TY - JOUR
T1 - Tagora
T2 - A Collision-Exploitative RFID Authentication Protocol Based on Cross-Layer Approach
AU - Park, Hoorin
AU - Roh, Heejun
AU - Lee, Wonjun
N1 - Funding Information:
Manuscript received September 4, 2019; revised January 27, 2020; accepted February 3, 2020. Date of publication February 11, 2020; date of current version April 14, 2020. This work was supported in part by the National Research Foundation of Korea (NRF) grant funded by the Korea Government (Ministry of Science and ICT) under Grant 2019R1A2C2088812, in part by the Next-Generation Information Computing Development Program through the NRF funded by the Ministry of Science and ICT under Grant 2017M3C4A7083676, and in part by the Korea University Grant. (Corresponding author: Wonjun Lee.) Hoorin Park and Wonjun Lee are with the Network and Security Research Laboratory, School of Cybersecurity, Korea University, Seoul 02841, South Korea (e-mail: wlee@korea.ac.kr).
Publisher Copyright:
© 2014 IEEE.
PY - 2020/4
Y1 - 2020/4
N2 - Radio-frequency identification (RFID) system, successfully adopted in many industrial applications, suffers from security issues due to the inherent weakness of wireless communication, such as eavesdropping, replay attack, impersonation attack, and traceability issues. A lot of research efforts based on cryptographic primitives have been conducted in a decade, however, most of the existing security protocols depending on cryptosystems are not feasible to be applied due to the minimalist design of passive tags. A lightweight cryptographic authentication is one of the practical solutions, but it has traceability issues from physical layer information. The other approach is to use the properties of the physical layer of RFID systems. However, since the physical-layer characteristics cannot be intentionally updated, they are vulnerable to situations where an adversary actively obtains authentic data for traceability attacks or replay attacks. Therefore, to resist the security threats, we propose Tagora, a cross-layer authentication protocol, which is the first integration work of two-layer approaches that harness the unpredictable properties of tag's collision responses at both the physical and application layers. Our protocol design is composed of a collision recovery algorithm with a random offset scheme and phase encryption in the physical layer, and authentication process based on a challenge-response mechanism in the application layer. We evaluate Tagora in terms of the untraceability and reliability, and also provide security analysis on how Tagora can defend against plausible attacks while meeting security requirements.
AB - Radio-frequency identification (RFID) system, successfully adopted in many industrial applications, suffers from security issues due to the inherent weakness of wireless communication, such as eavesdropping, replay attack, impersonation attack, and traceability issues. A lot of research efforts based on cryptographic primitives have been conducted in a decade, however, most of the existing security protocols depending on cryptosystems are not feasible to be applied due to the minimalist design of passive tags. A lightweight cryptographic authentication is one of the practical solutions, but it has traceability issues from physical layer information. The other approach is to use the properties of the physical layer of RFID systems. However, since the physical-layer characteristics cannot be intentionally updated, they are vulnerable to situations where an adversary actively obtains authentic data for traceability attacks or replay attacks. Therefore, to resist the security threats, we propose Tagora, a cross-layer authentication protocol, which is the first integration work of two-layer approaches that harness the unpredictable properties of tag's collision responses at both the physical and application layers. Our protocol design is composed of a collision recovery algorithm with a random offset scheme and phase encryption in the physical layer, and authentication process based on a challenge-response mechanism in the application layer. We evaluate Tagora in terms of the untraceability and reliability, and also provide security analysis on how Tagora can defend against plausible attacks while meeting security requirements.
KW - Authentication protocol
KW - backscatter communication
KW - multitag
KW - radio-frequency identification (RFID) system
KW - wireless security
UR - http://www.scopus.com/inward/record.url?scp=85083694330&partnerID=8YFLogxK
U2 - 10.1109/JIOT.2020.2972915
DO - 10.1109/JIOT.2020.2972915
M3 - Article
AN - SCOPUS:85083694330
VL - 7
SP - 3571
EP - 3585
JO - IEEE Internet of Things Journal
JF - IEEE Internet of Things Journal
SN - 2327-4662
IS - 4
M1 - 8993795
ER -