Good Variants of HB + Are Hard to Find
Financial Cryptography and Data Security
Attacks on CKK Family of RFID Authentication Protocols
ADHOC-NOW '08 Proceedings of the 7th international conference on Ad-hoc, Mobile and Wireless Networks
Passive attacks on a class of authentication protocols for RFID
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
A lightweight anti-desynchronization RFID authentication protocol
Information Systems Frontiers
Securing low-cost RFID systems: An unconditionally secure approach
Journal of Computer Security - 2010 Workshop on RFID Security (RFIDSec'10 Asia)
Security threat mitigation trends in low-cost RFID systems
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
| Hi-index | 0.00 |
Vajda and Butty¢楼an proposed several lightweight authentication protocols for authenticating RFID tags to readers, and left open the quantifiable cryptographic strength. Our cryptanalysis answers this open question by implementing and measuring attacks against their XOR and SUBSET protocols. A passive eavesdropper can impersonate a tag in the XOR protocol after observing only 70 challenge-response transactions between the tag and reader. In contrast, the theoretical maximum strength of the XOR protocol could have required 16!2 observed transactions to break the key. Our experiments also show that a passive eavesdropper can recover the shared secret used in the XOR protocol by observing an expected 1,092 transactions. Additionally, a nearly optimal active attack against the SUBSET protocol extracts almost one bit of information for each bit emitted by the tag.