IJCNIS Vol. 7, No. 9, 8 Aug. 2015
Cover page and Table of Contents: PDF (size: 713KB)
Full Text (PDF, 713KB), PP.1-9
Views: 0 Downloads: 0
RFID, Security, McEliece cryptosystem, authentication scheme, QC-MDPC codes
Two essential problems are still posed in terms of Radio Frequency Identification (RFID) systems, including: security and limitation of resources. Recently, Li et al.'s proposed a mutual authentication scheme for RFID systems in 2014, it is based on Quasi Cyclic-Moderate Density Parity Check (QC-MDPC) McEliece cryptosystem. This cryptosystem is designed to reducing the key sizes. In this paper, we found that this scheme does not provide untraceability and forward secrecy properties. Furthermore, we propose an improved version of this scheme to eliminate existing vulnerabilities of studied scheme. It is based on the QC-MDPC McEliece cryptosystem with padding the plaintext by a random bit-string. Our work also includes a security comparison between our improved scheme and different code-based RFID authentication schemes. We prove secrecy and mutual authentication properties by AVISPA (Automated Validation of Internet Security Protocols and Applications) tools. Concerning the performance, our scheme is suitable for low-cost tags with resource limitation.
Noureddine Chikouche, Foudil Cherif, Pierre-Louis Cayrel, Mohamed Benmohammed, "A Secure Code-Based Authentication Scheme for RFID Systems", International Journal of Computer Network and Information Security(IJCNIS), vol.7, no.9, pp.1-9, 2015. DOI:10.5815/ijcnis.2015.09.01
[1]V. Deursen, S. Mauw, and S. Radomirovic, “Untraceability of RFID protocols,” Information Security Theory and Practices. Smart Devices, Convergence and Next Generation Networks, pp. 1–15, 2008.
[2]H.-Y. Chien, “Tree-based matched RFID yoking making it more practical and efficient,” I.J.Computer Network and Information Security, vol. 1, no. 1, pp. 1–7, 2009.
[3]H.-Y. Chien and C.-S. Laih, “ECC-based lightweight authentication protocol with untraceability for low-cost RFID,” Journal of Parallel and Distributed Computing, vol. 69, pp. 848–853, 2009.
[4]B. Malek and A. Miri, “Lightweight mutual RFID authentication,” in Proceedings of IEEE ICC’12, 2012, pp. 868–872.
[5]V. N. Kumar and B. Srinivasan, “Biometric passport validation scheme using radio frequency identification,” I.J.Computer Network and Information Security, vol. 5, no. 4, pp. 30–39, 2013.
[6]S. Rostampour, M. E. Namin, and M. Hosseinzadeh, “A novel mutual RFID authentication protocol with low complexity and high security,” I.J. Modern Education and Computer Science, vol. 6, no. 1, pp. 17–24, 2014.
[7]M. Benssalah, M. Djeddou, and K. Drouiche, “Security enhancement of the authenticated RFID security mechanism based on chaotic maps,” Security and Communication Networks, vol. 7, no. 1, 2014.
[8]Q. L. Cai, Y. J. Zhan, and J. Yang, “The improvement of RFID authentication protocols based on R-RAPSE,” Journal of Networks, vol. 9, no. 1, pp. 28–35, 2014.
[9]M. Pourpouneh, R. Ramezanian, and F. Salahi, “An improvement over a server-less RFID authentication protocol,” I.J.Computer Network and Information Security, vol. 7, no. 1, pp. 31–37, 2015.
[10]S. Dhal and I. S. Gupta, “Object authentication using RFID technology: A multi-tag approach,” I.J.Computer Network and Information Security, vol. 7, no. 4, pp. 44–53, 2015.
[11]H.-Y. Chien, “Secure access control schemes for RFID systems with anonymity,” in Proceedings of MDM’06. IEEE, 2006, p. 96.
[12]M. Suzuki, K. Kobara, and H. Imai, “Privacy enhanced and light weight RFID system without tag synchronization and exhaustive search,” in Proceedings of IEEE ICSMC’2006. IEEE, 2006, pp. 1250–1255.
[13]Y. Cui, K. Kobara, K. Matsuura, and H. Imai, “Lightweight asymmetric privacy-preserving authentication protocols secure against active attack,” in Proceedings of IEEE PerComW’07, 2007, pp. 223–228.
[14]T. Sekino, Y. Cui, K. Kobara, and H. Imai, “Privacy enhanced RFID using Quasi-Dyadic fix domain shrinking,” in Proceedings of Global Telecommunications Conference (GLOBECOM 2010). IEEE, 2010, pp. 1–5.
[15]Z. Li, R. Zhang, Y. Yang, and Z. Li, “A provable secure mutual RFID authentication protocol based on error-correct code,” in Proceedings of 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery. IEEE, 2014, pp. 73–78.
[16]A. Armando, D. Basin, Y. Boichut, Y. Chevalier, , L. Compagna, J. Cuellar, P. Drielsma, P.-C. Heam, J. Mantovani, S. M?dersheim, , D. von Oheimb, M. Rusinowitch, J. S. Santiago, M. Turuani, L. Viganò, and L. Vigneron, “The AVISPA tool for the automated validation of internet security protocols and applications,” in Proceedings of 17th International Conference on Computer Aided Verification, K. Etessami and S. Rajamani, Eds., vol. 3576, 2005, pp. 281–285.
[17]R. Overbeck and N. Sendrier, Code-based cryptography. Springer, 2009, Post-Quantum Cryptography, pp. 95–145.
[18]R. J. McEliece, “A public-key system based on algebraic coding theory,” Jet Propulsion Lab, Tech. Rep. DSN Progress Report 44, 1978.
[19]R. Nojima, H. Imai, K. Kobara, and K. Morozov, “Semantic security for the McEliece cryptosystem without random oracles,” Designs, Codes and Cryptography, vol. 49, no. 1–3, pp. 289–305, 2008.
[20]D. Dolev and A. Yao, “On security of public key protocols,” IEEE transactions on Information Theory, vol. 29, pp. 198–208, 1983.
[21]T. A. team, “HLPSL tutorial the Beginner’s guide to modelling and analysing internet security protocols,” AVISPA project, Tech. Rep., 2006.
[22]I. von Maurich and T. Güneysu, “Lightweight code-based cryptography: QC-MDPC McEliece encryption on reconfigurable devices,” in Proceedings of the Conference on Design, Automation & Test in Europe, DATE ’14. IEEE, 2014, pp. 1–6.
[23]S. Heyse, I. von Maurich, and T. Güneysu, “Smaller keys for code-based cryptography: QC-MDPC McEliece implementations on embedded devices,” in Cryptographic Hardware and Embedded Systems - CHES 2013, G. Bertoni and J.-S. Coron, Eds.
[24]R. Misoczki, J.-P. Tillich, N. Sendrier, and P. S. L. M. Barreto, “MDPC-McEliece: New McEliece Variants from Moderate Density Parity-Check Codes,” in Cryptology ePrint Archive, Report 2012/409, 2012.
[25]N. Chikouche, F. Cherif, P-.L. Cayrel, M. Benmohammed “Weaknesses in Two RFID Authentication Protocols,” in Proceedings of C2SI 2015 (S. El Hajji et al. Eds.), LNCS 9084, pp. 162–172, Springer, 2015.
[26]N. Chikouche, F. Cherif, P-.L. Cayrel, M. Benmohammed “Improved RFID Authentication Protocol Based on Randomized McEliece Cryptosystem,” International Journal of Network Security, vol. 17, no. 4, pp. 413–422, 2015.
[27]The Mifar cards, http://www.mifare.net, 2015.
[28]Y. Glouche, T. Genet, O. Heen, E. Houssay and R. Saillard, “SPAN - a Security Protocol ANimator for AVISPA,” version 1.6, Manual Report, http://www.irisa.fr/celtique/genet/span/, 2009.