暴露了RFID认证方案中EPCglobal标准误用导致的有效信息拒绝攻击

2008 IEEE 19th International Symposium on Personal, Indoor and Mobile Radio Communications Pub Date : 2008-12-08 DOI:10.1109/PIMRC.2008.4699588

T. Lim, Tieyan Li

{"title":"暴露了RFID认证方案中EPCglobal标准误用导致的有效信息拒绝攻击","authors":"T. Lim, Tieyan Li","doi":"10.1109/PIMRC.2008.4699588","DOIUrl":null,"url":null,"abstract":"In this paper, we expose a denial of information attack that is possible due to the misuse of the kill password (specified under the EPC Class-1 Gen-2 standard [1]) in a previously proposed RFID tag-reader mutual authentication scheme [2]. We show how a passive eavesdropper can obtain useful information by monitoring the authentication session involving a target tag and correlating the information received. By repeating the process over a few authentication sessions, the eavesdropper can collect enough information about the kill password to launch a successful attack to kill and disable the tag. From our simulation analysis, we find that the attack can be carried out effectively using only three to five eavesdropped sessions in most cases. In addition, we discuss the implications of this attack and describe a few other weaknesses that we have observed in the scheme.","PeriodicalId":125554,"journal":{"name":"2008 IEEE 19th International Symposium on Personal, Indoor and Mobile Radio Communications","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Exposing an effective denial of information attack from the misuse of EPCglobal standards in an RFID authentication scheme\",\"authors\":\"T. Lim, Tieyan Li\",\"doi\":\"10.1109/PIMRC.2008.4699588\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we expose a denial of information attack that is possible due to the misuse of the kill password (specified under the EPC Class-1 Gen-2 standard [1]) in a previously proposed RFID tag-reader mutual authentication scheme [2]. We show how a passive eavesdropper can obtain useful information by monitoring the authentication session involving a target tag and correlating the information received. By repeating the process over a few authentication sessions, the eavesdropper can collect enough information about the kill password to launch a successful attack to kill and disable the tag. From our simulation analysis, we find that the attack can be carried out effectively using only three to five eavesdropped sessions in most cases. In addition, we discuss the implications of this attack and describe a few other weaknesses that we have observed in the scheme.\",\"PeriodicalId\":125554,\"journal\":{\"name\":\"2008 IEEE 19th International Symposium on Personal, Indoor and Mobile Radio Communications\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-12-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 IEEE 19th International Symposium on Personal, Indoor and Mobile Radio Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PIMRC.2008.4699588\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 IEEE 19th International Symposium on Personal, Indoor and Mobile Radio Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PIMRC.2008.4699588","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

在本文中，我们揭示了在先前提出的RFID标签-读取器相互认证方案[2]中，由于误用终止密码(根据EPC Class-1 Gen-2标准[1]指定)而可能发生的拒绝信息攻击。我们展示了被动窃听者如何通过监视涉及目标标签的身份验证会话并关联接收到的信息来获取有用的信息。通过在几个身份验证会话中重复这个过程，窃听者可以收集到关于终止密码的足够信息，从而发起成功的攻击来终止和禁用标签。通过仿真分析，我们发现在大多数情况下，只需使用三到五个窃听会话就可以有效地进行攻击。此外，我们还讨论了这种攻击的含义，并描述了我们在该方案中观察到的其他一些弱点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Exposing an effective denial of information attack from the misuse of EPCglobal standards in an RFID authentication scheme

In this paper, we expose a denial of information attack that is possible due to the misuse of the kill password (specified under the EPC Class-1 Gen-2 standard [1]) in a previously proposed RFID tag-reader mutual authentication scheme [2]. We show how a passive eavesdropper can obtain useful information by monitoring the authentication session involving a target tag and correlating the information received. By repeating the process over a few authentication sessions, the eavesdropper can collect enough information about the kill password to launch a successful attack to kill and disable the tag. From our simulation analysis, we find that the attack can be carried out effectively using only three to five eavesdropped sessions in most cases. In addition, we discuss the implications of this attack and describe a few other weaknesses that we have observed in the scheme.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 IEEE 19th International Symposium on Personal, Indoor and Mobile Radio Communications

自引率

0.00%

发文量