Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security and Cryptology

Inscrypt 2009: Information Security and Cryptology pp 383–392Cite as

Weaknesses in Two Recent Lightweight RFID Authentication Protocols

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6151))

Abstract

The design of secure authentication solutions for low-cost RFID tags is still an open and quite challenging problem, though many algorithms have been published lately. In this paper, we analyze two recent proposals in this research area. First, Mitra’s scheme is scrutinized, revealing its vulnerability to cloning and traceability attacks, which are among the security objectives pursued in the protocol definition [1]. Later, we show how the protocol is vulnerable against a full disclosure attack after eavesdropping a small number of sessions. Then, we analyze a new EPC-friendly scheme conforming to EPC Class-1 Generation-2 specification (ISO/IEC 180006-C), introduced by Qingling and Yiju [2]. This proposal attempts to correct many of the well known security shortcomings of the standard, and even includes a BAN logic based formal security proof. However, notwithstanding this formal security analysis, we show that Qingling et al.’s protocol offers roughly the same security as the standard they try to improve, is vulnerable to tag and reader impersonation attacks, and allows tag traceability.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Mitra, M.: Privacy for RFID systems to prevent tracking and cloning. International Journal of Computer Science and Network Security 8(1), 1–5 (2008)

    Google Scholar 

  2. Qingling, C., Yiju, Z., Yonghua, W.: A minimalist mutual authentication protocol for RFID system & BAN logic analysis. In: Proc. of CCCM 2008, pp. 449–453. IEEE Computer Society, Los Alamitos (2008)

    Google Scholar 

  3. Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  4. Juels, A., Weis, S.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)

    Google Scholar 

  5. Chien, H.Y.: SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans. Dependable Secur. Comput. 4(4), 337–340 (2007)

    Article  Google Scholar 

  6. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 56–68. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  7. EPCglobal: Class-1 generation 2 UHF air interface protocol standard version 1.2.0: Gen 2 (2008), http://www.epcglobalinc.org/standards/

  8. Chien, H., Chen, C.: Mutual authentication protocol for RFID conforming to EPC class-1 generation-2 standards. Computer Standards and Interfaces 29(2), 254–259 (2007)

    Article  MathSciNet  Google Scholar 

  9. Han, D., Kwon, D.: Vulnerability of an RFID authentication protocol conforming to EPC Class 1 Generation 2 Standards. Computer Standards and Interfaces 31(4), 648–652 (2009)

    Article  Google Scholar 

  10. Lim, T., Li, T.: Addressing the weakness in a lightweight RFID tag-reader mutual authentication scheme. In: Proc. of the IEEE Int’l Global Telecommunications Conference - GLOBECOM 2007, pp. 59–63. IEEE Computer Society Press, Los Alamitos (2007)

    Chapter  Google Scholar 

  11. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: Cryptanalysis of a novel authentication protocol conforming to EPC-C1G2 standard. Computer Standards and Interfaces 31(2), 372–380 (2009)

    Article  Google Scholar 

  12. Juels, A., Weis, S.: Defining strong privacy for RFID. In: Proc. of PerCom 2007, pp. 342–347. IEEE Computer Society Press, Los Alamitos (2007)

    Google Scholar 

  13. Phan, R.: Cryptanalysis of a new ultralightweight RFID authentication protocol - SASI. IEEE Transactions on Dependable and Secure Computing (2008), doi:10.1109/TDSC.2008.33

    Google Scholar 

  14. EPCglobal: EPC Tag data standard version 1.4. (2008), http://www.epcglobalinc.org/standards/

  15. Hardy, G.H., Wright, E.M.: An Introduction to the Theory of Numbers, 6th edn. Oxford University Press, Oxford (2008)

    MATH  Google Scholar 

  16. Anarchriz: CRC and how to reverse it (1999), http://www.woodmann.com/fravia/crctut1.htm

  17. Ranasinghe, D.C.: Lightweight Cryptography for Low Cost RFID. In: Networked RFID Systems and Lightweight Cryptography, pp. 311–346. Springer, Heidelberg (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information and Communication, Delft University of Technology,  

    Pedro Peris-Lopez & Jan C. A. van der Lubbe

  2. School of Computing, University of Portsmouth,  

    Julio C. Hernandez-Castro

  3. Department of Computer Science, University of York,  

    Juan M. E. Tapiador

  4. Institute for Infocomm Research, A*STAR Singapore,  

    Tieyan Li

Authors
  1. Pedro Peris-Lopez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Julio C. Hernandez-Castro
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Juan M. E. Tapiador
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tieyan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jan C. A. van der Lubbe
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Infocomm Research, Singapore

    Feng Bao

  2. Google Inc. and Computer Science Department, Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA

    Moti Yung

  3. Institute of Software, SKLOIS, Chinese Academy of Sciences, 100190, Beijing, China

    Dongdai Lin

  4. SKLOIS, Graduate University of Chinese Academy of Sciences, 19A Yuquan Road, 100049, Beijing, China

    Jiwu Jing

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Peris-Lopez, P., Hernandez-Castro, J.C., Tapiador, J.M.E., Li, T., van der Lubbe, J.C.A. (2010). Weaknesses in Two Recent Lightweight RFID Authentication Protocols. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds) Information Security and Cryptology. Inscrypt 2009. Lecture Notes in Computer Science, vol 6151. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16342-5_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16342-5_28

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16341-8

  • Online ISBN: 978-3-642-16342-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation