Objective: In this paper we investigate the security level of a comprehensive RFID solution to enhance inpatient medication safety [2], named IS-RFID, which has been recently proposed by Pens-Lopez et al. Method: We analyses the security of the protocol against the known attacks in the context. The main target of this paper is to determine whether the new protocol provides the confidentiality property, which is expected to be provided by such a protocol. Results: It was found that IS-RFID has critical weaknesses. The presented security investigations show that a passive adversary can retrieve secret parameters of patient's tag in cost of 0(216) off-line PRNG evaluations. Given the tag's secret parameters, any security claims are ruined. Conclusions: In this paper we presented an efficient passive secret disclosure attack which retrieves the main secret parameters related to the patient which shows that IS-RFID may put the patient safety on risk. The proposed attacking technique is in light of two vulnerabilities of the protocol: (1) the short length of the used PRNG, which is urged by the target technology, EPC C1 Gen2 [6]; (2) the message-generating mechanism utilizing PRNG was not carefully scrutinized. While the later point can be fixed by careful designing of the transferred messages between the protocol's party, the earlier point, i.e., the short length of the available PRNG for EPC Cl Gen2 tags, is a limitation which is forced by the technology. In addition, over the last years, schemes based solely on using simple operations or short PRNG (such as IS-RFID) have been shown to offer very low or no security at all. Recent advances in lightweight ciphers, such as PRESENT [1] or Grain [3], seem a much more appropriate solution rather than relying on short PRNGs. However, such solutions breaks the EPC Cl Gen2 compatibility.

• 出版日期2014-1