Attacks and Countermeasures for RFID Mutual Authentication Scheme in Pervasive Computing Environment

• Abedelaziz Mohaisen,
• Ku-Young Chang,
• Dowon Hong,

Vol. 5, No. 9, September 28, 2011
10.3837/tiis.2011.09.011, Download Paper (Free):

• RFID
• Mutual Authentication
• attacks and countermeasures
• pervasive computing environments

Abstract

We show that two protocols for RFID mutual authentication in pervasive computing environments, recently proposed by Kang et al, are vulnerable to several attacks. First, we show these protocols do not preserve the privacy of users' location. Once a tag is authenticated successfully, we show several scenarios where legitimate or illegitimate readers can trace the location of that tag without any further information about the tag's identifier or initial private key. Second, since the communication between readers and the database takes place over an insecure communication channel and in the plaintext form, we show scenarios where a compromised tag can gain access to confidential information that the tag is not supposed get access to. Finally, we show that these protocols are also vulnerable to the replay and denial-of-service attacks. While some of these attacks are due to simple flaws and can be easily fixed, others are more fundamental and are due to relaxing widely accepted assumptions in the literature. We examine this issue, apply countermeasures, and re-evaluate the protocols overhead after taking these countermeasures into account and compare them to other work in the literature.

Statistics

Cite this article