Providing resistance against server information leakage in RFID systems

Official URL: http://dx.doi.org/10.1109/NTMS.2011.5720587

RFID (Radio Frequency Identification) technology has been widely used in daily life, such as in access control, electronic passports, contactless credit cards, transportation, and animal tracking. However, this technology may cause various security and privacy problems, e.g. traceability of tag owner, malicious eavesdropping of tags and cloning of tags. In order to thwart these security and privacy problems, a wide variety of authentication protocols have been proposed in the literature. All of these protocols assume that the server is secure, and it does not leak any information about the system. In this paper, we propose a novel attack on RFID systems, namely Server Information Leakage (SIL) attack. In this attack, an adversary illegally captures information from the server and sends this information to the reader in order to impersonate the tag. To the best of our knowledge, none of the existing protocols resist against this new attack. We also propose an RFID authentication protocol that provides resistance against SIL attack and other known attacks.