Security of ultra-lightweight RFID authentication protocols and its improvements
ACM SIGOPS Operating Systems Review
IEEE Transactions on Dependable and Secure Computing
Security Analysis of the SASI Protocol
IEEE Transactions on Dependable and Secure Computing
Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol
Information Security Applications
Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI
IEEE Transactions on Dependable and Secure Computing
Weaknesses in a recent ultra-lightweight RFID authentication protocol
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Cryptanalysis of the David-Prasad RFID ultralightweight authentication protocol
RFIDSec'10 Proceedings of the 6th international conference on Radio frequency identification: security and privacy issues
M2AP: a minimalist mutual-authentication protocol for low-cost RFID tags
UIC'06 Proceedings of the Third international conference on Ubiquitous Intelligence and Computing
EMAP: an efficient mutual-authentication protocol for low-cost RFID tags
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
Privacy-friendly synchronized ultralightweight authentication protocols in the storm
Journal of Network and Computer Applications
Hi-index | 0.00 |
In 2010, Yeh, Lo and Winata [1] proposed a process-oriented ultralightweight RFID authentication protocol. This protocol is claimed to provide strong security and robust privacy protection, while at the same time the usage of resources on tags is optimized. Nevertheless, in this paper we show how the protocol does not achieve any of its intended security objectives; the main result is that the most valuable information stored on the tag, that is, the static identifier ID, is easily recovered even by a completely passive attacker in a number of ways. More precisely, we start by presenting a traceability attack on the protocol that allows tags to be traced. This essentially exploits the fact that the protocol messages leak out at least one bit of the static identifier. We then present a passive attack (named Norwegian attack) that discloses ⌊log2 L⌋ bits of the ID, after observing roughly O(L) authentication sessions. Although this attack may seem less feasible in retrieving the full 96-bits of the ID due to the large number of eavesdropped sessions involved, it is already powerful enough to serve as a basis for a very effective traceability attack. Finally, our last attack represents a step forward in the use of a recent cryptanalysis technique (called Tango attack [2]), which allows for an extremely efficient full disclosure attack, capable of revealing the value of the whole ID after eavesdropping only a very small number of sessions.