Journal of Internet Computing and Services (인터넷정보학회논문지)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지

Security Enhancing of Authentication Protocol for Hash Based RFID Tag

해쉬 기반 RFID 태그를 위한 인증 프로토콜의 보안성 향상

  • Jeon, Jin-Oh (Dept. of Computer Engineering, Anyang University) ;
  • Kang, Min-Sup (Dept. of Computer Engineering, Anyang University)
  • Received : 2010.04.08
  • Accepted : 2010.07.14
  • Published : 2010.08.30
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we first propose the security enhancing of authentication protocol for Hash based RFID tag, and then a digital Codec for RFID tag is designed based on the proposed authentication protocol. The protocol is based on a three-way challenge response authentication protocol between the tags and a back-end server. In order to realize a secure cryptographic authentication mechanism, we modify three types of the protocol packets which defined in the ISO/IEC 18000-3 standard. Thus active attacks such as the Man-in-the-middle and Replay attacks can be easily protected. In order to verify effectiveness of the proposed protocol, a digital Codec for RFID tag is designed using Verilog HDL, and also synthesized using Synopsys Design Compiler with Hynix $0.25\;{\mu}m$ standard-cell library. Through security analysis and comparison result, we will show that the proposed scheme has better performance in user data confidentiality, tag anonymity, Man-in-the-middle attack prevention, replay attack, forgery resistance and location tracking.

본 논문에서는 해쉬 기반 RFID 태그를 위한 보안성이 향상된 인증 프로토콜을 제안하고, 제안한 인증 프로토콜 기반으로 한 RFID 태그의 디지털 코덱을 설계한다. 제안한 프로토콜은 태그와 back-end 서버 사이에서 3-way 질의 응답 인증 프로토콜을 기본으로 하고 있으며, 안전한 인증 메커니즘을 구현하기 위해, ISO/IEC 18000-3 표준에서 규정된 3가지 타입의 프로토콜 패킷을 개선된 형태로 수정한다. 제안한 방법은 Man-in-the-middle과 Replay attacks과 같은 능동 공격의 방어에 특히 유효하다. 제안된 프로토콜의 효과를 검증하기 위하여 RFID 태그에서의 디지털 코덱은 Verilog HDL을 사용하여 설계하였고 Hynix $0.25\;{\mu}m$ standard-cell library을 갖춘 Synopsys Design Compiler을 이용하여 합성하였다. 보안 분석 및 실험결과를 통해, 본 논문에서 제안된 방법이 사용자의 데이터 보안, 태그 익명성, Man-in-the-middle attack 예방, replay attack, 위조방지 및 위치 추적 등에 서 성능이 개선됨을 보였다.

Keywords

References

  1. Markus Jakobsson and David Pointcheval, "Mutual Authentication for Low-power Mobile Devices", Lecture Notes in Computer Science, Vol. 178-195, 2002.
  2. Stephen A. Weis, Sanjay E.Sarma, Ronald L. Rivest and Daiel W. Engels, "Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems", First International Conference on Security in Pervasive Computing, 2003. http://theory.lcs.mit.edu/ sweis/spc-rfid.pdf
  3. S. E. Sarma, S. A. Weis, and D. W. Engels, "RFID System and Security and Privacy Implications", CHES 2002, Lecture Notes in Computer Science, Vol. 2523, pp. 454 - 469, 2003.
  4. M. Ohkubo, K. Suzki, S. Kinoshita, Cryptographic Approach to 'privacy friendly' tags, RFID Privacy Workshop, 2003.
  5. International Organization for Standardization, "ISO/IEC 18000-3, Information Technology AIDC Techniques - RFID for Item Management," March 2003.
  6. Martin Feldhofer, "A Proposal for an Authentication Protocol in a Security Layer for RFID Smart Tags", IEEE Proceedings of MELECON 2004, Vol. 2, pp. 759-762, 2004.
  7. J. Yang, K. Ren, and K. Kim, "Security and Privacy on Authentication Protocol for Low-cost RFID", Proceedings of SCIS2005, pp. 25-28, Jan. 2005
  8. D. Eastlake and P. Jones, "US Secure Hash Algorithm 1 (SHA-1)", Internet RFC 3174, September 2001.
  9. Weis, S., Sarma, S., Rivest, R., and Engels, D., "Security and Privacy Aspects of Low-Cost RFIDs", Security in Pervasive Computing, Lecture Notes in Computer Science, Vol. 2802, pp. 201-212, 2003.
  10. S. B. Ryu, J. O. Jeon, and M. S. Kang, "FPGA Design of Digital Codec for Passive RFID Tag", in ALPIT 2007, August 2007.
  11. Hynix Semiconductor Inc., Macrocell Cell DataBook: 0.25-Micron 2.5V Standard Cell Library HSM222A, Aug. 2001.