© The Institution of Engineering and Technology
The authors describe three attacks against an efficient lightweight mutual authentication protocol recently proposed by Kulseng et al. These attacks are unique as they are closely related and must be performed in order, one after another. They break the untraceability, confidentiality and mutual authentication properties of the protocol, and show, for the first time, that breaking the privacy property may lead to attacks on the security properties of radio frequency identification (RFID) authentication protocols. Finally, we present a countermeasure to fix the flaws and make a brief security analysis of the improved protocol.
References
-
-
1)
-
Vaudenay, S.: `On privacy models for RFID', The 13th Annual Int. Conf. on Theory and Application of Cryptology and Information Security, December 2007, Sarawak, MALAYSIA, p. 68–87.
-
2)
-
van Deursen, T., Mauw, S., Radomirović, S.: `Untraceability of RFID protocols', Proc. of the 2nd IFIP WG 11.2 Int. Conf. on Information Security Theory and Practices: Smart Devices, Convergence and Next Generation Networks, May 2008, Sevilla, Spain, p. 1–15.
-
3)
-
Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: `Security and privacy aspects of low-cost radio frequency identification systems', The First Int. Conf. on Security in Pervasive Computing, March 2003, Boppard, Germany, p. 201–212.
-
4)
-
Ohkubo, M., Suzuki, K., Kinoshita, S.: `Cryptographic approach to privacy-friendly tags', RFID Privacy Workshop, 2003, USA, MIT, p. 1–9.
-
5)
-
T.J. Cao ,
E. Bertino ,
H. Lei
.
Security analysis of the SASI protocol.
IEEE Trans. Dependable Secur. Comput.
,
1 ,
73 -
77
-
6)
-
Deng, R.H., Li, Y., Yao, A.C., Yung, M., Zhao, Y.: `A new framework for RFID privacy', Proc. 15th European Symp. on Research in Computer Security, September 2010, Athens, Greece, p. 1–18.
-
7)
-
Suh, G.E., Devadas, S.: `Physical unclonable functions for device authentication and secret key generation', Proc. 44th annual Design Automation Conf., June 2007, San Diego, USA, p. 9–14.
-
8)
-
Peris-Lopez, P., Hernandez-Castro, J., Estevez-Tapiador, J., Ribagorda, A.: `LMAP: a real lightweight mutual authentication protocol for low-cost RFID tags', Workshop on RFID Security 2006, July 2006, Graz, Austria, p. 1–12.
-
9)
-
D. Dolev ,
A.C. Yao
.
On the security of public key protocols.
IEEE Trans. Inf. Theory
,
2 ,
198 -
207
-
10)
-
Li, T., Wang, G.: `Security analysis of two ultra-lightweight RFID authentication protocols', IFIP TC-11 22nd Int. Information Security Conf., May 2007, Sandton, South Africa, p. 109–120.
-
11)
-
Kulseng, L., Yu, Z., Wei, Y., Guan, Y.: `Lightweight mutual authentication and ownership transfer for RFID systems', Proc. 29th Conf. on Computer Communications, March 2010, San Diego, USA, p. 1–5.
-
12)
-
Paise, R., Vaudenay, S.: `Mutual authentication in RFID: security and privacy', Proc. 2008 ACM Symp. on Information, Computer and Communications Security, March 2008, Tokyo, Japan, p. 292–299.
-
13)
-
Avoine, G.: `Adversarial model for radio frequency identification', Technical Report, 2006.
-
14)
-
R.C.W. Phan
.
Cryptanalysis of a new ultralightweight RFID authentication protocol–SASI.
IEEE Trans. Dependable Secur. Comput.
,
4 ,
316 -
320
-
15)
-
van Deursen T., Radomirović S.: ‘Attacks on RFID protocols’. Available at http://eprint.iacr.org/2008/.
-
16)
-
Avoine, G., Dysli, E., Oechslin, P.: `Reducing time complexity in RFID systems', The 12th Int. Workshop on Selected Areas in Cryptography, August 2005, Kingston, Canada, p. 291–306.
-
17)
-
Lee, Y.C., Hsieh, Y.C., You, P.S., Chen, T.C.: `A new ultralightweight RFID protocol with mutual authentication', 2009 WASE Int. Conf. on Information Engineering, July 2009, Shanxi, China, p. 58–61.
-
18)
-
H.Y. Chien
.
SASI: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity.
IEEE Trans. Dependable Secur. Comput.
,
4 ,
337 -
340
-
19)
-
van Deursen, T., Mauw, S., Radomirović, S., Vullers, P.: `Secure ownership and ownership transfer in RFID systems', Proc. 14th European Symp. on Research in Computer Security, September 2009, Saint Malo, France, p. 637–654.
-
20)
-
Sadeghi, A.R., Visconti, I., Wachsmann, C.: `PUF-enhanced RFID security and privacy', Workshop on Secure Component and System Identification, April 2010, Cologne, Germany, p. 1–15.
-
21)
-
M. Burmester ,
J. Munilla
.
Lightweight RFID authentication with forward and backward security.
ACM Trans. Inf. Syst. Secur.
,
1 ,
11 -
37
-
22)
-
van Deursen, T., Radomirović, S.: `Security of an RFID protocol for supply chains', Proc. of the 2008 IEEE Int. Conf. on e-Business Engineering, October 2008, Xi'an, China, p. 568–573.
-
23)
-
H.M. Sun ,
W.C. Ting ,
K.H. Wang
.
On the security of Chiens ultralightweight RFID authentication protocol.
IEEE Trans. Dependable Secur. Comput.
,
1 ,
315 -
317
-
24)
-
Yeh, K.H., Lo, N., Winata, E.: `An efficient ultralightweight authentication protocol for RFID systems', The 2010 Workshop on RFID Security, February 2010, Singapore, p. 49–60.
-
25)
-
F. Thornton ,
B. Haines ,
A.M. Das ,
H. Bhargava ,
A. Campbell
.
(2006)
RFID security.
-
26)
-
A. Juels
.
RFID security and privacy: a research survey.
IEEE J. Sel. Areas Commun.
,
2 ,
381 -
394
-
27)
-
Peris-Lopez, P., Hernandez-Castro, J., Estevez-Tapiador, J., Ribagorda, A.: `EMAP: an efficient mutual–authentication protocol for low-cost RFID tags', On the Move to Meaningful Internet Systems 2006, November 2006, Montpellier, France, p. 352–361.
-
28)
-
Li, T., Deng, R.: `Vulnerability analysis of EMAP – an efficient RFID mutual authentication protocol', The Second Int. Conf. on Availability, Reliability and Security, April 2007, Vienna, Austria, p. 238–245.
-
29)
-
A. Juels ,
S. Weis
.
Defining strong privacy for RFID.
ACM Trans. Inf. Syst. Secur.
,
1 ,
7 -
30
-
30)
-
Henrici, D., Muller, P.: `Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers', The Second IEEE Annual Conf. on Pervasive Computing and Communication Workshops, March 2004, Washington, DC, USA, p. 149–153.
-
31)
-
A.J. Menezes ,
P.C. van Oorschot ,
S.A. Vanstone
.
(1996)
Stream ciphers, Handbook of applied cryptography.
-
32)
-
David, M., Prasad Neeli, R.: `Providing strong security and high privacy in low-cost RFID networks', The First Int. ICST Conf. on Security and Privacy in Mobile Information and Communication Systems, June 2009, Turin, Italy, p. 172–179.
-
33)
-
Peris-Lopez, P., Hernandez-Castro, J., Estevez-Tapiador, J., Ribagorda, A.: `M', The Third Int. Conf. on Ubiquitous Intelligence and Computing, September 2006, Wuhan, China, p. 912–923.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2010.0230
Related content
content/journals/10.1049/iet-ifs.2010.0230
pub_keyword,iet_inspecKeyword,pub_concept
6
6