Abstract
Eghdamian and Samsudin published at ICIEIS 2011 an ultralightweight mutual authentication protocol that requires few bitwise operations. The simplicity of the design makes the protocol very suitable to low-cost RFID tags. However, we demonstrate in this paper that the long-term key shared by the reader and the tag can be recovered by an adversary with a few eavesdropped sessions only.
Additionally, we provide the backbone of some attacks on a series of similar recent protocols, and highlight important common weaknesses in the design of ultralightweight protocols.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Avoine, G., Carpent, X., Martin, B.: Strong Authentication and Strong Integrity (SASI) Is Not That Strong. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 50–64. Springer, Heidelberg (2010)
Avoine, G., Carpent, X., Martin, B.: Privacy-friendly synchronized ultralightweight authentication protocols in the storm. Journal of Network and Computer Applications 35(2), 826–843 (2012)
Bárász, M., Boros, B., Ligeti, P., Lója, K., Nagy, D.: Breaking LMAP. In: Conference on RFID Security, Malaga, Spain (July 2007)
Bassil, R., El-Beaino, W., Itani, W., Kayssi, A., Chehab, A.: PUMAP: A PUF-based ultra-lightweight mutual-authentication RFID protocol. International Journal of RFID Security and Cryptography 1(1), 58–66 (2012)
Bosley, C., Haralambiev, K., Nicolosi, A.: HBN: An HB-like protocol secure against man-in-the-middle attacks. Cryptology ePrint Archive, Report 2011/350 (2011)
Chien, H.-Y.: SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity. IEEE Transactions on Dependable and Secure Computing 4(4), 337–340 (2007)
Eghdamian, A., Samsudin, A.: A Secure Protocol for Ultralightweight Radio Frequency Identification (RFID) Tags. In: Abd Manaf, A., Zeki, A., Zamani, M., Chuprat, S., El-Qawasmeh, E. (eds.) ICIEIS 2011. CCIS, vol. 251, pp. 200–213. Springer, Heidelberg (2011)
Gurubani, J.B., Thakkar, H., Patel, D.R.: Improvements over Extended LMAP+: RFID Authentication Protocol. In: Dimitrakos, T., Moona, R., Patel, D., McKnight, D.H. (eds.) IFIPTM 2012. IFIP AICT, vol. 374, pp. 225–231. Springer, Heidelberg (2012)
Lee, Y.-C.: Two ultralightweight authentication protocols for low-cost RFID tags. Applied Mathematics and Information Sciences 6(2S), 425–431 (2012)
Ning, H., Liu, H., Yang, C.: Ultralightweight RFID authentication protocol based on random partitions of pseudorandom identifier and pre-shared secret value. Chinese Journal of Electronics 20(4), 701–707 (2011)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags. In: Workshop on RFID Security – RFIDSec 2006, Graz, Austria (July 2006); Ecrypt
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., van der Lubbe, J.C.A.: Security Flaws in a Recent Ultralightweight RFID Protocol. In: Workshop on RFID Security – RFIDSec Asia 2010. Cryptology and Information Security, vol. 4, pp. 83–93. IOS Press, Singapore (2010)
Tian, Y., Chen, G., Li, J.: A new ultralightweight RFID authentication protocol with permutation. IEEE Communications Letters 16(5), 702–705 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Avoine, G., Carpent, X. (2013). Yet Another Ultralightweight Authentication Protocol That Is Broken. In: Hoepman, JH., Verbauwhede, I. (eds) Radio Frequency Identification. Security and Privacy Issues. RFIDSec 2012. Lecture Notes in Computer Science, vol 7739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36140-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-36140-1_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36139-5
Online ISBN: 978-3-642-36140-1
eBook Packages: Computer ScienceComputer Science (R0)