Improvement of an EPC Gen2 compliant RFID authentication protocol
Recently, lightweight RFID authentication protocol has been investigated extensively due to the awareness of practical requirements on individual privacy, robust system security and resource limitation of low-cost tags. Research studies have demonstrated major advancements in the direction of designing a secure access control mechanism for RFID system with resource-constrained tags. In 2008, Burmester and Medeiros developed an EPC Class 1 Generation 2 (EPC Gen2) compliant authentication protocol, called TRAP-3, to support tag anonymity, data confidentiality and forward security in which only primitive computation functions such as 32-bit pseudo random generator and simple exclusive-or operation are required. Nevertheless, TRAP-3 is vulnerable to desynchronization attack. The secret key value, which is shared between the tag and the backend database, can be out of synchronization by just performing a series of challenge-response operations. To remedy this authentication flaw, in this study we develop a countermeasure mechanism and accordingly gain security enhancement for TRAP-3.
RFID Authentication TRAP-3 EPC Gen2 standard Security Privacy
Kuo-Hui Yeh N.W.Lo
Department of Information Management National Taiwan University of Science and Technology Taipei,Taiwan (R.O.C.)
国际会议
The Fifth International Conference on Information Assurance and Security(第五届信息保障与安全国际会议)
西安
英文
532-535
2009-08-18(万方平台首次上网日期,不代表论文的发表时间)