Secure Indefinite-Index RFID Authentication Scheme with Challenge-Response Strategy

Abstract

In 2011, Chen, Tsai, and Jan proposed a radio frequency identification (RFID) access control protocol for a low-cost RFID system (CTJ-scheme for short). They claimed that their scheme not only guarantees mutual authentication and location privacy but also resists man-in-the-middle, spoofed reader, and spoofed tag attacks. However, in late 2011, Chen et al. pointed out that CTJ-scheme is vulnerable to a spoofed reader attack and did not provide any protection against denial-of-service (DoS) attacks. In addition, our research also found that under Chen et al.’s spoofed reader attack, tag contents can be surreptitiously altered by replaying message. In this paper, we analyze the weaknesses of CTJ-scheme and propose an enhanced scheme. According to our analyses, the proposed scheme is secure against the aforementioned DoS, spoofed reader, and modification attacks, while maintaining the merits of the original scheme.

DOI: http://dx.doi.org/10.5755/j01.itc.42.2.1615