本研究探討RFID的認證協定,在後端為安全通道之下,Yeh等人改善了Chen等人的認證協定,解決Chen等人的認證的安全威脅。
但是,我們認為,現在很多生活應用後端不一定是安全通道,所以我們將從後端為無線環境的假設下,去探討此認證協定,是否還能夠避免安全上的威脅。
針對我們的假設,兩者的認證在不安全通道下,還是有安全威脅,為了解決這些問題,我們以目前的認證協定,加上時間戳記和互斥或運算,使得認證協定能夠避免重送攻擊,隨之而來的假冒攻擊和阻絕服務攻擊也不可能發生。
我們研究發現,此認證也具有匿名性、保密性、避免地點追蹤、前推私密性、避免重送攻擊、假冒攻擊和阻絕服務攻擊等特性,在無線環境中,能夠更廣泛利用。
From the literature, it is known that Yeh et al. has improved Chen et al.’s authenti-cation scheme so that it can resist against attacks like impersonation attack, location privacy and replay attack. However, transmitting data in a wireless way is very popular today and it is relatively not secure. So it is not sufficient to investigate the authentica-tion scheme based on a secure channel between the server and the reader.
Under the assumption of insecure channel between the server and the reader, we launch three successful attacks: reply attack, denial of service attack and masquerading attack. It shows that Yeh et al.’s scheme is insecure against such attacks. To solve the problem, we add the timestamp to the scheme. It can be found such improved scheme can withstand the above three attacks under wireless environment.
Besides, the improved scheme still maintains the advantages mentioned by Yeh et al. like anonymity, secrecy, locations privacy, forward secrecy, replay attack, imperso-nation attacks and denial of service attacks.
