Formal Analysis of Tracking Attack for RFID Security Protocols

doi:10.3969/j.issn.1671-1122.2015.09.006

Abstract

Abstract:

In order to solve the problem of malicious tracking attack that exists in RFID security protocols, a formal analysis model of tracking attack was proposed. At first, the model defined the concepts of attacker message element set. Then accroding to the algebraic calculation applied in the message in attacker message element set, the actions of attacker were deduced, and thus the attacker action set was determined. The concepts of attacker message element set and attacker action set regulated the actions and targets of attackers. Then the model introduced the concept of tag characteristic value, which confirmed the conditions that the tracking attack existed and clarified the attack target for tracking attack. Finally, using the proposed model, an RFID security protocol was analyzed. Through caculating the tag characteristic value of the protocol, a new tracking attack was found, which exactly proved the reliability of the model.

Key words: RFID system, security protocol, privacy, tracking attack, attacker model, radio frequency fingerprint

CLC Number:

TP309

Yuan-yuan YANG, Zhen LU, Jian GU. Formal Analysis of Tracking Attack for RFID Security Protocols[J]. Netinfo Security, 2015, 15(9): 25-28.

Figures/Tables 1

References 19

[1]	Want R. Santa Clara.An Introduction to RFID Technology[J]. IEEE Pervasive Computing, 2006, 5(1): 25-33.
[2]	Landt J.The History of RFID[J]. IEEE Potential, 2005, 24(4): 8-11.
[3]	Weinstein R.RFID: A Ttechnical Overview and Its Application to the Enterprise[J]. IT Professional, 2005, 7(3): 27-33.
[4]	Rebecca Angeles.RFID Technology: Supply-chain Application and Implementation Issues[J]. Information Systems Management, 2005, 22(1):51-65.
[5]	Juels A.RFID Security and Privacy: A Research Survey[J]. IEEE Selected Areas in Communications, 2006, 24(2): 381-394.
[6]	Sanjay E. Sarma, Stephen A. Weis, Daniel W.Engels. RFID Systems and Security and Privacy Implications[C]// Cryptographic Hardware and embedded Systems(CHES-2002). Redwood city, USA: Springer, 2002: 454-469.
[7]	Hung-Yu Chien.SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity[J]. IEEE Transactions on Dependable and Secure Computing, 2007, 4(4): 337-340.
[8]	MC De Vivo, A Polzonetti, P Tapanelli. RFID Privacy and Security Risks: Italian case study[C]// The 6th International Conference on Advances in Information Technology. Bangkok, Thailand: Springer, 2013: 173-183.
[9]	Singh, Ajay Kant, Dhal, Subhaish, Sengupta, Indranil.An Approach to Solve Tracking and Message Blocking Problems in RFID[C]//2014 Fourth International Conference on Communication Systems and Network Technologies. Bhophal, India: IEEE, 2014: 1187-1191.
[10]	Jung Tae Kim.Analyses of attacks on Embedded RFID application under U-Healthcare system[C]// Future Information Communication Technology and Applications. Shenyang, China:Springer, 2013: 1039-1044.
[11]	Shaohui Wang, Sujuan Liu.Attacks and Improvements on the RFID Authentication Protocols Based on Matrix[J]. Journal of Electronics, 2013, 30(1): 33-39.
[12]	陈明奇,洪学海,王伟,等. 关于网络安全和信息技术发展态势的思考[J]. 信息网络安全,2015,(4):1-4.
[13]	Ben Niu, Xiaoyan Zhu, Haotian Chi, Hui Li.Privacy and Authentication Protocol for Mobile RFID Systems. Wireless Personal Communications, 2014, 74(4): 1-19.
[14]	卿斯汉,程伟,杜超. Windows操作系统的安全风险可控性分析[J]. 信息网络安全,2015,(4):5-12.
[15]	Manik Lal Das.Strong Security and Privacy of RFID System for Internet of Things Infrastructure[C]// The Third International Conference on Security, Privacy, and Applied Cryptography Engineering. Kharagpur, India: Springer, 2013: 56-69.
[16]	Dolev D, Yao A.On the security of public-key protocols[J]. IEEE Trans. on Information Theory, 1983, 29(2):198-208.
[17]	严燕,袁红林. 基于射频指纹的高安全强度RFID认证协议[J]. 计算机工程与设计, 2013, 34(11): 3736-3739.
[18]	夏戈明,史立哲,周文,等. 轻量级RFID双向通信认证协议优化方案[J]. 信息网络安全,2014,(2):58-62.
[19]	王新梅,肖国镇. 纠错码——原理与方法[M]. 修订版. 西安:西安电子科技大学出版社, 2001.