TY - GEN
T1 - Improvement of an EPC Gen2 compliant RFID authentication protocol
AU - Yeh, Kuo Hui
AU - Lo, N. W.
PY - 2009
Y1 - 2009
N2 - Recently, lightweight RFID authentication protocol has been investigated extensively due to the awareness of practical requirements on individual privacy, robust system security and resource limitation of low-cost tags. Research studies have demonstrated major advancements in the direction of designing a secure access control mechanism for RFID system with resource-constrained tags. In 2008, Burmester and Medeiros developed an EPC Class 1 Generation 2 (EPC Gen2) compliant authentication protocol, called TRAP-3, to support tag anonymity, data confidentiality and forward security in which only primitive computation functions such as 32-bit pseudo random generator and simple exclusive-or operation are required. Nevertheless, TRAP-3 is vulnerable to desynchronization attack. The secret key value, which is shared between the tag and the backend database, can be out of synchronization by just performing a series of challenge-response operations. To remedy this authentication flaw, in this study we develop a countermeasure mechanism and accordingly gain security enhancement for TRAP-3.
AB - Recently, lightweight RFID authentication protocol has been investigated extensively due to the awareness of practical requirements on individual privacy, robust system security and resource limitation of low-cost tags. Research studies have demonstrated major advancements in the direction of designing a secure access control mechanism for RFID system with resource-constrained tags. In 2008, Burmester and Medeiros developed an EPC Class 1 Generation 2 (EPC Gen2) compliant authentication protocol, called TRAP-3, to support tag anonymity, data confidentiality and forward security in which only primitive computation functions such as 32-bit pseudo random generator and simple exclusive-or operation are required. Nevertheless, TRAP-3 is vulnerable to desynchronization attack. The secret key value, which is shared between the tag and the backend database, can be out of synchronization by just performing a series of challenge-response operations. To remedy this authentication flaw, in this study we develop a countermeasure mechanism and accordingly gain security enhancement for TRAP-3.
KW - Authentication
KW - EPC Gen2 standard
KW - Privacy
KW - RFID
KW - Security
KW - TRAP-3
UR - http://www.scopus.com/inward/record.url?scp=74049123122&partnerID=8YFLogxK
U2 - 10.1109/IAS.2009.341
DO - 10.1109/IAS.2009.341
M3 - Conference contribution
AN - SCOPUS:74049123122
SN - 9780769537443
T3 - 5th International Conference on Information Assurance and Security, IAS 2009
SP - 532
EP - 535
BT - 5th International Conference on Information Assurance and Security, IAS 2009
T2 - 5th International Conference on Information Assurance and Security, IAS 2009
Y2 - 18 August 2009 through 20 September 2009
ER -