Volume 4, Issue 3 (9-2012)                   2012, 4(3): 33-43 | Back to browse issues page

XML Print


Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:

Bagheri N, Safkhani M, Naderi M, Luo Y, Chai Q. Forgery Attack is a Piece of Cake on a Class of Mutual Authentication Protocols . International Journal of Information and Communication Technology Research 2012; 4 (3) :33-43
URL: http://ijict.itrc.ac.ir/article-1-178-en.html
Abstract:   (2556 Views)

A suitable mutual authentication protocol for an RFID system should provide mutual authentication along with user privacy. In addition, such protocol must be resistant to active and passive attacks, e.g. man-in-the-middle attack, replay attack, reader-/tag-impersonation attack, denial of service attack and traceability attack. Among them, tag-impersonation attack refers to a forgery attack in which the adversary fools the legitimate reader to authenticate it as a valid tag. In this paper we exam the security of three RFID mutual authentication protocols which have been recently proposed by Luo et al., Shen et al. and Habibi and Gardeshi, under tag impersonation attack. We found that these three protocols share a same vulnerability – in each session, the tag and the reader generate a random value respectively and they use the exclusive-or (XOR) of those random values in the authentication process. We exploit this vulnerability to present effective and efficient tag impersonation attacks against these protocols, e.g., the success probabilities of our attacks are “1” and the complexity is at most two runs of each protocol. In addition, we exhibit the improved version of these protocols, which are immune from tag impersonation attacks.

Full-Text [PDF 1037 kb]   (1599 Downloads)    
Type of Study: Research | Subject: Information Technology

Add your comments about this article : Your username or Email:
CAPTCHA

Rights and permissions
Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.