The University of Southampton
University of Southampton Institutional Repository

Security flaws and improvement of a cloud-based authentication protocol for RFID supply chain systems

Security flaws and improvement of a cloud-based authentication protocol for RFID supply chain systems
Security flaws and improvement of a cloud-based authentication protocol for RFID supply chain systems
Cloud-based radio frequency identification (RFID) is an emerging solution for supply chain systems to solve capacity limitation found in a traditional backend server. However, most of the solutions proposed in previous research works are not suitable to be implemented for resource constrained RFID tags. Therefore, a cloud-based mutual authentication (CMA) protocol was proposed by Lin et al. using a hash function and exclusive-OR and was claimed to achieve confidentiality, untraceability, mutual authentication, and forward secrecy. Furthermore, it was claimed that the protocol is resistant to tag/reader impersonation attacks, replay attacks, desynchronization attacks, and denial of service (DoS) attacks. However, this paper proves that the CMA protocol is vulnerable to two types of attack, namely desynchronization and DoS attacks. A detailed security analysis of the CMA protocol is shown in this paper to prove its security vulnerability. In addition, an enhanced CMA protocol is proposed in this paper that is secure against desynchronization and DoS attacks.
mutual authentication, protocol, RFID
477-481
Khor, Jing Huey
45840b0e-4bd3-4f49-8a97-fc00d3ad683e
Sidorov, Michail
0b790317-f69d-4156-8c66-4527086fafc9
Khor, Jing Huey
45840b0e-4bd3-4f49-8a97-fc00d3ad683e
Sidorov, Michail
0b790317-f69d-4156-8c66-4527086fafc9

Khor, Jing Huey and Sidorov, Michail (2018) Security flaws and improvement of a cloud-based authentication protocol for RFID supply chain systems. In 2018 3rd International Conference on Computer and Communication Systems, ICCCS 2018. pp. 477-481 . (doi:10.1109/CCOMS.2018.8463255).

Record type: Conference or Workshop Item (Paper)

Abstract

Cloud-based radio frequency identification (RFID) is an emerging solution for supply chain systems to solve capacity limitation found in a traditional backend server. However, most of the solutions proposed in previous research works are not suitable to be implemented for resource constrained RFID tags. Therefore, a cloud-based mutual authentication (CMA) protocol was proposed by Lin et al. using a hash function and exclusive-OR and was claimed to achieve confidentiality, untraceability, mutual authentication, and forward secrecy. Furthermore, it was claimed that the protocol is resistant to tag/reader impersonation attacks, replay attacks, desynchronization attacks, and denial of service (DoS) attacks. However, this paper proves that the CMA protocol is vulnerable to two types of attack, namely desynchronization and DoS attacks. A detailed security analysis of the CMA protocol is shown in this paper to prove its security vulnerability. In addition, an enhanced CMA protocol is proposed in this paper that is secure against desynchronization and DoS attacks.

Full text not available from this repository.

More information

e-pub ahead of print date: 13 September 2018
Published date: 13 September 2018
Keywords: mutual authentication, protocol, RFID

Identifiers

Local EPrints ID: 433415
URI: http://eprints.soton.ac.uk/id/eprint/433415
PURE UUID: 5f9f45b0-d6a6-4ba0-b64f-ec7fd2e621f8

Catalogue record

Date deposited: 21 Aug 2019 16:30
Last modified: 21 Aug 2019 16:30

Export record

Altmetrics

Contributors

Author: Jing Huey Khor
Author: Michail Sidorov

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×