Security Analysis of the RFID Authentication Protocol using Model Checking

In RFID security(Gildas), few mechanisms focus on data protection of the tags, message interception over the air channel, and eavesdropping within the interrogation zone of the RFID reader(Sarma et al.a)(Weis et al.). Among these issues, we will discuss two aspects on the risks posed to the passive party by RFID , which have so far been dominated by the topics of data protection associated with data privacy and identity authentication between tag and reader. Firstly, the data privacy problem states that storing person-specific data in an RFID system can threaten the privacy of the passive party. This party might be, for example, a customer or an employee of the operator. The passive party uses tags or items that have been identified as tags, but the party has no control over the data stored on the tags. Secondly, the authentication will be carried out when the identity of a person or a program is checked. Then, on that basis, authorization takes place, i.e. rights, such as the right of access to data are granted. In the case of RFID systems, it is particularly important for tags to be authenticated by the reader and vice-versa. In addition, readers must authenticate themselves to the backend, however in this case there are no RFID-specific security problems. There have been some approaches focusing on the RFID privacy and authentication issues, including killing tags at the checkout, renaming the identifier of the tag, physical tag password, hash encryption, random access hash and hash based ID variation. The last three approaches of these will be discussed in detail in this chapter. We will not discuss the remaining approaches in this chapter as they are physical solving approaches. The last three approaches are security protocols(Ryan & Schneider) that play the essential role of minimizing the burden of privacy and authentication problems. As with any protocol, the security protocol comprises a prescribed sequence of interactions between entities, and is designed to achieve a certain end. Security protocols are, in fact, excellent candidates for rigorous analysis techniques: they are critical components of distributed security architecture, very easy to express, however, extremely difficult to evaluate by hand. Formal methods play a very critical role in examining whether a security protocol is ambiguous, incorrect, inconsistent or incomplete. Hence, the importance of applying formal methods, particularly for safety critical systems, cannot be overemphasized. There are two main approaches in formal methods, logic based methodology (Gong et al.), and tool based methodology (Hoare)(Lowe)(FDR). In this chapter, we specify hash based RFID security protocols(Sarma et al.a) as the previous work that employs hash functions to secure the RFID 6