Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions Shaoying Cai 1 Yingjiu Li 1 Tieyan Li 2 Robert H. Deng 1 1 Singapore.

Published byDaniel McCarthy Modified over 9 years ago

Similar presentations

Presentation on theme: "Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions Shaoying Cai 1 Yingjiu Li 1 Tieyan Li 2 Robert H. Deng 1 1 Singapore."— Presentation transcript:

1 Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions Shaoying Cai 1 Yingjiu Li 1 Tieyan Li 2 Robert H. Deng 1 1 Singapore Management University 2 Institute for Infocomm Research (I 2 R) March 16-18, 2009, Zurich, Switzerland Second ACM Conference on Wireless Network Security (WiSec ‘09)

2 Overall RFID Authentication Protocol for Low-Cost Tags B. Song and C. J. Mitchell (WiSec 08) RFID Tag Ownership Transfer B. Song (RFIDsec 08) Tag impersonation attack Server impersonation attack De-synchronization attack Song-Mitchell Protocol Song’s Secret Update Protocol

3 Outline RFID Background Attacks and Improvements to the Song–Mitchell Protocol Attacks and Improvements to the Song’s Secret Update Protocol Conclusions

4 Radio Frequency Identification System Components: Tag, Reader, Back-end database Characteristics : Wireless connection ( tag  reader ) Limited capability of the tags 100 meters TagReader Attacker Attacker Model: Active attacker Backend Server

5 Privacy and Security Concerns of Mutual Authentication Protocol Tag information privacy Tag location privacy Resistance to server\tag impersonation attack Resistance to replay attack Resistance to de-synchronization attack Forward and backward security

6 Privacy Concerns of Ownership Transfer New owner privacy Old owner privacy Authorization recovery

7 Song-Mitchell Mutual Authentication Protocol t i = h(s i ) Implicit tag authentication Identification Server authentication Update

8 Server Impersonation Attack r1r1 M 1, M 2 M3M3 M 1, M 3 r1’r1’ M 1 ’, M 2 ’ M3’M3’ Em, you are valid. I’m serve r Result ?

9 Result of Server Impersonation Attack r1r1 M 1, M 2 T i Search database, Search… Search…. But, [(s i,t i ) new, (s i,t i ) old ] Server [t’] Who are you? It’s me, T i …. I was changed by Attacker.

10 Tag Impersonation Attack r1’r1’ M 1 ’, M 2 ’ r1r1 M 1, M 2 M3M3 Yeah, you are T i. I’m serve r I’m tag T i TiTi Result ?

11 Vulnerability Analysis : >> : S >> l/2 = [S] R || [S] L

12 Modified Song-Mitchell Protocol

13 Song's secret update protocol t i  t i ’

14 De-Synchronization Attack r 1, M 1, M 2 r 2 ’, M 3 ’ T i r 1, M 1 ’, M 2 ’ Update T i ’s secret to t i ’ T i Updates to t i ’’

15 Modified Tag Update Protocol

16 Conclusions Song-Mitchell mutual authentication protocol Tag secret update protocol Server impersonation attack Tag impersonation attack De-synchronization attack

17 Discussion F denotes a computationally complex function such as hash and keyed hash, and k is an integer between 1 and 2N Performance Formal Proof Will be given in our future work.

18 Q & A?

19 Thank you! Shaoying Cai: sycai@smu.edu.sg

Download ppt "Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions Shaoying Cai 1 Yingjiu Li 1 Tieyan Li 2 Robert H. Deng 1 1 Singapore."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.
Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University,

Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University,
By Md Emran Mazumder Ottawa University Student no: 6282845.

By Md Emran Mazumder Ottawa University Student no:
1 An Ultra-lightweight Authentication Protocol in RFID Speaker: 魏家惠.

1 An Ultra-lightweight Authentication Protocol in RFID Speaker: 魏家惠.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.
Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.

Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
Cryptography In Censorship Resistant Web Publishing Systems By Hema Hariharan Swati B Shah.

Cryptography In Censorship Resistant Web Publishing Systems By Hema Hariharan Swati B Shah.
RFID Security and Privacy Part 2: security example.

RFID Security and Privacy Part 2: security example.
Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.

Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.
Pseudo Trust: Zero-Knowledge Based Authentication in Anonymous Peer-to-Peer Protocols Li Lu, Lei Hu State Key Lab of Information Security, Graduate School.

Pseudo Trust: Zero-Knowledge Based Authentication in Anonymous Peer-to-Peer Protocols Li Lu, Lei Hu State Key Lab of Information Security, Graduate School.
1 電子商務代理人與無線射頻系統上安全設計之研究 The Study of Secure Schemes on Agent-based Electronic Commerce Transaction and RFID system 指導教授 : 詹進科 教授 (Prof. Jinn-Ke Jan) 陳育毅.

1 電子商務代理人與無線射頻系統上安全設計之研究 The Study of Secure Schemes on Agent-based Electronic Commerce Transaction and RFID system 指導教授 : 詹進科 教授 (Prof. Jinn-Ke Jan) 陳育毅.
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Similar presentations

Ads by Google