Paper 2017/547

Security Analysis of an Ultra-lightweight RFID Authentication Protocol for M-commerce

Seyed Farhad Aghili and Hamid Mala

Abstract

Over the last few years, more people perform their social activities on mobile devices, such as mobile payment or mobile wallet. Mobile commerce (m-commerce) refers to manipulating electronic commerce (e-commerce) by using mobile devices and wireless networks. Radio frequency identification(RFID) is a technology which can be employed to complete payment functions on m-commerce. As an RFID subsystem is applied in m-commerce and supply chains, the related security concerns is very important. Recently, Fan et al. have proposed an ultra-lightweight RFID authentication scheme for m-commerce(ULRAS) and claimed that their protocol is enough efficient, and provides a high level of security. In this paper, we show that their protocol is vulnerable to secret disclosure and reader impersonation attacks. Finally, we improve the Fan et al. protocol to present a new one, which is resistant to the mentioned attacks presented in this paper and the other known attacks in the context of RFID authentication. Our proposed improvement does not impose any additional workload on the RFID tag.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
Mobile commerceRFIDUltra-lightweightSecret disclosureImpersonation
Contact author(s)
aghili farhad60 @ gmail com
History
2017-06-08: received
Short URL
https://ia.cr/2017/547
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/547,
      author = {Seyed Farhad Aghili and Hamid Mala},
      title = {Security Analysis of an Ultra-lightweight RFID Authentication Protocol for M-commerce},
      howpublished = {Cryptology ePrint Archive, Paper 2017/547},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/547}},
      url = {https://eprint.iacr.org/2017/547}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.