A Model for Secure Protocols and Their Compositions
IEEE Transactions on Software Engineering
Inter-protocol interleaving attacks on some authentication and key distribution protocols
Information Processing Letters
Protocol Interactions and the Chosen Protocol Attack
Proceedings of the 5th International Workshop on Security Protocols
A Hierarchy of Authentication Specifications
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
Feasibility of Multi-Protocol Attacks
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Defining Strong Privacy for RFID
PERCOMW '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops
A framework for compositional verification of security protocols
Information and Computation
rfidDOT: RFID delegation and ownership transfer made simple
Proceedings of the 4th international conference on Security and privacy in communication netowrks
A New Formal Proof Model for RFID Location Privacy
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Cryptanalysis of EC-RAC, a RFID Identification Protocol
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
Algebraic Attacks on RFID Protocols
WISTP '09 Proceedings of the 3rd IFIP WG 11.2 International Workshop on Information Security Theory and Practice. Smart Devices, Pervasive Systems, and Ubiquitous Networks
RFID privacy: relation between two notions, minimal condition, and efficient construction
Proceedings of the 16th ACM conference on Computer and communications security
Low-cost untraceable authentication protocols for RFID
Proceedings of the third ACM conference on Wireless network security
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Untraceability of RFID protocols
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
RFID security: tradeoffs between security and efficiency
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Secure ownership and ownership transfer in RFID systems
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Limits of the BRSIM/UC soundness of dolev-yao models with hashes
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Hierarchical ECC-Based RFID authentication protocol
RFIDSec'11 Proceedings of the 7th international conference on RFID Security and Privacy
Light-weight primitive, feather-weight security: a cryptanalytic knock-out
Proceedings of the Workshop on Embedded Systems Security
| Hi-index | 0.00 |
We demonstrate two classes of attacks on EC-RAC, a growing set of RFID protocols. Our first class of attacks concerns the compositional approach used to construct a particular revision of EC-RAC. We invalidate the authentication and privacy claims made for that revision. We discuss the significance of the fact that RFID privacy is not compositional in general. Our second class of attacks applies to all versions of EC-RAC and reveals hitherto unknown vulnerabilities in the latest version of EC-RAC. It is a general man-in-the-middle attack executable by a weak adversary. We show a general construction for improving narrow-weak private protocols to wide-weak private protocols and indicate specific improvements for the flaws of EC-RAC exhibited in this document.