Abstract
Over the past decade, besides authentication, ownership management protocols have been suggested to transfer or delegate the ownership of RFID tagged items. Recently, Niu et al. have proposed an authentication and ownership management protocol based on 16-bit pseudo random number generators and exclusive-or operations which both can be easily implemented on low-cost RFID passive tags in EPC global Class-1 Generation-2 standard. They claim that their protocol offers location and data privacy and also resists against desynchronization attack. In this paper, we analyze the security of their proposed authentication and ownership management protocol and show that the protocol is vulnerable to secret disclosure and desynchronization attacks. The complexity of most of the attacks is only two runs of the protocol and the success probability of the attacks is almost 1. We also proposed an improved version of the protocol which is secure against the attacks presented in this paper.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ahmadian, Z., Salmasizadeh, M., Aref, M.R.: Desynchronization attack on RAPP ultralightweight authentication protocol. Inf. Process. Lett. 113(7), 205–209 (2013)
Ahmadian, Z., Salmasizadeh, M., Aref, M.R.: Recursive linear and differential cryptanalysis of ultralightweight authentication protocols. IEEE Transactions on Information Forensics and Security 8(7), 1140–1151 (2013)
Avoine, G., Carpent, X.: Yet another ultralightweight authentication protocol that is broken. In: Hoepman, J.-H., Verbauwhede, I. (eds.) RFIDSec 2012. LNCS, vol. 7739, pp. 20–30. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36140-1_2
Avoine, G., Carpent, X., Martin, B.: Privacy-friendly synchronized ultralightweight authentication protocols in the storm. J. Netw. Comput. Appl. 35(2), 826–843 (2012)
Bagheri, N., Safkhani, M., Peris-Lopez, P., Tapiador, J.E.: Weaknesses in a new ultralightweight RFID authentication protocol with permutation - RAPP. Secur. Commun. Netw. 7(6), 945–949 (2014)
Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK lightweight block ciphers. In Proceedings of the 52nd Annual Design Automation Conference, San Francisco, CA, USA, June 7–11, 2015, p. 175. ACM (2015)
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74735-2_31
Class-1 generation 2 UHF air interface protocol standard version 1.2.0, Gen 2 (2008). http://www.epcglobalinc.org/standards/
D’Arco, P., Santis, A.: Weaknesses in a recent ultra-lightweight RFID authentication protocol. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 27–39. Springer, Heidelberg (2008). doi:10.1007/978-3-540-68164-9_3
D’Arco, P., Santis, A.D.: On ultralightweight RFID authentication protocols. IEEE Trans. Dependable Sec. Comput. 8(4), 548–563 (2011)
Doss, R., Zhou, W., Yu, S.: Secure RFID tag ownership transfer based on quadratic residues. IEEE Trans. Inf. Foren. Secur. 8(2), 390–401 (2013)
Falahati, A., Jannati, H.: All-or-nothing approach to protect a distance bounding protocol against terrorist fraud attack for low-cost devices. Electron. Commer. Res. 15(1), 75–95 (2015)
Jannati, H., Falahati, A.: Cryptanalysis and enhancement of a secure group ownership transfer protocol for RFID tags. In: Georgiadis, C.K., Jahankhani, H., Pimenidis, E., Bashroush, R., Al-Nemrat, A. (eds.) ICGS3/e-Democracy 2011. LNICST, vol. 99, pp. 186–193. Springer, Berlin, Heidelberg (2011). doi:10.1007/978-3-642-33448-1_26
Miles, S.B., Sarma, S.E., Williams, J.R.: RFID Technology and Applications. Cambridge University Press, New York (2011)
Niu, B., Zhu, X., Chi, H., Li, H.: Privacy and authentication protocol for mobile RFID systems. Wirel. Pers. Commun. 77(3), 1713–1731 (2014)
Niu, H., Taqieddin, E., Jagannathan, S.: EPC gen2v2 RFID standard authentication and ownership management protocol. IEEE Trans. Mob. Comput. 15(1), 137–149 (2016)
Peris-Lopez, P., Orfila, A., Mitrokotsa, A., van der Lubbe, J.C.A.: A comprehensive RFID solution to enhance inpatient medication safety. I. J. Med. Inf. 80(1), 13–24 (2011)
Phan, R.C.-W.: Cryptanalysis of a new ultralightweight RFID authentication protocol - SASI. IEEE Trans. Dependable Secure Comput. 6(4), 316–320 (2009)
Safkhani, M., Bagheri, N., Naderi, M.: A note on the security of IS-RFID, an inpatient medication safety. I. J. Med. Inf. 83(1), 82–85 (2014)
Sundaresan, S., Doss, R., Piramuthu, S., Zhou, W.: Secure tag search in RFID systems using mobile readers. IEEE Trans. Dependable Sec. Comput. 12(2), 230–242 (2015)
Yang, G., Zhu, B., Suder, V., Aagaard, M.D., Gong, G.: The Simeck family of lightweight block ciphers. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 307–329. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48324-4_16
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Safkhani, M., Jannati, H., Bagheri, N. (2017). Security Analysis of Niu et al. Authentication and Ownership Management Protocol. In: Hancke, G., Markantonakis, K. (eds) Radio Frequency Identification and IoT Security. RFIDSec 2016. Lecture Notes in Computer Science(), vol 10155. Springer, Cham. https://doi.org/10.1007/978-3-319-62024-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-62024-4_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-62023-7
Online ISBN: 978-3-319-62024-4
eBook Packages: Computer ScienceComputer Science (R0)