Tagora: A Collision-Exploitative RFID Authentication Protocol Based on Cross-Layer Approach

Hoorin Park; Heejun Roh; Wonjun Lee

doi:10.1109/JIOT.2020.2972915

Tagora: A Collision-Exploitative RFID Authentication Protocol Based on Cross-Layer Approach

Hoorin Park, Heejun Roh, Wonjun Lee

School of Cybersecurity

Research output: Contribution to journal › Article › peer-review

12 Citations (Scopus)

Abstract

Radio-frequency identification (RFID) system, successfully adopted in many industrial applications, suffers from security issues due to the inherent weakness of wireless communication, such as eavesdropping, replay attack, impersonation attack, and traceability issues. A lot of research efforts based on cryptographic primitives have been conducted in a decade, however, most of the existing security protocols depending on cryptosystems are not feasible to be applied due to the minimalist design of passive tags. A lightweight cryptographic authentication is one of the practical solutions, but it has traceability issues from physical layer information. The other approach is to use the properties of the physical layer of RFID systems. However, since the physical-layer characteristics cannot be intentionally updated, they are vulnerable to situations where an adversary actively obtains authentic data for traceability attacks or replay attacks. Therefore, to resist the security threats, we propose Tagora, a cross-layer authentication protocol, which is the first integration work of two-layer approaches that harness the unpredictable properties of tag's collision responses at both the physical and application layers. Our protocol design is composed of a collision recovery algorithm with a random offset scheme and phase encryption in the physical layer, and authentication process based on a challenge-response mechanism in the application layer. We evaluate Tagora in terms of the untraceability and reliability, and also provide security analysis on how Tagora can defend against plausible attacks while meeting security requirements.

Original language	English
Article number	8993795
Pages (from-to)	3571-3585
Number of pages	15
Journal	IEEE Internet of Things Journal
Volume	7
Issue number	4
DOIs	https://doi.org/10.1109/JIOT.2020.2972915
Publication status	Published - 2020 Apr

Bibliographical note

Funding Information:
Manuscript received September 4, 2019; revised January 27, 2020; accepted February 3, 2020. Date of publication February 11, 2020; date of current version April 14, 2020. This work was supported in part by the National Research Foundation of Korea (NRF) grant funded by the Korea Government (Ministry of Science and ICT) under Grant 2019R1A2C2088812, in part by the Next-Generation Information Computing Development Program through the NRF funded by the Ministry of Science and ICT under Grant 2017M3C4A7083676, and in part by the Korea University Grant. (Corresponding author: Wonjun Lee.) Hoorin Park and Wonjun Lee are with the Network and Security Research Laboratory, School of Cybersecurity, Korea University, Seoul 02841, South Korea (e-mail: wlee@korea.ac.kr).

Publisher Copyright:
© 2014 IEEE.

Keywords

Authentication protocol
backscatter communication
multitag
radio-frequency identification (RFID) system
wireless security

ASJC Scopus subject areas

Signal Processing
Information Systems
Hardware and Architecture
Computer Science Applications
Computer Networks and Communications

Access to Document

10.1109/JIOT.2020.2972915

Cite this

@article{43b73ec3125a4b6b8a09059794c84603,

title = "Tagora: A Collision-Exploitative RFID Authentication Protocol Based on Cross-Layer Approach",

abstract = "Radio-frequency identification (RFID) system, successfully adopted in many industrial applications, suffers from security issues due to the inherent weakness of wireless communication, such as eavesdropping, replay attack, impersonation attack, and traceability issues. A lot of research efforts based on cryptographic primitives have been conducted in a decade, however, most of the existing security protocols depending on cryptosystems are not feasible to be applied due to the minimalist design of passive tags. A lightweight cryptographic authentication is one of the practical solutions, but it has traceability issues from physical layer information. The other approach is to use the properties of the physical layer of RFID systems. However, since the physical-layer characteristics cannot be intentionally updated, they are vulnerable to situations where an adversary actively obtains authentic data for traceability attacks or replay attacks. Therefore, to resist the security threats, we propose Tagora, a cross-layer authentication protocol, which is the first integration work of two-layer approaches that harness the unpredictable properties of tag's collision responses at both the physical and application layers. Our protocol design is composed of a collision recovery algorithm with a random offset scheme and phase encryption in the physical layer, and authentication process based on a challenge-response mechanism in the application layer. We evaluate Tagora in terms of the untraceability and reliability, and also provide security analysis on how Tagora can defend against plausible attacks while meeting security requirements.",

keywords = "Authentication protocol, backscatter communication, multitag, radio-frequency identification (RFID) system, wireless security",

author = "Hoorin Park and Heejun Roh and Wonjun Lee",

note = "Funding Information: Manuscript received September 4, 2019; revised January 27, 2020; accepted February 3, 2020. Date of publication February 11, 2020; date of current version April 14, 2020. This work was supported in part by the National Research Foundation of Korea (NRF) grant funded by the Korea Government (Ministry of Science and ICT) under Grant 2019R1A2C2088812, in part by the Next-Generation Information Computing Development Program through the NRF funded by the Ministry of Science and ICT under Grant 2017M3C4A7083676, and in part by the Korea University Grant. (Corresponding author: Wonjun Lee.) Hoorin Park and Wonjun Lee are with the Network and Security Research Laboratory, School of Cybersecurity, Korea University, Seoul 02841, South Korea (e-mail: wlee@korea.ac.kr). Publisher Copyright: {\textcopyright} 2014 IEEE.",

year = "2020",

month = apr,

doi = "10.1109/JIOT.2020.2972915",

language = "English",

volume = "7",

pages = "3571--3585",

journal = "IEEE Internet of Things Journal",

issn = "2327-4662",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "4",

}

TY - JOUR

T1 - Tagora

T2 - A Collision-Exploitative RFID Authentication Protocol Based on Cross-Layer Approach

AU - Park, Hoorin

AU - Roh, Heejun

AU - Lee, Wonjun

N1 - Funding Information: Manuscript received September 4, 2019; revised January 27, 2020; accepted February 3, 2020. Date of publication February 11, 2020; date of current version April 14, 2020. This work was supported in part by the National Research Foundation of Korea (NRF) grant funded by the Korea Government (Ministry of Science and ICT) under Grant 2019R1A2C2088812, in part by the Next-Generation Information Computing Development Program through the NRF funded by the Ministry of Science and ICT under Grant 2017M3C4A7083676, and in part by the Korea University Grant. (Corresponding author: Wonjun Lee.) Hoorin Park and Wonjun Lee are with the Network and Security Research Laboratory, School of Cybersecurity, Korea University, Seoul 02841, South Korea (e-mail: wlee@korea.ac.kr). Publisher Copyright: © 2014 IEEE.

PY - 2020/4

Y1 - 2020/4

N2 - Radio-frequency identification (RFID) system, successfully adopted in many industrial applications, suffers from security issues due to the inherent weakness of wireless communication, such as eavesdropping, replay attack, impersonation attack, and traceability issues. A lot of research efforts based on cryptographic primitives have been conducted in a decade, however, most of the existing security protocols depending on cryptosystems are not feasible to be applied due to the minimalist design of passive tags. A lightweight cryptographic authentication is one of the practical solutions, but it has traceability issues from physical layer information. The other approach is to use the properties of the physical layer of RFID systems. However, since the physical-layer characteristics cannot be intentionally updated, they are vulnerable to situations where an adversary actively obtains authentic data for traceability attacks or replay attacks. Therefore, to resist the security threats, we propose Tagora, a cross-layer authentication protocol, which is the first integration work of two-layer approaches that harness the unpredictable properties of tag's collision responses at both the physical and application layers. Our protocol design is composed of a collision recovery algorithm with a random offset scheme and phase encryption in the physical layer, and authentication process based on a challenge-response mechanism in the application layer. We evaluate Tagora in terms of the untraceability and reliability, and also provide security analysis on how Tagora can defend against plausible attacks while meeting security requirements.

AB - Radio-frequency identification (RFID) system, successfully adopted in many industrial applications, suffers from security issues due to the inherent weakness of wireless communication, such as eavesdropping, replay attack, impersonation attack, and traceability issues. A lot of research efforts based on cryptographic primitives have been conducted in a decade, however, most of the existing security protocols depending on cryptosystems are not feasible to be applied due to the minimalist design of passive tags. A lightweight cryptographic authentication is one of the practical solutions, but it has traceability issues from physical layer information. The other approach is to use the properties of the physical layer of RFID systems. However, since the physical-layer characteristics cannot be intentionally updated, they are vulnerable to situations where an adversary actively obtains authentic data for traceability attacks or replay attacks. Therefore, to resist the security threats, we propose Tagora, a cross-layer authentication protocol, which is the first integration work of two-layer approaches that harness the unpredictable properties of tag's collision responses at both the physical and application layers. Our protocol design is composed of a collision recovery algorithm with a random offset scheme and phase encryption in the physical layer, and authentication process based on a challenge-response mechanism in the application layer. We evaluate Tagora in terms of the untraceability and reliability, and also provide security analysis on how Tagora can defend against plausible attacks while meeting security requirements.

KW - Authentication protocol

KW - backscatter communication

KW - multitag

KW - radio-frequency identification (RFID) system

KW - wireless security

UR - http://www.scopus.com/inward/record.url?scp=85083694330&partnerID=8YFLogxK

U2 - 10.1109/JIOT.2020.2972915

DO - 10.1109/JIOT.2020.2972915

M3 - Article

AN - SCOPUS:85083694330

SN - 2327-4662

VL - 7

SP - 3571

EP - 3585

JO - IEEE Internet of Things Journal

JF - IEEE Internet of Things Journal

IS - 4

M1 - 8993795

ER -

Tagora: A Collision-Exploitative RFID Authentication Protocol Based on Cross-Layer Approach

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this