On the security of tan et al. serverless RFID authentication and search protocols

Authors:
Masoumeh Safkhani;Pedro Peris-Lopez;Nasour Bagheri;Majid Naderi;Julio Cesar Hernandez-Castro
Affiliations:
Department of Electrical Engineering, Iran University of Science and Technology (IUST), Tehran, Iran;Computer Security Lab (COSEC), Carlos III University of Madrid, Spain;Department of Electrical Engineering, Shahid Rajaee Teachers Training University, Tehran, Iran;Department of Electrical Engineering, Iran University of Science and Technology (IUST), Tehran, Iran;School of Computing, University of Portsmouth, UK
Venue:
RFIDSec'12 Proceedings of the 8th international conference on Radio Frequency Identification: security and privacy issues
Year:
2012

Citing 15
Cited 0

Hash functions based on block ciphers: a synthetic approach

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Prudent Engineering Practice for Cryptographic Protocols

IEEE Transactions on Software Engineering
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Design Principle for Hash Functions

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Formal aspects of mobile code security

Formal aspects of mobile code security
Strengthening EPC tags against cloning

Proceedings of the 4th ACM workshop on Wireless security
Defining Strong Privacy for RFID

PERCOMW '07 Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications Workshops
On Randomizing Hash Functions to Strengthen the Security of Digital Signatures

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI

IEEE Transactions on Dependable and Secure Computing
Hash functions based on block ciphers

EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
A case against currently used hash functions in RFID protocols

OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
Second preimages on n-bit hash functions for much less than 2n work

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Strengthening digital signatures via randomized hashing

CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Secure and Serverless RFID Authentication and Search Protocols

IEEE Transactions on Wireless Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we analyze the security of the mutual authentication and search protocols recently proposed by Tan et al. [20]. Our security analysis clearly highlights important security pitfalls in these. More precisely, privacy location of the tags' holder is compromised by the authentication protocol. Moreover, the static identifier which represents the most valuable information that a tag supposedly transmits in a secure way, can be exposed by an adversary when the authentication protocol is used in combination with one of the search protocols. Finally, we point out how the improved search protocols are vulnerable to traceability attacks, and show the way an attacker can impersonate a legitimate tag.