Vulnerabilities and Improvements on HRAP+, a Hash-Based RFID Authentication Protocol
Abstract
In the last decade, Radio Frequency Identification (RFID) systems are employed in many authentications and identifi-cations applications. In RFID systems, in order to provide secure authentication between RFID users, different au-thentication protocols proposed. In 2011, Cho et al. pro-posed a hash-based mutual RFID authentication protocol (HRAP). They claimed that HRAP protocol provides secure communication between RFID users and also it can provide users privacy. In that year, Habibi et al. investigated the se-curity and privacy of HRAP protocol and showed that HRAP protocol has some weaknesses. Then, Habibi et al. proposed an improved version of HRAP protocol (HRAP+) that eliminates all weaknesses of HRAP protocol. In this study, we cryptanalyze the HRAP+ protocol and we show that there are some flaws in HRAP+ protocol still. It is shown that, an attacker can perform tag impersonation, server impersonation, and replay attacks with success prob-ability greater than 14. Then, in order to omit all mentioned weaknesses, we propose an improved version of HRAP+ protocol. Security analysis shows that the improved proto-col can improve the performance of HRAP+ protocol. In ad-dition, we compare the security of the proposed protocol with some hash-based protocols that proposed recently.
Keywords
RFID authentication protocols; HRAP+ protocol; Security; Impersonation Attack