The low-cost RFID tags have very limited computing and storage resources and this makes it difficult to completely solve their security and privacy problems. Lightweight authentication is considered as one of the most effective methods to ensure the security in the RFID system. Many lightweight authentication protocols use Hash function and pseudorandom generator to ensure the anonymity and confidential communication of the RFID system. But these protocols do not provide such security as they claimed. By analyzing some typical Hash-based RFID authentication protocols, it is found that they are vulnerable to some common attacks. Many protocols cannot resist tracing attack and de-synchronization attack. Some protocols cannot provide forward security. Győző Gódor and Sándor Imre proposed a Hash-based authentication protocol and they claimed their protocol could resist the well-known attacks. But by constructing some different attack scenarios, their protocol is shown to be vulnerable to tracing attack and de-synchronization attack. Based on the analysis for the Hash-based authentication protocols, some feasible suggestions are proposed to improve the security of the RFID authentication protocols.
Abstract. RFID systems are some typical resource constraint systems and lightweight authentication is considered as one effective method to ensure their security and privacy. The EPCglobal Class-1 Gen-2 tags are popular RFID tags and this kind of tags has some on-chip computing resources. Based on these on-chip resources, a lightweight authentication protocol is proposed. The protocol ensures the integrity and freshness of the sessions among RFID systems by means of CRC() and pseudorandom number generator. The protocol uses concatenation operation to overcome the linear drawbacks of CRC() and exclusive OR operator. It provides forward security and it can resist against eavesdropping, tracing, replay and de-synchronization attack. It completes the strong authentication to tag by twice authentication. This protocol only uses the computing resources embedded in tags and it is very suitable to low-cost RFID systems.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.