{"title":"Exposing an effective denial of information attack from the misuse of EPCglobal standards in an RFID authentication scheme","authors":"T. Lim, Tieyan Li","doi":"10.1109/PIMRC.2008.4699588","DOIUrl":null,"url":null,"abstract":"In this paper, we expose a denial of information attack that is possible due to the misuse of the kill password (specified under the EPC Class-1 Gen-2 standard [1]) in a previously proposed RFID tag-reader mutual authentication scheme [2]. We show how a passive eavesdropper can obtain useful information by monitoring the authentication session involving a target tag and correlating the information received. By repeating the process over a few authentication sessions, the eavesdropper can collect enough information about the kill password to launch a successful attack to kill and disable the tag. From our simulation analysis, we find that the attack can be carried out effectively using only three to five eavesdropped sessions in most cases. In addition, we discuss the implications of this attack and describe a few other weaknesses that we have observed in the scheme.","PeriodicalId":125554,"journal":{"name":"2008 IEEE 19th International Symposium on Personal, Indoor and Mobile Radio Communications","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 IEEE 19th International Symposium on Personal, Indoor and Mobile Radio Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PIMRC.2008.4699588","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
In this paper, we expose a denial of information attack that is possible due to the misuse of the kill password (specified under the EPC Class-1 Gen-2 standard [1]) in a previously proposed RFID tag-reader mutual authentication scheme [2]. We show how a passive eavesdropper can obtain useful information by monitoring the authentication session involving a target tag and correlating the information received. By repeating the process over a few authentication sessions, the eavesdropper can collect enough information about the kill password to launch a successful attack to kill and disable the tag. From our simulation analysis, we find that the attack can be carried out effectively using only three to five eavesdropped sessions in most cases. In addition, we discuss the implications of this attack and describe a few other weaknesses that we have observed in the scheme.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
