Weaknesses in two recent lightweight RFID authentication protocols

Authors:
Pedro Peris-Lopez;Julio C. Hernandez-Castro;Juan M. E. Tapiador;Tieyan Li;Jan C. A. van der Lubbe
Affiliations:
Department of Information and Communication, Delft University of Technology;School of Computing, University of Portsmouth;Department of Computer Science, University of York;Institute for Infocomm Research, A*STAR Singapore;Department of Information and Communication, Delft University of Technology
Venue:
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Year:
2009

Citing 10
Cited 0

Secure Human Identification Protocols

ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards

Computer Standards & Interfaces
Defining Strong Privacy for RFID

PERCOMW '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops
SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity

IEEE Transactions on Dependable and Secure Computing
A Minimalist Mutual Authentication Protocol for RFID System & BAN Logic Analysis

CCCM '08 Proceedings of the 2008 ISECS International Colloquium on Computing, Communication, Control, and Management - Volume 02
Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard

Computer Standards & Interfaces
Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol

Information Security Applications
Vulnerability of an RFID authentication protocol conforming to EPC Class 1 Generation 2 Standards

Computer Standards & Interfaces
Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI

IEEE Transactions on Dependable and Secure Computing
Authenticating pervasive devices with human protocols

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

The design of secure authentication solutions for low-cost RFID tags is still an open and quite challenging problem, though many algorithms have been published lately. In this paper, we analyze two recent proposals in this research area. First, Mitra's scheme is scrutinized, revealing its vulnerability to cloning and traceability attacks, which are among the security objectives pursued in the protocol definition [1]. Later, we show how the protocol is vulnerable against a full disclosure attack after eavesdropping a small number of sessions. Then, we analyze a new EPC-friendly scheme conforming to EPC Class-1 Generation-2 specification (ISO/IEC 180006-C), introduced by Qingling and Yiju [2]. This proposal attempts to correct many of the well known security shortcomings of the standard, and even includes a BAN logic based formal security proof. However, notwithstanding this formal security analysis, we show that Qingling et al.'s protocol offers roughly the same security as the standard they try to improve, is vulnerable to tag and reader impersonation attacks, and allows tag traceability.