
![Page 2: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/2.jpg)
OverallRFID Authentication Protocol for Low-Cost Tags B. Song and C. J. Mitchell (WiSec 08)
RFID Tag Ownership TransferB. Song (RFIDsec 08)
Tag impersonation attack
Server impersonation attack
De-synchronization attack
Song-Mitchell Protocol
Song’s Secret Update Protocol
![Page 3: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/3.jpg)
Outline
• RFID Background
• Attacks and Improvements to
the Song–Mitchell Protocol
• Attacks and Improvements to
the Song’s Secret Update Protocol
• Conclusions
![Page 4: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/4.jpg)
Radio Frequency Identification System
Components: Tag, Reader, Back-end database Characteristics: Wireless connection ( tag reader ) Limited capability of the tags
100 meters
Tag Reader
Attacker
Attacker Model: Active attacker
Backend Server
![Page 5: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/5.jpg)
Privacy and Security Concerns of Mutual Authentication Protocol
• Tag information privacy• Tag location privacy• Resistance to server\tag impersonation attack• Resistance to replay attack• Resistance to de-synchronization attack• Forward and backward security
![Page 6: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/6.jpg)
Privacy Concerns of Ownership Transfer
• New owner privacy
• Old owner privacy
• Authorization recovery
![Page 7: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/7.jpg)
Song-Mitchell Mutual Authentication Protocol
ti = h(si)
Implicit tag authentication
Identification
Server authenticatio
nUpdate
Update
![Page 8: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/8.jpg)
Server Impersonation Attackr1
M1 , M2
M3
M1 , M3
r1’
M1’, M2’
M3’
Em, you are valid.I’m
server
L1R3L1R3
R1L3R1L3
]'[M][M][M]'[M
]'[M][M][M]'[M
Result ?
![Page 9: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/9.jpg)
Result of Server Impersonation Attack
r1
M1 , M2
TiSearch database,
Search…
Search….
But,
[(si,ti)new, (si,ti)old]
Server [t’]
Who are
you?
It’s me, Ti….I was
changed by Attacker.
![Page 10: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/10.jpg)
Tag Impersonation Attack
r1
’M1’, M2’
r1
M1, M2
M3
Yeah, you are Ti.
I’m serve
r'M M
rr 'MM
22
11
'11
I’m tag Ti
Ti
Result ?
![Page 11: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/11.jpg)
Vulnerability Analysis
baba :
>> :
S >> l/2 = [S]R || [S]L
![Page 12: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/12.jpg)
Modified Song-Mitchell Protocol
)||( 212 rrfM it
)||( 112 tMrfM t
srhM )2(3
)( 23 rhMsi
![Page 13: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/13.jpg)
Song's secret update protocol
ti ti’
![Page 14: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/14.jpg)
De-Synchronization Attack
r1 , M1, M2
r2’, M3’
Ti
r1 , M1’ , M2’
Update Ti’s secret
to ti’
Ti
L1R2L1R2
R1L2R1L2
l 1
]'[M][M][M]'[M
]'[M][M][M]'[M
1} {0, 'M
R
Updates to ti’’
![Page 15: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/15.jpg)
Modified Tag Update Protocol
)'()(2 inewi thsM
)'(2 ii thMs
![Page 16: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/16.jpg)
Conclusions Song-Mitchell mutual authentication protocol
Tag secret update protocol
Server impersonation attack
Tag impersonation attack
De-synchronization attack
![Page 17: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/17.jpg)
Discussion
F denotes a computationally complex function such as hash and keyed hash, and k is an integer between 1 and 2N
• Performance
• Formal Proof
Will be given in our future work.
![Page 18: Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions](https://reader035.vdocument.in/reader035/viewer/2022062517/56813c0d550346895da57ded/html5/thumbnails/18.jpg)
Q & A?