Journal of Electrical and Computer Engineering Innovations (JECEI)

Semiannual Publication

Current Issue

By Issue

By Author

By Subject

Author Index

Keyword Index

About Journal

Aims and Scope

Editorial Staff

Related Links

FAQ

News

Publication Fees

Paper Preparation Guide

Paper Template

Journal Forms

Practical Guide to the SI Units

Word Count Policy

Editors

Editor Guide in Web of Science

Reviewers

Peer Review Policy

Web of Science Profile

Be as Top Peer Reviewer & Top Editor

Improving the Security of a Low-cost Tag Search Protocol

Document Type : Original Research Paper

Authors

Department of Content Transfer Technology, Cyberspace Research Institute, Shahid Beheshti University, Tehran, Iran.

Abstract

Background and Objectives: Radio Frequency Identification (RFID) systems use radio frequency waves to exchange information between a legitimate sender and a receiver. One of the important features of RFID systems is to find and track a specific tag among a large number of tags. Numerous works have been done about authentication and ownership protocols, but the number of researches done in the tag searching area is much less. Although security is a paramount factor in search protocols, but these days designers are looking for a secure search protocol that is also low cost. One way to have a low cost search protocol is that to be compatible with EPC C1G2 standard, which is an electronic product code class 1 generation 2 that works in the 860-960 MHz frequency range.
Methods: Most recently, Sundaresan et al. have proposed an RFID tag search protocol based on quadratic residues and 128 bit pseudo random number generators and XOR operation that can be easily implemented on passive tags and is compatible with EPC C1G2 standard. We show that this protocol is not immune against tag tracing, and try to improve the protocol in a way that traceability attack will not be applicable and the protocol stays low cost and EPC compatible.
Results: Since the problem in Sundaresan et al.'s search protocol is due to the tag not being able to recognize the used queries from the new ones, we improved the protocol using a counter within the queries, so the tag will realize that the query is used or not. Then we analyze the security of the improved protocol and prove its formal and informal security against known attacks.
Conclusion: In this paper, we firstly analyze the security of Sundaresan et al.'s search protocol and show that the search protocol is vulnerable to traceability attack with two different scenarios. Then we propose an improved search protocol that is secure against tracing the tags. Following that, we analyze the security of the improved search protocol.

Keywords

Main Subjects

Open Access

This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this license, visit: http://creativecommons.org/licenses/by/4.0/

 

Publisher’s Note

JECEI Publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

 

Publisher

Shahid Rajaee Teacher Training University

References
[1] S. Lahiri, RFID sourcebook, IBM press, 2005.
[2] V. Chawla, D.S. Ha, “An overview of passive RFID," IEEE Commun. Mag., 45(9): 11–17, 2007.
[3] C.C. Tan, B. Sheng, Q. Li, “Secure and serverless RFID authentication and search protocols,” IEEE Trans. Wireless Commun., 7(4): 1400–1407, 2008.
[4] T.Y. Won, J.Y. Chun, D.H. Lee, “Strong authentication protocol for secure RFID tag search without help of central database,” in Proc. International Conference on Embedded and Ubiquitous Computing, 2: 153-158, 2008.
[5] L. Chun, J. Hwang, D. Lee, “RFID tag search protocol preserving privacy of mobile reader holders,” IEICE Electron. Express, 8(2): 50–56, 2011.
[6] Z. Kim, J. Kim, K. Kim, I. Choi, T. Shon, “Untraceable and serverless RFID authentication and search protocols,” in Proc. Ninth IEEE International Symposium on Parallel and Distributed Processing with Applications Workshops,: 278–283, 2011.
[7] S. Sundaresan, R. Doss, W. Zhou, “A secure search protocol based on Quadratic Residues for EPC Class-1 Gen-2 UHF RFID tags,” in Proc. 23rd International Symposium on Personal Indoor and Mobile Radio Communications,:30–35, 2012.
[8] S. Sundaresan, R. Doss, S. Piramuthu, W. Zhou, “Secure tag search in RFID systems using mobile readers,” IEEE Trans. Dependable Secure Comput., 12(2): 230–242, 2015.
[9] S. Sundaresan, R. Doss, S. Piramuthu, W. Zhou, “A secure search protocol for low cost passive RFID tags,” Computer Networks, 122: 70–82, 2017.
[10] M. Safkhani, P. Peris-Lopez, N. Bagheri, M. Naderi, J. C. Hernandez-Castro, “On the security of Tan et al. serverless RFID authentication and search protocols,” in Proc. International Workshop on Radio Frequency Identification: Security and Privacy Issues, 7739: 1–19, 2012.
[11] L.C. Lin, S.C. Tsaur, S.-C, K.P. Chang, “Lightweight and serverless RFID authentication and search protocol,” in Proc. Second Int. Conf. on Computer and Electrical Engineerin, 2: 95–99, 2009.
[12] C. Mtita, M. Laurent, J. Delort, “Efficient serverless radiofrequency identification mutual authentication and secure tag search protocols with untrusted readers,” IET Inf. Secur., 10(5): 262–271, 2016.
[13] S.I. Ahamed, F. Rahman, E. Hoque, F. Kawsar, T. Nakajima, “S3PR: secure serverless search protocols for RFID,” in Proc. 2008 International Conference on Information Security and Assurance (isa 2008): 187–192, 2008.
[14] Y. Zuo, “Secure and private search protocols for RFID systems,” Inform. Syst. Front., 12(5): 507–519, 2009.
[15] E.-J. Yoon, “Cryptanalysis of an RFID tag search protocol preserving privacy of mobile reader,” in Proc. International Federation for Information Processing,: 575–580, 2012.
[16] L. Kulseng, Z. Yu, Y. Wei, Y. Guan, “Lightweight secure search protocols for lowcost RFID systems,” in Proc. 2009 29th IEEE International Conference on Distributed Computing Systems,: 40–48, 2009.
[17] A. Falahati, H. Azizi, R.M. Edwards. “RFID light weight server-less search protocol based on nlfsrs,” in Proc. 8th International Symposium on Telecommunications (IST),: 741-745, 2016.
[18] C. Lv, H. Li, M. Jianfeng, B. Niu, “Vulnerability analysis of lightweight secure search protocols for low-cost RFID systems,” Int. J. Radio Freq. Identif. Technol. Appl., 4(1): 3–12, 2012.
[19] M. Eslamnezhad Namin, M. Hosseinzadeh, N. Bagheri, A. Khademzadeh, “RSPAE: RFID search protocol based on authenticated encryption,’’ J. Electr. Comput. Eng. Innovations, 6(2): 179-192, 2018.
[20] A. Khattab, Z. Jeddi, E. Amini, E., M. Bayoumi, RFID security: a lightweight paradigm, Springer, 2016.
[21] B. Gesuale, P. Agarwal, RFID: READ MY CHIPS!. Piper Jaffray Equity Research Report, 2004.
[22] H. Jannati, B. Bahrak, “Security analysis of an RFID tag search protocol,” Inf. Process. Lett., 116(10): 618–622, 2016.
[23] M. Eslamnezhad Namin, M. Hosseinzadeh, N. Bagheri, A. Khademzadeh, “A secure search protocol for lightweight and low-cost RFID systems,” Telecommunication Systems, 67(4): 539–552, 2018.
[24] L. Gong, R. Needham, R. Yahalom, “Reasoning about Belief in Cryptographic Protocols,” in Proc. 1990 IEEE Computer Society Symposium on Research in Security and Privacy: 234–248, 1990.

LETTERS TO EDITOR

Journal of Electrical and Computer Engineering Innovations (JECEI) welcomes letters to the editor for the post-publication discussions and corrections which allows debate post publication on its site, through the Letters to Editor. Letters pertaining to manuscript published in JECEI should be sent to the editorial office of JECEI within three months of either online publication or before printed publication, except for critiques of original research. Following points are to be considering before sending the letters (comments) to the editor.


[1] Letters that include statements of statistics, facts, research, or theories should include appropriate references, although more than three are discouraged.

[2] Letters that are personal attacks on an author rather than thoughtful criticism of the author’s ideas will not be considered for publication.

[3] Letters can be no more than 300 words in length.

[4] Letter writers should include a statement at the beginning of the letter stating that it is being submitted either for publication or not.

[5] Anonymous letters will not be considered.

[6] Letter writers must include their city and state of residence or work.

[7] Letters will be edited for clarity and length.

Send comment about this article
CAPTCHA Image
Journal of Electrical and Computer Engineering Innovations (JECEI)
Volume 9, Issue 1
January 2021
Pages 25-36
Files
History
  • Receive Date: 21 May 2020
  • Revise Date: 11 September 2020
  • Accept Date: 12 November 2020
Share
How to cite
Statistics