Analysis of relay, terrorist fraud and distance fraud attacks on RFID systems

Radio Frequency Identification (RFID) technology is used in myriad applications because of its speed of execution, ease of manufacturing and usability. In the domain of critical infrastructure protection, RFID systems are often used to identify people, objects and vehicles that enter restricted areas, and to track packages and cargo containers. Relay attacks are known to pose serious threats to the authentication protocols used in RFID systems. In 2014, Urien and Piramuthu proposed an authentication protocol that simultaneously uses a temperature sensor and a distance bounding scheme to protect RFID systems from relay attacks. They claim that the authentication protocol provides the maximum level of security against relay attacks as well as against the related terrorist fraud and distance fraud attacks. This paper shows that the Urien-Piramuthu authentication protocol is vulnerable to all three attacks with attacker success probabilities of 100%, implying that the protocol cannot protect RFID systems from the attacks.