Quasi-linear cryptanalysis of a secure RFID ultralightweight authentication protocol

Authors:
Pedro Peris-Lopez;Julio Cesar Hernandez-Castro;Raphael C.-W. Phan;Juan M. E. Tapiador;Tieyan Li
Affiliations:
Security & Privacy Lab, Faculty of EEMCS, Delft University of Technology;School of Computing, University of Portsmouth;Department of Electronic and Electrical Engineering, Loughborough University;Department of Computer Science, University of York;Institute for Infocomm Research, A*STAR Singapore
Venue:
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Year:
2010

Citing 9
Cited 1

Security of ultra-lightweight RFID authentication protocols and its improvements

ACM SIGOPS Operating Systems Review
SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity

IEEE Transactions on Dependable and Secure Computing
Security Analysis of the SASI Protocol

IEEE Transactions on Dependable and Secure Computing
Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol

Information Security Applications
Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI

IEEE Transactions on Dependable and Secure Computing
Weaknesses in a recent ultra-lightweight RFID authentication protocol

AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Cryptanalysis of the David-Prasad RFID ultralightweight authentication protocol

RFIDSec'10 Proceedings of the 6th international conference on Radio frequency identification: security and privacy issues
M2AP: a minimalist mutual-authentication protocol for low-cost RFID tags

UIC'06 Proceedings of the Third international conference on Ubiquitous Intelligence and Computing
EMAP: an efficient mutual-authentication protocol for low-cost RFID tags

OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Privacy-friendly synchronized ultralightweight authentication protocols in the storm

Journal of Network and Computer Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In 2010, Yeh, Lo and Winata [1] proposed a process-oriented ultralightweight RFID authentication protocol. This protocol is claimed to provide strong security and robust privacy protection, while at the same time the usage of resources on tags is optimized. Nevertheless, in this paper we show how the protocol does not achieve any of its intended security objectives; the main result is that the most valuable information stored on the tag, that is, the static identifier ID, is easily recovered even by a completely passive attacker in a number of ways. More precisely, we start by presenting a traceability attack on the protocol that allows tags to be traced. This essentially exploits the fact that the protocol messages leak out at least one bit of the static identifier. We then present a passive attack (named Norwegian attack) that discloses ⌊log2 L⌋ bits of the ID, after observing roughly O(L) authentication sessions. Although this attack may seem less feasible in retrieving the full 96-bits of the ID due to the large number of eavesdropped sessions involved, it is already powerful enough to serve as a basis for a very effective traceability attack. Finally, our last attack represents a step forward in the use of a recent cryptanalysis technique (called Tango attack [2]), which allows for an extremely efficient full disclosure attack, capable of revealing the value of the whole ID after eavesdropping only a very small number of sessions.