Top

Published in:

2018 | OriginalPaper | Chapter

Design Weaknesses in Recent Ultralightweight RFID Authentication Protocols

Authors : P. D’Arco, R. De Prisco

Published in: ICT Systems Security and Privacy Protection

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In this paper we focus our attention on the design of several recently proposed ultralightweight authentication protocols and show that the underlying methodology is not sound. Indeed, the common feature of these protocols lies in the use of transforms, which are the main building blocks. We analyze these transforms and show that all of them present some weaknesses, which can be essentially reduced to poor confusion and diffusion in the input-output mappings. Then, exploiting the weaknesses of the transforms, we describe impersonation attacks against the ultralightweight authentication protocols in which they are used: precisely, RCIA, KMAP, SLAP, and SASI\(^{+}\). On average, an attack requires a constant number of interactions with the targeted tag, compared to the allegedly needed exponential number in the informal security analysis. Moreover, since the weaknesses are in the transforms, the attack strategies we describe can be used to subvert any other protocol that uses the same transforms or closely-related ones.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

next chapter CPMap: Design of Click-Points Map-Based Graphical Password Authentication

We refer the interested reader to [2] for an overview of the previous work on ultralightweight authentication protocols.

Notice that the \(\mathtt{Rot}(x,y)\) operation is equal to the CRshift(x’, s) used in the previous transform. To keep the same notations used in the original papers we are analyzing, we have maintained both of them.

Notice that in this case we are numbering the bits from left to right in descending order. This is to maintain the same notation used in [4].

This feature, however, if implemented, exposes the Tag to an easy DoS attack.

Armknecht, F., Hamann, M., Mikhalev, V.: Lightweight authentication protocols on ultra-constrained RFIDs - myths and facts. In: Saxena, N., Sadeghi, A.-R. (eds.) RFIDSec 2014. LNCS, vol. 8651, pp. 1–18. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13066-8_1CrossRef

Avoine, G., Carpenter, X., Hernandez-Castro, J.: Pitfalls in ultralightweight authentication protocol designs. IEEE Trans. Mob. Comput. 15(9), 2317–2332 (2016)CrossRef

D’Arco, P., De Santis, A.: On ultralightweight RFID authentication protocols. IEEE Trans. Dependable Secure Comput. 8(4), 548–563 (2011)CrossRef

Luo, H., Wen, G., Su, J., Huang, Z.: SLAP: succint and lightweight authentication protocol for low-cost RFID system. Wirel. Netw. 24(1), 69–78 (2016)CrossRef

Mujahid, U., Najam-ul-Islam, M., Sarwar, S.: A new ultralightweight RFID authentication protocol for passive low cost tags: KMAP. Wirel. Pers. Commun. 94(3), 725–744 (2016)CrossRef

Mujahid, U., Najam-ul-Islam, M., Ali Shami, M.: RCIA: a new ultralightweight RFID authentication protocol using recursive hash. Int. J. Distrib. Sens. Netw. 11(1), 1–8 (2015). https://doi.org/10.1155/2015/642180CrossRef

Mujahid, U., Najam-ul-Islam, M., Raza Jafri, A., Qurat-ulAin, Ali Shami, M.: A new ultralightweight RFID mutual authentication protocol: SASI using recursive hash. Int. J. Distrib. Sens. Netw. 12(2), 1–14 (2016)CrossRef

Safkhani M., Bagheri, N.: Generalized Desynchronization Attack on UMAP: Application to RCIA, KMAP, SLAP and SASI\(^+\) Protocols. Available at https://eprint.iacr.org, 2016/905 (2016)

Title: Design Weaknesses in Recent Ultralightweight RFID Authentication Protocols
Authors: P. D’Arco
R. De Prisco
Publisher: Springer International Publishing
Book: ICT Systems Security and Privacy Protection
Print ISBN: 978-3-319-99827-5

Electronic ISBN: 978-3-319-99828-2

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-99828-2_1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner