Passive attacks on a class of authentication protocols for RFID

Authors:
Basel Alomair;Loukas Lazos;Radha Poovendran
Affiliations:
Network Security Lab., Electrical Engineering Department, University of Washington;Network Security Lab., Electrical Engineering Department, University of Washington;Network Security Lab., Electrical Engineering Department, University of Washington
Venue:
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Year:
2007

Citing 7
Cited 8

Introduction to Cryptography

Introduction to Cryptography
RFID Privacy: An Overview of Problems and Proposed Solutions

IEEE Security and Privacy
Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Cryptanalysis of Two Lightweight RFID Authentication Schemes

PERCOMW '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops
M2AP: a minimalist mutual-authentication protocol for low-cost RFID tags

UIC'06 Proceedings of the Third international conference on Ubiquitous Intelligence and Computing
Minimalist cryptography for low-cost RFID tags (extended abstract)

SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
Authenticating pervasive devices with human protocols

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology

Algebraic Attacks on RFID Protocols

WISTP '09 Proceedings of the 3rd IFIP WG 11.2 International Workshop on Information Security Theory and Practice. Smart Devices, Pervasive Systems, and Ubiquitous Networks
Untraceability of RFID protocols

WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Strong authentication and strong integrity (SASI) is not that strong

RFIDSec'10 Proceedings of the 6th international conference on Radio frequency identification: security and privacy issues
Tree-based RFID authentication protocols are definitively not privacy-friendly

RFIDSec'10 Proceedings of the 6th international conference on Radio frequency identification: security and privacy issues
Securing low-cost RFID systems: An unconditionally secure approach

Journal of Computer Security - 2010 Workshop on RFID Security (RFIDSec'10 Asia)
Privacy-friendly synchronized ultralightweight authentication protocols in the storm

Journal of Network and Computer Applications
Addressing flaws in RFID authentication protocols

INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
Security and Privacy Analysis of Song---Mitchell RFID Authentication Protocol

Wireless Personal Communications: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

Mutual authentication mechanisms can be used in RFID systems to preserve the confidentiality of the RFID tags. Hiding the unique IDs of the tags is critical to prevent unauthorized tag tracking. In this paper, we analyze two mutual authentication protocols called M2AP and EMAP, recently proposed by Peris-Lopez et. al. We show that a passive adversary eavesdropping on the open wireless medium, can extract the unique ID of the RFID tag by collecting an expected O(log2 L) challenge-response exchange messages between the tag and the reader, where L is the length of the tag's unique ID. To date, previously known attacks on M2AP and EMAP require the active probing of each tag. Furthermore, attacks on M2AP require O(L) active queries to be sent to the tag by a rogue reader, as opposed to O(log2 L).