The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

An Efficient RFID Distance-Bounding Protocol to Prevent Relay Attacks

중계 공격을 예방하는 효율적인 RFID Distance-Bounding 프로토콜

  • Received : 2010.02.06
  • Accepted : 2010.04.05
  • Published : 2010.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

RFID (radio frequency identification) systems, recently being used in a wide range of areas, are vulnerable to relay attack from malicious attackers. For that reason, Brands, et al. proposed a certification protocol between a certifier and a verifier based on the concept of distance-bounding, and in addition Hancke et al. introduced the concept of RFID. However, the delivery of tag IDs, one of the main RFID features, is not still available, and there are two important demerits: anonymity in the delivery of tag IDs suggested by Kim et al. and inefficiency in finding a tag ID with regard to how to check errors which may occur in the process of data exchange between readers and tags. Therefore, this study proposes a protocol that meets the requirements of tag anonymity and location untraceability, has resistance to errors which may take place in the phase of tag data exchange, and is very efficient in finding tag IDs.

최근 다양한 분야에서 사용되고 있는 RFID 시스템은 악의적인 공격자로부터의 중계공격에서 취약함을 갖고있다. 따라서 Brands등은 Distance-Bounding 이라는 개념을 이용하여 증명자와 검증자 간의 인증 프로토콜을 제안하였고, 여기에 Hancke등은 RFID의 개념을 도입하였다. 그러나 RFID의 주요 기능 중 하나인 태그 아이디의 전달이 없다는 점과, Kim이 제안한 태그 아이디 전달에서의 익명성 및 리더 태그 간에 데이터 교환 단계에서 발생 가능한 에러 체크 방법에서 태그 아이디 검색의 비효율성의 단점이 있다. 따라서 본고에서는 태그의 익명성 및 위치 추적 불가능성을 만족하고, 태그의 정보 교환 단계에서 발생 가능 에러에 대한 저항성과, 태그 아이디의 검색에서 보다 효율적인 검색이 가능한 프로토콜을 제안한다.

Keywords

References

  1. Selwyn Piramuthu,"Protocols for RFID tag/reader authentication", Decision Support Systems 43, pp.897-914, 2007 https://doi.org/10.1016/j.dss.2007.01.003
  2. Ziv. Kfir and A. Wool, "Picking virtual pockets using relay attacks on contactless smart-card systems", IEEE, In Conference on Security and Privacy for Emerging Areas in Communication Networks-SecureComm 2005, pp.47-58, September 2005
  3. Ilan Kirschenbaum1 Avishai Wool, "How to build a low-cost, extendedrange RFID skimmer", 15th USENIX Security Symposium, pp.43-57, 8 May 2006
  4. Thomas S. Heydt-Benjamin, Daniel V. Bailey, Kevin Fu, Ari Juels, Tom O'Hare, "Vulnerabilities in First-Generation RFID-enabled Credit Cards", Springer Berlin , Financial Cryptography and Data Security , Vol.4886, pp.2-14, 2007 https://doi.org/10.1007/978-3-540-77366-5_2
  5. J. Hering, "The BlueSniper 'rifle'", Presented at 12th DEFCON, Las Vegas, 2004.
  6. Gildas Avoine, Muhammed Ali Bingol, Suleyman Kardas, Cedric Lauradoux, Benjamin Martin, "A Formal Framework for Cryptanalyzing RFID Distance Bounding Protocols", This work is partially funded by FP7-Project ICE under the grant agreement No.206546, 5 November 2009
  7. Stfan Brands, David Chaum, "Distance- Bounding Protocols", Springer Berlin/Heidelberg, Advances in Cryptology-EUROCRYPT '93 , Vol.765 of Lecture Notes in Computer Science, pp.344-359, May 1993
  8. Gerhard P. Hancke, Markus G. Kuhn, "An RFID Distance Bounding Protocol", IEEE, SecureComm, [4] C.Meadows, pp.67-73, 2005
  9. Jason Reid, Juan M. Gonzalez Nieto, Tee Tang, Bouchra Senadji ,"Detecting Relay Attacks with Timing-Based Protocols", ACM, ASIACCS, pp.204-213, March 2007
  10. Chong Hee Kim, Gildas Avoine, Francois Koeune, Francois-Xavier, Stadaert, Olivier Pereira, "The Swiss-Knife RFID Distane Bounding Protocol", Springer Berlin, ICISC 2008, vol 5461, pp.98-115 , 2008
  11. M. Bellare, P. Rogaway,"Entity Authentication and Key Distribution", Springer Berlin, CRYPTO' 93, Vol.773, pp.232-249, 1993
  12. J. D. Guttman, F. J. Thayer, L. D. Zuck ,"The faithfulness of abstract protocol analysis: Message authentication", IOS Press, Journal of Computer Security, Vol.12, pp.865-891, Number 6/2004 https://doi.org/10.3233/JCS-2004-12603