1 / 20

On The Untraceability of Anonymous RFID Authentication Protocol with Constant Key-Lookup

On The Untraceability of Anonymous RFID Authentication Protocol with Constant Key-Lookup. Presented By Professor LI Yingjiu. Outline. Background Review the BMM protocol in AsiaCCS’08 Crack the Protocol by three-run interleave attack Crack the supply chain based on our attack

sachi
Télécharger la présentation

On The Untraceability of Anonymous RFID Authentication Protocol with Constant Key-Lookup

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On The Untraceability of Anonymous RFID Authentication Protocol with Constant Key-Lookup Presented By Professor LI Yingjiu

  2. Outline • Background • Review the BMM protocol in AsiaCCS’08 • Crack the Protocol by three-run interleave attack • Crack the supply chain based on our attack • Improve the BMM protocol • Conclusion

  3. Background • It is still a challenge to balance the security and scalability. • For example, • The OSK protocol needs O(N) hash calculation. • Numerous protocols based on tree-structure suffers from de-synchronization attack and compromising attack. • It is emergent to setup a protocol balancing both the security and scalability.

  4. BMM protocol in AsiaCCS’08 • Burmester, Medeiros and Motta (BMM) proposed an RFID authentication protocol with constant key-lookup to balance the security requirement and scalability. • The protocol is based on challenge-response technique. • Guarantee spoofing attack, replay attack, de-synchronization attack, etc..

  5. Overview of BMM Protocol

  6. Initiate System

  7. Mutual Authentication • Tag Reader

  8. Update Process • Tag Reader

  9. Three-run Interleave Attack • This attack can trace the same tag by ‘ps=r’. • The reason is updating ‘ps’ inappropriately. • Include three steps.

  10. Three-run Interleave Attack---Run 1

  11. Three-run Interleave Attack---Run 2 Not Update ‘r’

  12. Three-run Interleave Attack---Run 3

  13. Discussion • Note that in the third run, a different challenge c’’ could be used by a trusted reader to challenge the tag. As long as the ‘r’ value is not updated in the second run, the ‘ps’ value is still the same as the one in the first run.

  14. Crack the Whole Supply Chain • Three assumptions: • Trusted zone • One-time authentication • Sticky adversary • Two attack strategies: • Trace a single tag • Trace multiple tags

  15. Crack a Supply Chain System Based on BMM Protocol

  16. Trace a Single Tag

  17. Trace Multiple Tags • Adversary’s database for tracing multiple tags

  18. Improve BMM Protocol

  19. Conclusion • Under a weak adversary model, an attacker can launch a three-run interleave attack to trace and identify a tag. • Attackers can crack the whole supply chain using BMM protocol. • We improve BMM protocol to prevent tags from tracing. • The improved Protocol is same efficient as BMM protocol.

  20. Thanks Q&A

More Related