Security flaws and improvement of a cloud-based authentication protocol for RFID supply chain systems
Security flaws and improvement of a cloud-based authentication protocol for RFID supply chain systems
Cloud-based radio frequency identification (RFID) is an emerging solution for supply chain systems to solve capacity limitation found in a traditional backend server. However, most of the solutions proposed in previous research works are not suitable to be implemented for resource constrained RFID tags. Therefore, a cloud-based mutual authentication (CMA) protocol was proposed by Lin et al. using a hash function and exclusive-OR and was claimed to achieve confidentiality, untraceability, mutual authentication, and forward secrecy. Furthermore, it was claimed that the protocol is resistant to tag/reader impersonation attacks, replay attacks, desynchronization attacks, and denial of service (DoS) attacks. However, this paper proves that the CMA protocol is vulnerable to two types of attack, namely desynchronization and DoS attacks. A detailed security analysis of the CMA protocol is shown in this paper to prove its security vulnerability. In addition, an enhanced CMA protocol is proposed in this paper that is secure against desynchronization and DoS attacks.
mutual authentication, protocol, RFID
477-481
Khor, Jing Huey
45840b0e-4bd3-4f49-8a97-fc00d3ad683e
Sidorov, Michail
0b790317-f69d-4156-8c66-4527086fafc9
13 September 2018
Khor, Jing Huey
45840b0e-4bd3-4f49-8a97-fc00d3ad683e
Sidorov, Michail
0b790317-f69d-4156-8c66-4527086fafc9
Khor, Jing Huey and Sidorov, Michail
(2018)
Security flaws and improvement of a cloud-based authentication protocol for RFID supply chain systems.
In 2018 3rd International Conference on Computer and Communication Systems, ICCCS 2018.
.
(doi:10.1109/CCOMS.2018.8463255).
Record type:
Conference or Workshop Item
(Paper)
Abstract
Cloud-based radio frequency identification (RFID) is an emerging solution for supply chain systems to solve capacity limitation found in a traditional backend server. However, most of the solutions proposed in previous research works are not suitable to be implemented for resource constrained RFID tags. Therefore, a cloud-based mutual authentication (CMA) protocol was proposed by Lin et al. using a hash function and exclusive-OR and was claimed to achieve confidentiality, untraceability, mutual authentication, and forward secrecy. Furthermore, it was claimed that the protocol is resistant to tag/reader impersonation attacks, replay attacks, desynchronization attacks, and denial of service (DoS) attacks. However, this paper proves that the CMA protocol is vulnerable to two types of attack, namely desynchronization and DoS attacks. A detailed security analysis of the CMA protocol is shown in this paper to prove its security vulnerability. In addition, an enhanced CMA protocol is proposed in this paper that is secure against desynchronization and DoS attacks.
This record has no associated files available for download.
More information
e-pub ahead of print date: 13 September 2018
Published date: 13 September 2018
Keywords:
mutual authentication, protocol, RFID
Identifiers
Local EPrints ID: 433415
URI: http://eprints.soton.ac.uk/id/eprint/433415
PURE UUID: 5f9f45b0-d6a6-4ba0-b64f-ec7fd2e621f8
Catalogue record
Date deposited: 21 Aug 2019 16:30
Last modified: 16 Mar 2024 03:39
Export record
Altmetrics
Contributors
Author:
Jing Huey Khor
Author:
Michail Sidorov
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics