Secure authentication scheme for passive C1G2 RFID tags

Secure authentication scheme for passive
C1G2 RFID tags

Source
:

Computer
Networks,

2012

Volume 56, No 1, pp. 273
–
286

Authors:

M.
Moessner

and
Gul

N. Khan

Speaker:

Yeh
-
Chieh
, Chou

Date:

2012/11/22

Outline

ﻪ
Related works

ﻩ
Notations

ﻩ
YA
-
TRAP
*

ﻪ
Proposed scheme

ﻩ
Notations

ﻩ
Proposed scheme

ﻪ
Security analysis

ﻪ
Conclusions



1

Related works
(
Notations)

ﻪ
𝐊



ﻯ
(1)Tag ID (2)cryptographic key

ﻪ
𝐓
𝟎
,
𝐓
𝐦𝐚

ﻯ
Initial time
-
stamp, the highest possible
time
-
stamp

ﻪ
𝐓
𝐫
,

𝐓
𝐭

ﻯ
Time
-
stamp of reader, time
-
stamp of tag

ﻪ
𝐏𝐑





ﻯ
Denotes the j
-
th

invocation of the PRNG of the tag

ﻪ

𝐀𝐂



ﻯ
Hash Message Authentication Code

ﻪ
𝐄𝐓
𝐭
,

𝐄𝐓
𝐫

ﻯ
A hash chain that allows
a tag to ascertain that the reader
-
supplied

𝑇
𝑟

is
not too far into the
future

ﻯ
𝐸𝑇
𝑡

=
𝐻
𝑡




=

𝑇
𝑡
𝐼𝑁𝑇

𝐸𝑇
𝑟
=

𝐻
𝑟



𝑟
=

𝑇
𝑟
𝐼𝑁𝑇


ﻪ
INT

ﻯ
The duration of epoch token
(ex :
one
day)

2

Related works
(
YA
-
TRAP*)

Reader



T
r
,
R
r
,
ET
r

Tag



H
id
,
R
t
,
H
auth

MSG

(660)

(660
-
600)

assume INT =30

ν
=(
660
30
−
600
30
)=2

ET
t
=
H
t
x


t
=
T
t
INT
=
20

H
2
(
H
2
0
)
=
H
22
=
ET
r

T
r
=
11:30 (current

time)

T
t
=11:20

Tag ID

key

ET
r
=
H
r
x


r
=
T
r
INT
=
2
2

ET
r
=
H
2
2

3

Related works
(
YA
-
TRAP*)

Reader



T
r
,
R
r
,
ET
r

Tag



H
id
,
R
t
,
H
auth

MSG

(
T
r
→




𝑟
)

T
𝑡

→





𝑟

snooped

Adversary

True

4

Proposed scheme(
Notations)

ﻪ
𝐊𝐞


[


]


ﻯ
cryptographic key (
i

is table, j is index)

ﻪ
𝐑
𝒓
𝒕
,
𝐑
𝒕
𝒓

ﻯ
Random
number
𝑅
𝑟

transmit from tag, Random number
𝑅
𝒕

transmit from
reader

ﻪ
C(A||B,
𝑲𝒆𝒚
𝒊
[j])

ﻯ
Encrypt A and B with


𝑖




5

Proposed scheme

Tag

Tag ID

𝑻
𝒕

Table

Index

Key

1

0

A

i

0x03

1

0

A

i+1

0x01

⋮

⋮

⋮

⋮

⋮

2

3

A

n
-
1

0x25

2

3

A

n

0xAF

⋮

⋮

⋮

⋮

⋮

1

0

B

i

0x03

1

0

B

i+1

0x01

⋮

⋮

⋮

⋮

⋮

2

3

B

n
-
1

0x25

2

3

B

n

0xAF

⋮

⋮

⋮

⋮

⋮

Key

Table A

Key Table B

Index

Key

Index

Key

𝐾


[

]

0x03

𝐾



[

]

0x03

𝐾


[

+
1
]

0x01

𝐾



[

+
1
]

0x01

⋮

⋮

𝐾



[

+
2
]

?-

𝐾


[
𝑛
]

0xAF

⋮

0xAF

Server

Key Pairs

6

Proposed scheme

Reader



Tag



m
3
=
C
2

m
4
=
C
3

m
1
=
R
r

m
2
=
C
1
|
|
R
t

Key pair

7

Security
analysis

Protocol

YA
-
TRAP*

Proposed
Scheme

Mutual Authenticated

No

Yes

Forward/Backward Security

Yes

Yes

Dos attack resistance

No

Yes

8

Conclusions

ﻪ
T
he proposed scheme provides
more
security


9