Taipei : Institute of electrical and electronics engineers (IEEE)
Recently, Chen et al. proposed a novel and efficient mutual authentication scheme based on quadratic residues for RFID systems. The scheme is efficient in that it uses direct indexing to search the back-end database, instead of brute-force search in most existing schemes. In addition, the scheme satisfies all the security requirements needed in an RFID system; i.e., (1) tag ID (TID) anonymity, (2) individual location privacy, (3) forward secrecy, (4) resistance to replay attack, and (5) resistance to denial-of-service (DOS) attack. In this paper, however, we will show that their scheme is vulnerable to tag tracking attacks and reader/server spoofing attacks. We, then, present an improvement to overcome these drawbacks, while preserving all their merits.
Proceedings of the 2009 Joint Conferences on Pervasive Computing, pp.373-376