Journal of the Institute of Electronics Engineers of Korea CI (전자공학회논문지CI)

The Institute of Electronics and Information Engineers (대한전자공학회)
권호 표지

TRMA: Two-Round RFID Mutual Authentication Protocol

TRMA: 2-라운드 RFID 상호 인증 프로토콜

  • Ahn, Hae-Soon (College of General Education, Daegu University) ;
  • Bu, Ki-Dong (School of Computer Engineering, Kyungil University) ;
  • Yoon, Eun-Jun (School of Electrical Engineering and Computer Science, Kyungpook National University) ;
  • Nam, In-Gil (School of Computer & Information Technology, Daegu University)
  • 안해순 (대구대학교 교양대학) ;
  • 부기동 (경일대학교 컴퓨터공학부) ;
  • 윤은준 (경북대학교 전자전기컴퓨터학부) ;
  • 남인길 (대구대학교 컴퓨터.IT공학부)
  • Published : 2009.09.25
Download PDF
⟨ Previous Next ⟩

Abstract

In RFID system, the communicated data can be easily eavesdropped and tampered with by an attacker because the communication between the reader and the tag is performed in an insecure channel. Therefore, authentication is an important role in RFID applications for providing security and privacy. In 2006, Lee, Asano and Kim proposed an RFID mutual authentication protocol (the LAK protocol) which utilizes a hash function and synchronized secret information. However, Cao and Shen showed that the LAK protocol is vulnerable to replay attack, and therefore an adversary can impersonate the tag. This paper proposes a new simple two-round RFID mutual authentication (TRMA) protocol based on secure one-way hash function. As a result, the proposed TRMA protocol not only can prevent various attacks and but also provides communication efficiency since they mutually authenticate by performing two-round between RFID tag and RFID reader.

RFID 시스템에서는 리더와 태그간의 통신이 안전하지 않은 채널에서 수행되므로 전송되는 데이터가 공격자에 의해 쉽게 도청당하고, 위조될 수 있다. 그러므로 인증은 안전성과 프라이버시를 제공하기 위해 RFID 애플리케이션에서 중요한 역할을 한다. 2006년에 Lee, Asano 그리고 Kim은 해쉬 함수와 동기화된 비밀 정보를 이용하여 RFID 상호 인증 프로토콜인 LAK 프로토콜을 제안하였다. 그러나 Cao와 Shen은 LAK 프로토콜이 재전송 공격에 취약하고 공격자가 태그를 위조할 수 있다고 증명하였다. 본 논문에서는 안전한 일방향 해쉬 함수를 기반으로 하는 간단한 2-라운드 RFID 상호 인증 프로토콜인 TRMA 프로토콜을 제안한다. 제안한 TRMA 프로토콜은 다양한 공격들에 대해 안전할 뿐만 아니라 RFID 태그와 리더 간의 통신을 2-라운드만 수행하여 안전한 상호 인증을 하고, 높은 통신 효율성도 제공한다.

Keywords

References

  1. D. Lin, H. G. Elmongui, E. Bertino, and B. C. Ooi, 'Data management in RFID applications', International conference on database and expert systems applications, LNCS 4653, pp. 434-444, 2007 https://doi.org/10.1007/978-3-540-74469-6_43
  2. K.Finkenzeller, 'RFID handbook: fundamentals and applications in Contactless smart cards and identification', (2nd ed.), Munich, Germany: Wiley, 2003
  3. S. Garfinkel and B. Rosenberg, 'RFID applications, security, and privacy', Boston, USA: Addison-Wesley, 2005
  4. L.Srivastava, 'Ubiquitous network societies: The case of Radio Frequency Identification, background paper', International telecommunication union (ITU)new initiatives workshop on ubiquitous network societies, Geneva, Switzerland, 2005
  5. S.Shepard, 'RFID: Radio Frequency Identification', New York, USA: Mc Graw Hill, 2005
  6. S. A. Weis, S. E. Sarma, and R. L. Rivest, 'Security and privacy aspects of low-cost Radio Frequency Identification systems', Proceedings of first international conference on security in pervasive computing. 2003 https://doi.org/10.1007/978-3-540-39881-3_18
  7. Y. C. Chen, W. L. Wang, and M. S. Hwang, 'Low-cost RFID authentication protocol for anti-counterfeiting and privacy protection', Asian journal of health and information sciences, Vol. 1, No. 2, pp. 189-203, 2006
  8. S. Lee, T. Asano, and K. Kim, 'RFID mutual authentication scheme based on synchronized secret information', In proceedings of the SCIS'06, 2006
  9. H. Y. Chien and C. W. Huang, 'A lightweight RFID protocol using substring', EUC 2007, LNCS 4808, pp. 422-431, 2007 https://doi.org/10.1007/978-3-540-77092-3_37
  10. T. Cao and P. Shen, 'Cryptanalysis of two RFID authentication protocols', International journal of network security, In press, 2008
  11. D. N. Duc, J. Park, H. Lee, and K. Kim, 'Enhancing security of EPCglobal GEN-2 RFID tag against traceability and cloning', The 2006 Symposium on Cryptography and Information Security, 2006
  12. A. D. Henrici and P. MÄuller, 'Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers', In the Proceedings of PerSec'04 at IEEE PerCom, 2004, pp. 149-153
  13. S. Karthikeyan and M. Nesterenko, 'RFID security without extensive cryptography', Proceedings of the 3rd ACM Workshop on Security of Ad Hoc and Sensor Networks, 2005, pp. 63-67 https://doi.org/10.1145/1102219.1102229
  14. D. Molnar and D. Wagner, 'Privacy and security in library RFID: issues, practices, and architectures', Conference on Computer and Communications Security-CCS04, 2004, pp. 210-219 https://doi.org/10.1145/1030083.1030112
  15. M. Ohkubo, K. Suzki, and S. Kinoshita, 'Cryptographic approach to 'privacy friendly' tags', RFID Privacy Workshop, 2003
  16. K. Rhee, J. Kwak, S. Kim, and D. Won, 'Challenge-response based RFID authentication protocol for distributed database environment', International Conference on Security in Pervasive Computing-SPC 2005, 2005, pp. 70-84 https://doi.org/10.1007/978-3-540-32004-3_9
  17. J. Yang, J. Park, H. Lee, K. Ren, and K. Kim, 'Mutual authentication protocol for low-cost RFID', Handout of the Ecrypt Workshop on RFID and Lightweight Crypto, 2005
  18. J. Yang, K. Ren, and K. Kim, 'Security and privacy on authentication protocol for low-cost radio', The 2005 Symposium on Cryptography and Information Security, 2005
  19. 양형규, 안영화, '유비쿼터스 컴퓨팅 환경에 적합한 RFID 인증 프로토콜에 관한 연구,' 전자공학회논문지 42권 CI 1호, pp.45-50, 2005
  20. 김진목, 유황빈, '유비쿼터스 환경에서 Pre- Distribution을 기반으로 한 안전한 RFID 시스템,' 전자공학회논문지, 제42권, 제CI-6호, pp. 29-36, 2005
  21. 오선문, 강대성, 'NMF와 LDA 혼합 특징추출을 이용한 해마 학습기반 RFID 생체 인증 시스템에 관한 연구,' 전자공학회논문지, 제43권, 제SP-4호, pp. 46-54, 2006
  22. 박인정, 현택영, 'RFID를 이용한 작업관리 시스템,' 전자공학회논문지, 제44권, 제CI-2호, pp. 31-36, 2007
  23. 안해순, 부기동, 윤은준, 남인길, 'RFID/USN 환경을 위한 개선된 인증 프로토콜,' 전자공학회논문지, 제46권, 제CI-1호, pp. 1-10, 2009
  24. A. J. Menezes, P. C. Oorschot, and S. A. Vanstone, 'Handbook of applied cryptograph', CRC Press, New York, 1997