• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Attacks and Countermeasures for RFID Mutual Authentication Scheme in Pervasive Computing Environment

Vol. 5, No. 9, September 28, 2011
10.3837/tiis.2011.09.011, Download Paper (Free):

Abstract

We show that two protocols for RFID mutual authentication in pervasive computing environments, recently proposed by Kang et al, are vulnerable to several attacks. First, we show these protocols do not preserve the privacy of users' location. Once a tag is authenticated successfully, we show several scenarios where legitimate or illegitimate readers can trace the location of that tag without any further information about the tag's identifier or initial private key. Second, since the communication between readers and the database takes place over an insecure communication channel and in the plaintext form, we show scenarios where a compromised tag can gain access to confidential information that the tag is not supposed get access to. Finally, we show that these protocols are also vulnerable to the replay and denial-of-service attacks. While some of these attacks are due to simple flaws and can be easily fixed, others are more fundamental and are due to relaxing widely accepted assumptions in the literature. We examine this issue, apply countermeasures, and re-evaluate the protocols overhead after taking these countermeasures into account and compare them to other work in the literature.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
A. Mohaisen, K. Chang and D. Hong, "Attacks and Countermeasures for RFID Mutual Authentication Scheme in Pervasive Computing Environment," KSII Transactions on Internet and Information Systems, vol. 5, no. 9, pp. 1684-1697, 2011. DOI: 10.3837/tiis.2011.09.011.

[ACM Style]
Abedelaziz Mohaisen, Ku-Young Chang, and Dowon Hong. 2011. Attacks and Countermeasures for RFID Mutual Authentication Scheme in Pervasive Computing Environment. KSII Transactions on Internet and Information Systems, 5, 9, (2011), 1684-1697. DOI: 10.3837/tiis.2011.09.011.