{"title":"基于云的RFID供应链系统认证协议的安全缺陷与改进","authors":"J. Khor, M. Sidorov","doi":"10.1109/CCOMS.2018.8463255","DOIUrl":null,"url":null,"abstract":"Cloud-based radio frequency identification (RFID) is an emerging solution for supply chain systems to solve capacity limitation found in a traditional backend server. However, most of the solutions proposed in previous research works are not suitable to be implemented for resource constrained RFID tags. Therefore, a cloud-based mutual authentication (CMA) protocol was proposed by Lin et al. using a hash function and exclusive-OR and was claimed to achieve confidentiality, untraceability, mutual authentication, and forward secrecy. Furthermore, it was claimed that the protocol is resistant to tag/reader impersonation attacks, replay attacks, desynchronization attacks, and denial of service (DoS) attacks. However, this paper proves that the CMA protocol is vulnerable to two types of attack, namely desynchronization and DoS attacks. A detailed security analysis of the CMA protocol is shown in this paper to prove its security vulnerability. In addition, an enhanced CMA protocol is proposed in this paper that is secure against desynchronization and DoS attacks.","PeriodicalId":405664,"journal":{"name":"2018 3rd International Conference on Computer and Communication Systems (ICCCS)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Security Flaws and Improvement of a Cloud-Based Authentication Protocol for RFID Supply Chain Systems\",\"authors\":\"J. Khor, M. Sidorov\",\"doi\":\"10.1109/CCOMS.2018.8463255\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cloud-based radio frequency identification (RFID) is an emerging solution for supply chain systems to solve capacity limitation found in a traditional backend server. However, most of the solutions proposed in previous research works are not suitable to be implemented for resource constrained RFID tags. Therefore, a cloud-based mutual authentication (CMA) protocol was proposed by Lin et al. using a hash function and exclusive-OR and was claimed to achieve confidentiality, untraceability, mutual authentication, and forward secrecy. Furthermore, it was claimed that the protocol is resistant to tag/reader impersonation attacks, replay attacks, desynchronization attacks, and denial of service (DoS) attacks. However, this paper proves that the CMA protocol is vulnerable to two types of attack, namely desynchronization and DoS attacks. A detailed security analysis of the CMA protocol is shown in this paper to prove its security vulnerability. In addition, an enhanced CMA protocol is proposed in this paper that is secure against desynchronization and DoS attacks.\",\"PeriodicalId\":405664,\"journal\":{\"name\":\"2018 3rd International Conference on Computer and Communication Systems (ICCCS)\",\"volume\":\"28 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-09-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 3rd International Conference on Computer and Communication Systems (ICCCS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCOMS.2018.8463255\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 3rd International Conference on Computer and Communication Systems (ICCCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCOMS.2018.8463255","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security Flaws and Improvement of a Cloud-Based Authentication Protocol for RFID Supply Chain Systems
Cloud-based radio frequency identification (RFID) is an emerging solution for supply chain systems to solve capacity limitation found in a traditional backend server. However, most of the solutions proposed in previous research works are not suitable to be implemented for resource constrained RFID tags. Therefore, a cloud-based mutual authentication (CMA) protocol was proposed by Lin et al. using a hash function and exclusive-OR and was claimed to achieve confidentiality, untraceability, mutual authentication, and forward secrecy. Furthermore, it was claimed that the protocol is resistant to tag/reader impersonation attacks, replay attacks, desynchronization attacks, and denial of service (DoS) attacks. However, this paper proves that the CMA protocol is vulnerable to two types of attack, namely desynchronization and DoS attacks. A detailed security analysis of the CMA protocol is shown in this paper to prove its security vulnerability. In addition, an enhanced CMA protocol is proposed in this paper that is secure against desynchronization and DoS attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
