Abstract
In 2010, Yeh, Lo and Winata [1] proposed a process-oriented ultralightweight RFID authentication protocol. This protocol is claimed to provide strong security and robust privacy protection, while at the same time the usage of resources on tags is optimized. Nevertheless, in this paper we show how the protocol does not achieve any of its intended security objectives; the main result is that the most valuable information stored on the tag, that is, the static identifier ID, is easily recovered even by a completely passive attacker in a number of ways. More precisely, we start by presenting a traceability attack on the protocol that allows tags to be traced. This essentially exploits the fact that the protocol messages leak out at least one bit of the static identifier. We then present a passive attack (named Norwegian attack) that discloses \(\lfloor \log_2 L \rfloor\) bits of the ID, after observing roughly O(L) authentication sessions. Although this attack may seem less feasible in retrieving the full 96-bits of the ID due to the large number of eavesdropped sessions involved, it is already powerful enough to serve as a basis for a very effective traceability attack. Finally, our last attack represents a step forward in the use of a recent cryptanalysis technique (called Tango attack [2]), which allows for an extremely efficient full disclosure attack, capable of revealing the value of the whole ID after eavesdropping only a very small number of sessions.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Yeh, K.-H., Lo, N.W., Winata, E.: An Efficient Ultralightweight Authentication Protocol for RFID Systems. In: Proc. of RFIDSec Asia 2010. Cryptology and Information Security Series, vol. 4, pp. 49–60. IOS Press, Amsterdam (2010)
Hernandez-Castro, J.C., Peris-Lopez, P., Phan, R.C.-W., Tapiador, J.M.E.: Cryptanalysis of the David-Prasad RFID Ultralightweight Authentication Protocol. In: Proc. of Workshop on RFID Security 2010 (2010)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In: Hand. of Workshop on RFID and Lightweight Crypto (2006)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 912–923. Springer, Heidelberg (2006)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: An efficient mutual-authentication protocol for low-cost RFID tags. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 352–361. Springer, Heidelberg (2006)
Hernandez-Castro, J.C., Tapiador, J.E., Peris, P., Li, T., Quisquater, J.-J.: Cryptanalysis of the SASI Ultralightweight RFID Authentication Protocol with Modular Rotations. In: Proc. of WCC 2009, May 10-15 (2009)
Li, T., Wang, G.: Security analysis of two ultra-lightweight RFID authentication protocols. In: Proc. of IFIP-SEC 2007 (2007)
Chien, H.Y., Huang, C.-W.: Security of ultra-lightweight RFID authentication protocols and its improvements. SIGOPS Oper. Syst. Rev. 41(4), 83–86 (2007)
Bárász, M., Boros, B., Ligeti, P., Lója, K., Nagy, D.: Breaking LMAP. In: Proc. of RFIDSec 2007 (2007)
Bárász, M., Boros, B., Ligeti, P., Lója, K., Nagy, D.: Passive attack against the M2AP mutual authentication protocol for RFID tags. In: Proc. of First International EURASIP Workshop on RFID Technology (2007)
Chien, H.-Y.: SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing 4(4), 337–340 (2007)
Cao, T., Bertino, E., Lei, H.: Security Analysis of the SASI Protocol. IEEE Transactions on Dependable and Secure Computing 6(1), 73–77 (2009)
D’Arco, P., De Santis, A.: Weaknesses in a Recent Ultra-Lightweight RFID Authentication Protocol. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 27–39. Springer, Heidelberg (2008)
Phan, R.: Cryptanalysis of a new ultralightweight RFID authentication protocol - SASI. IEEE Transactions on Dependable and Secure Computing 6(4), 316–320 (2009)
Peris-Lopez, P., Hernandez-Castro, J.C., Tapiador, J.M.E., Ribagorda, A.: Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 56–68. Springer, Heidelberg (2009)
Yeh, K.-H., Lo, N.W.: Improvement of Two Lightweight RFID Authentication Protocols. Information Assurance and Security Letters (2010) (in press)
GS1 EPCglobal. EPCglobal Tag Data Standards Version 1.4, http://www.epcglobalinc.org/standards/ (ratified on June 2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Peris-Lopez, P., Hernandez-Castro, J.C., Phan, R.C.W., Tapiador, J.M.E., Li, T. (2011). Quasi-Linear Cryptanalysis of a Secure RFID Ultralightweight Authentication Protocol. In: Lai, X., Yung, M., Lin, D. (eds) Information Security and Cryptology. Inscrypt 2010. Lecture Notes in Computer Science, vol 6584. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21518-6_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-21518-6_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21517-9
Online ISBN: 978-3-642-21518-6
eBook Packages: Computer ScienceComputer Science (R0)