In order to protect privacy of RFID tag against malicious tag tracing activities, most RFID authentication protocols support forward/backward security properties by updating the same secret values held at both tag end and database end asynchronously during each authentication session. However, in real network environments an adversary may easily interrupt or interfere transmission of necessary key update message in each authentication session such that key re-synchronization between tag and database cannot be completed, which is named as de-synchronization attack. To defend against this security threat, recent RFID authentication schemes have applied redundant secret/key design to allow a tag with de-synchronized secret to successfully communicate with server/database in its next authentication session. In this paper, we first categorize existing authentication protocols into three types based on their key update mechanisms. Then security evaluation on de-synchronization attack is conducted for type I and II protocols. Two attack models and theorems show that synchronization mechanisms used in type I and II schemes cannot defend against de-synchronization attack. Finally, three remarks are further presented to support our important finding: most existing RFID authentication schemes cannot simultaneously provide forward/backward security and resistance for de-synchronization attack in practical setting.

• 出版日期2012-7
• 单位东华大学