Abstract
In this paper we show weaknesses in SASI, a new Ultra- Lightweight RFID Authentication Protocol, designed for providing Strong Authentication and Strong Integrity. We identify three attacks, namely, a de-synchronisation attack, through which an adversary can break the synchronisation between the RFID Reader and the Tag, an identity disclosure attack, through which an adversary can compute the identity of the Tag, and a full disclosure attack, which enables an adversary to retrieve all secret data stored in the Tag. The attacks are effective and efficient.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Avoine, G.: Bibliography on Security and Privacy in RFID Systems, Massachusetts Institute of Technology, Cambridge, Massachusetts, USA (last update in Jun 2007), Available online at: http://lasecwww.epfl.ch/~gavoine/rfid/
Chien, H.: SASI: A new Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity. IEEE Transactions on Dependable and Secure Computing 4(4), 337–340 (2007)
Chien, H., Hwang, C.: Security of ultra-lightweight RFID authentication protocols and its improvements. ACM SIGOPS Operating Systems Review 41(4), 83–86 (2007)
Juels, A.: The Vision of Secure RFID. Proceedings of the IEEE 95(8), 1507–1508 (2007)
Juels, A., Pappu, R., Garfinkel, S.: RFID Privacy: An Overview of Problems and Proposed Solutions. IEEE Security and Privacy 3(3), 34–43 (2005)
Li, T., Deng, R.: Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol. In: Proc. of the The Second International Conference on Availability, Reliability and Security, pp. 238–245 (2007)
Li, T., Wang, G.: Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols. In: Proc. of the 22-nd IFIP SEC 2007 (May 2007)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags. In: Proc. of the Second Workshop RFID Security, July11-14, Graz University of Technology (2006)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 352–361. Springer, Heidelberg (2006)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 912–923. Springer, Heidelberg (2006)
Sun, H., Ting, W., Wang, K.: On the Security of Chien’s Ultralightweight RFID Authentication Protocol, eprint archieve, report 83 (February 25, 2008)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
D’Arco, P., De Santis, A. (2008). Weaknesses in a Recent Ultra-Lightweight RFID Authentication Protocol. In: Vaudenay, S. (eds) Progress in Cryptology – AFRICACRYPT 2008. AFRICACRYPT 2008. Lecture Notes in Computer Science, vol 5023. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68164-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-68164-9_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68159-5
Online ISBN: 978-3-540-68164-9
eBook Packages: Computer ScienceComputer Science (R0)