Skip to main content
SpringerLink
Log in

On the Security of Tan et al. Serverless RFID Authentication and Search Protocols

  • Conference paper
Book cover Radio Frequency Identification. Security and Privacy Issues (RFIDSec 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7739))

Abstract

In this paper, we analyze the security of the mutual authentication and search protocols recently proposed by Tan et al. [20]. Our security analysis clearly highlights important security pitfalls in these. More precisely, privacy location of the tags’ holder is compromised by the authentication protocol. Moreover, the static identifier which represents the most valuable information that a tag supposedly transmits in a secure way, can be exposed by an adversary when the authentication protocol is used in combination with one of the search protocols. Finally, we point out how the improved search protocols are vulnerable to traceability attacks, and show the way an attacker can impersonate a legitimate tag.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Needham, R.M.: Prudent Engineering Practice for Cryptographic Protocols. IEEE Trans. Software Eng. 22(1), 6–15 (1996)

    Article  Google Scholar 

  2. Black, J., Rogaway, P., Shrimpton, T.: Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–335. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  3. Phan, R.C.-W.: Cryptanalysis of a New Ultralightweight RFID Authentication Protocol –SASI. IEEE Transactions on Dependable and Secure Computing 6, 316–320 (2009)

    Article  Google Scholar 

  4. Damgård, I.B.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)

    Google Scholar 

  5. Davies, D.W., Price, W.L.: The Application of Digital Signatures Based on Public-Key Cryptosystems. In: Proc. Fifth Intl. Computer Communications Conference, pp. 525–530 (October 1980)

    Google Scholar 

  6. Dean, R.D.: Formal Aspects of Mobile Code Security. PhD thesis, Princeton University (1999)

    Google Scholar 

  7. Feldhofer, M., Rechberger, C.: A Case Against Currently Used Hash Functions in RFID Protocols. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM Workshops 2006. LNCS, vol. 4277, pp. 372–381. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  8. FIPS. Secure Hash Standard. National Institute for Standards and Technology, pub-NIST:adr (August 2002)

    Google Scholar 

  9. Gauravaram, P., Knudsen, L.R.: On Randomizing Hash Functions to Strengthen the Security of Digital Signatures. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 88–105. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  10. Halevi, S., Krawczyk, H.: Strengthening Digital Signatures Via Randomized Hashing. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 41–59. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  11. Juels, A.: Strengthening EPC Tags Against Cloning. In: Proc. of WiSe 2005, pp. 67–76. ACM Press (2005)

    Google Scholar 

  12. Juels, A., Weis, S.: Defining Strong Privacy for RFID. In: Proc. of PerCom 2007, pp. 342–347. IEEE Computer Society Press (2007)

    Google Scholar 

  13. Kelsey, J., Schneier, B.: Second Preimages on n-Bit Hash Functions for Much Less than 2n Work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  14. Lai, X., Massey, J.L.: Hash Functions Based on Block Ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  15. Merkle, R.C.: One Way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)

    Google Scholar 

  16. National Institute of Standards and Technology. Secure hash standard (SHS). FIPS Publication 180 (May 1993)

    Google Scholar 

  17. Preneel, B.: Analysis and Design of Cryptographic Hash Functions. Thesis (Ph.D.), Katholieke Universiteit Leuven, Leuven, Belgium (January 1993)

    Google Scholar 

  18. Preneel, B., Govaerts, R., Vandewalle, J.: Hash Functions Based on Block Ciphers: A Synthetic Approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  19. Rivest, R.L.: RFC 1321: The MD5 Message-Digest Algorithm. Internet Activities Board (April 1992)

    Google Scholar 

  20. Tan, C.C., Sheng, B., Li, Q.: Secure and Serverless RFID Authentication and Search Protocols. IEEE Transactions on Wireless Communications 7(4), 1400–1407 (2008)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical Engineering, Iran University of Science and Technology (IUST), Tehran, Iran

    Masoumeh Safkhani & Majid Naderi

  2. Computer Security Lab (COSEC), Carlos III University of Madrid, Spain

    Pedro Peris-Lopez

  3. Department of Electrical Engineering, Shahid Rajaee Teachers Training University, Tehran, Iran

    Nasour Bagheri

  4. School of Computing, University of Portsmouth, UK

    Julio Cesar Hernandez-Castro

Authors
  1. Masoumeh Safkhani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pedro Peris-Lopez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nasour Bagheri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Majid Naderi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Julio Cesar Hernandez-Castro
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Computing and Information Sciences, Department of Digital Security, Radboud University Nijmegen, Heyendaalseweg 135, 6525 AJ, Nijmegen, The Netherlands

    Jaap-Henk Hoepman

  2. Electrical Engineering Department, K.U. Leuven, ESAT - SCD/COSIC, Kasteelpark 10, 3001, Heverlee, Belgium

    Ingrid Verbauwhede

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Safkhani, M., Peris-Lopez, P., Bagheri, N., Naderi, M., Hernandez-Castro, J.C. (2013). On the Security of Tan et al. Serverless RFID Authentication and Search Protocols. In: Hoepman, JH., Verbauwhede, I. (eds) Radio Frequency Identification. Security and Privacy Issues. RFIDSec 2012. Lecture Notes in Computer Science, vol 7739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36140-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-36140-1_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-36139-5

  • Online ISBN: 978-3-642-36140-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation