Security Flaws and Improvement of a Cloud-Based Authentication Protocol for RFID Supply Chain Systems

2018 3rd International Conference on Computer and Communication Systems (ICCCS) Pub Date : 2018-09-13 DOI:10.1109/CCOMS.2018.8463255

J. Khor, M. Sidorov

{"title":"Security Flaws and Improvement of a Cloud-Based Authentication Protocol for RFID Supply Chain Systems","authors":"J. Khor, M. Sidorov","doi":"10.1109/CCOMS.2018.8463255","DOIUrl":null,"url":null,"abstract":"Cloud-based radio frequency identification (RFID) is an emerging solution for supply chain systems to solve capacity limitation found in a traditional backend server. However, most of the solutions proposed in previous research works are not suitable to be implemented for resource constrained RFID tags. Therefore, a cloud-based mutual authentication (CMA) protocol was proposed by Lin et al. using a hash function and exclusive-OR and was claimed to achieve confidentiality, untraceability, mutual authentication, and forward secrecy. Furthermore, it was claimed that the protocol is resistant to tag/reader impersonation attacks, replay attacks, desynchronization attacks, and denial of service (DoS) attacks. However, this paper proves that the CMA protocol is vulnerable to two types of attack, namely desynchronization and DoS attacks. A detailed security analysis of the CMA protocol is shown in this paper to prove its security vulnerability. In addition, an enhanced CMA protocol is proposed in this paper that is secure against desynchronization and DoS attacks.","PeriodicalId":405664,"journal":{"name":"2018 3rd International Conference on Computer and Communication Systems (ICCCS)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 3rd International Conference on Computer and Communication Systems (ICCCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCOMS.2018.8463255","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Cloud-based radio frequency identification (RFID) is an emerging solution for supply chain systems to solve capacity limitation found in a traditional backend server. However, most of the solutions proposed in previous research works are not suitable to be implemented for resource constrained RFID tags. Therefore, a cloud-based mutual authentication (CMA) protocol was proposed by Lin et al. using a hash function and exclusive-OR and was claimed to achieve confidentiality, untraceability, mutual authentication, and forward secrecy. Furthermore, it was claimed that the protocol is resistant to tag/reader impersonation attacks, replay attacks, desynchronization attacks, and denial of service (DoS) attacks. However, this paper proves that the CMA protocol is vulnerable to two types of attack, namely desynchronization and DoS attacks. A detailed security analysis of the CMA protocol is shown in this paper to prove its security vulnerability. In addition, an enhanced CMA protocol is proposed in this paper that is secure against desynchronization and DoS attacks.

查看原文本刊更多论文

基于云的RFID供应链系统认证协议的安全缺陷与改进

基于云的射频识别(RFID)是供应链系统解决传统后端服务器容量限制的一种新兴解决方案。然而，在以往的研究工作中提出的大多数解决方案都不适合实现资源受限的RFID标签。因此，Lin等人提出了一种基于云的相互认证(CMA)协议，该协议使用哈希函数和异或，声称可以实现机密性、不可追溯性、相互认证和前向保密。此外，据称该协议可以抵抗标签/读取器模拟攻击、重放攻击、去同步攻击和拒绝服务(DoS)攻击。然而，本文证明了CMA协议容易受到两种类型的攻击，即去同步攻击和DoS攻击。本文对CMA协议进行了详细的安全分析，证明了其存在的安全漏洞。此外，本文还提出了一种增强的CMA协议，该协议可以抵御去同步和DoS攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 3rd International Conference on Computer and Communication Systems (ICCCS)

自引率

0.00%

发文量