Radio frequency identification (RFID) is a very important technique for object identification in modern life (for instance it can be widely used in manufacture, transportation, medical treatment, etc). RFID'has many advantages such as its celerity, low cost, veracity in processing data through unique identification and so on. Insubvertible encryption is a new type of re-encryption method, which plays an important role in the security design of RFID system. Recently, Osaka et. Al. Presented an RFID protocol based on insubvertible encryption and guardian proxy. They claimed that their RFID protocol was secure against the tag spoofing and swapping attacks and so on. However, in this paper, we found that there is a differential invariable relationship between the random numbers of read and guardian proxy in computing the sharing key. Based on this observation, we propose an asynchronous attack on this RFID protocol. By forging two random numbers from read and guardian proxy, we can successfully fulfill all the authentication steps of Read and back-end database server. Moreover, the sharing secret between the tag and server is changed such that a legitimate tag cannot normally pass the authentication in RFID protocol. It means that this RFID protocol is very insecure under the asynchronous attack.%稳固加密(insubvertible encryption)是一种新型的重加密技术,它在RFID安全协议设计中发挥着重要的作用.最近,Osaka等人基于稳固加密和守护代理提出了一种新的RFID认证协议,并声称该协议具有不可追踪性、标签不可欺骗性、抵抗替换攻击、拥有权可以安全转移、密钥安全同步更新等.利用该协议中读卡器随机数和守护代理随机数的差量恒等关系,提出了一种异步攻击方法:通过伪造差量恒等的随机数,可以有效地进行读卡器和后台服务器的所有认证计算,并使服务器上的密钥和标签密钥异步,从而导致合法标签被拒绝服务.研究结果表明:该协议在异步攻击下是很脆弱的.
展开▼
