A Mobile RFID Authentication Scheme Based on the COMP-128 Algorithm

Radio frequency identification (RFID), based on the MIT Auto-ID project [1], is a technology that uses wireless transmission to identify an object. RFID is seeing increased use in various industries as an alternative to the bar code. An RFID system consists of three components: the reader, the tag, and the back-end database. Some advantages of an RFID system are that it does not require direct contact with the tag, and can scan multiple tags simultaneously. However, because the reader uses wireless technology to communicate with the tag and the EPC Class 1 Gen 2 protocol [2] does not have a well-designed access mechanism to protect the tag data privacy and location privacy, a malicious attacker is able to retrieve the tag’s information by listening to the traffic between the reader and the tag [3]. To protect the information stored on a tag, Juels [5] and Weis [6] proposed methods for a tag to lock or destroy itself when attacked. However, these methods are an inconvenience to normal users. Many studies [7] propose authentication mechanisms in RFID systems, in which only authorized readers can read the correct information storing on the tag. However, due to hardware limitations, an RFID tag cannot perform complex operations, such as traditional symmetric and asymmetric encryption algorithms. Previous research proposes using the simple XOR operation to encrypt messages in RFID authentication protocols. Some studies use the RFID tag’s built-in CRC function to achieve message authentication [8]. Other studies [4][9][10][11] use the one-way hash function to enhance authentication protocol security. This study briefly explains these authentication mechanisms and analyzes existing security issues. Karthikeyan [12] proposed a mutual authentication scheme that uses two matrices and the corresponding anti-matrix. In this approach, the multiplication of a vector key and the matrix serves as an authentication index for the tag. However, in Karthikeyan’s scheme, the tag does not verify reader’s return value; that is, the attacker can re-send the message to track tag’s location. Duc [8] used the built-in CRC function of an RFID tag to generate a message authentication code (MAC) consisting of a random number and a secret previously shared between the tag and the reader. Duc uses the MAC to authenticate the tag and update the pre-shared secret. However, Duc’s scheme cannot prevent the forge attack and it does not have forward security. To enhance Karthikeyan and Duc’s scheme, Chien [13] proposed a synchronization Source: Radio Frequency Identification Fundamentals and Applications, Bringing Research to Practice, Book edited by: Cristina Turcu, ISBN 978-953-7619-73-2, pp. 278, February 2010, INTECH, Croatia, downloaded from SCIYO.COM