Tag Impersonation Attack on Ultra-Lightweight Radio Frequency Identification Authentication Scheme
Authors: Reham Al-Zahrani, Noura Aleisa
Abstract:
The proliferation of Radio Frequency Identification (RFID) technology has raised concerns about system security, particularly regarding tag impersonation attacks. Regarding RFID systems, an appropriate authentication protocol must resist active and passive attacks. A tag impersonation occurs when an adversary's tag is used to fool an authenticating reader into believing it is a legitimate tag. The paper thoroughly analyses the security of the Efficient, Secure, and Practical Ultra-Lightweight RFID Authentication Scheme (ESRAS). It examines the protocol within the context of RFID systems and focuses specifically on its vulnerability to tag impersonation attacks. The Scyther tool is utilized to assess the protocol's security, providing a comprehensive evaluation of ESRAS's effectiveness in preventing unauthorized tag impersonation.
Keywords: RFID, radio frequency identification, impersonation attack, authentication, ultra-lightweight protocols, security.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 89References:
[1] J. &. W. Y. Davies, "Physically unclonable functions (PUFs): a new frontier in supply chain product and asset tracking.," IEEE Engineering Management Review, vol. 49, no. 2, pp. 116-125, 2021.
[2] J. H. I. W. Y. M. I. S. M. K. &. R. M. G. Khor, "Security problems in an RFID system," Wireless Personal Communications, vol. 59, pp. 17-26, 2011.
[3] P. C.-G. C. &. M.-G. J. Caballero-Gil, "RFID authentication protocol based on a novel EPC Gen2 PRNG," arXiv preprint arXiv, p. 2208.05345, 2022.
[4] A. &. D. G. Ibrahim, "Review of different classes of RFID authentication protocols," Wireless Networks, vol. 25, pp. 961-974, 2019.
[5] Z. &. M. K. Bilal, "Ultra-lightweight mutual authentication protocols: Weaknesses and countermeasures." in 2013 International Conference on Availability, Reliability and Security, 2013.
[6] M. B. N. N. M. L. Y. &. C. Q. Safkhani, "Tag impersonation attack on two RFID mutual authentication protocols," in 2011 Sixth International Conference on Availability, Reliability and Security, 2011.
[7] S. K. Y. B. V. K. Y. A. A. &. H. B. Gabsi, "Novel ECC-based RFID mutual authentication protocol for emerging IoT applications.," IEEE access, vol. 9, pp. 130895-130913, 2021.
[8] H. A. &. K. D. Abdul-Ghani, "A comprehensive study of security and privacy guidelines, threats, and countermeasures: An IoT perspective," Journal of Sensor and Actuator Networks, vol. 8, no. 2, p. 22, 2019.
[9] S. &. R. B. Azad, "A lightweight protocol for RFID authentication," in 2019 IEEE Asia-Pacific Conference on Computer Science and Data Engineering (CSDE), 2019.
[10] B. &. M. C. J. Song, "RFID authentication protocol for low-cost tags," in Proceedings of the first ACM conference on Wireless network security, 2008.
[11] M. S. K. L. C. C. M. &. K. T. Shariq, "ESRAS: An efficient and secure ultra-lightweight RFID authentication scheme for low-cost tags," Computer Networks, vol. 217, p. 109360, 2022.
[12] M. J. D. W. M. H. B. Z. S. S. M. &. A. M. S. Imdad, "Internet of things (IoT); security requirements, attacks and counter measures," Indonesian Journal of Electrical Engineering and Computer Science, vol. 18, no. 3, pp. 1520-1530, 2020.
[13] Y. Z. Y. C. W. T. Z. &. H. Z. An, "A lightweight and practical anonymous authentication protocol based on bit-self-test PUF," Electronics, vol. 11, no. 5, p. 772, 2022.
[14] A. K. &. P. B. D. K. Singh, "Security Attacks on RFID and their Countermeasures," In Computer Communication, Networking and IoT: Proceedings of ICICC 2020, pp. 509-518, 2021.
[15] S. M. S. L. C. &. F. C. Miniaoui, "Comparing cyber physical systems with RFID applications: common attacks and countermeasure challenges," International Journal of Business Information Systems, vol. 40, no. 4, pp. 540-559, 2022.
[16] M. A. O. H. A. S. H. T. C. B. N. K. S. &. H. B. Hosseinzadeh, "An enhanced authentication protocol for RFID systems," IEEE Access, pp. 126977-126987, 2020.
[17] A. T. D. R. A. A. &. D. J. Baha’A, "Using dummy data for RFID tag and reader authentication.," Digital Communications and Networks, vol. 8, no. 5, pp. 804-813, 2022.
[18] V. K. R. K. A. A. K. V. C. Y. C. &. C. C. C. Kumar, "RAFI: Robust authentication framework for IoT-based RFID infrastructure," Sensors, vol. 22, no. 9, p. 3110, 2022.
[19] U. T. A. G. S. Y. A. R. N. R. &. G. F. W. Iqbal, "A Novel Secure Authentication Protocol for IoT and Cloud Servers," Wireless Communications and Mobile Computing, 2022.
[20] N. G. N. &. L. P. Kahya, "Formal analysis of PKM using scyther tool," in 2012 International Conference on Information Technology and e-Services, 2012.
[21] C. J. Cremers, "The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols: Tool Paper," in Computer Aided Verification: 20th International Conference, CAV 2008 Princeton, NJ, USA, July 7-14, 2008 Proceedings 20, 2008.
[22] Z. Yang, "Efficient eck-secure authenticated key exchange protocols in the standard model," in Information and Communications Security: 15th International Conference, 2013.
[23] H. O. V. A. &. P. A. Yang, "Verifying Group Authentication Protocols by Scyther," J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., vol. 7, no. 2, pp. 3-19, 2016.
[24] Y. K. J. D. D. G. A. P. V. Y. I. &. P. G. Ko, "Drone secure communication protocol for future sensitive applications in military zone," Sensors, vol. 21, no. 6, p. 2057, 2021.
[25] H. Huang, "An eCK-Secure One Round Authenticated Key Exchange Protocol with Perfect Forward Security," J. Internet Serv. Inf. Secur., pp. 32-43, 2011.
[26] D. &. C. C. Basin, "Degrees of security: Protocol guarantees in the face of compromising adversaries.," in Computer Science Logic: 24th International Workshop, CSL 2010, 19th Annual Conference of the EACSL, Brno, Czech Republic, 2010.
[27] A. K. M. M. P. P. K. K. K. G. S. &. L. M. Yadav, "LEMAP: A lightweight EAP based mutual authentication protocol for IEEE 802.11 WLAN," in ICC 2022-IEEE International Conference on Communications, 2022.
[28] A. Sarr, "Authenticated key agreement protocols: security models, analyses, and designs," (Doctoral dissertation, Université Joseph-Fourier-Grenoble I)., 2010.
[29] S. Ç. S. B. M. A. K. M. S. D. H. &. L. A. Kardaş, "k‐strong privacy for radio frequency identification authentication protocols based on physically unclonable functions," Wireless Communications and Mobile Computing, vol. 15, no. 18, pp. 2150-2166, 2015.
[30] A. &. G. B. B. ewari, "Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags," The Journal of Supercomputing, vol. 73, pp. 1085-1102, 2017.
[31] H. W. G. S. J. &. H. Z. Luo, "SLAP: Succinct and Lightweight Authentication Protocol for low-cost RFID system," Wireless Networks, vol. 24, pp. 69-78, 2018.