Skip to main content
SpringerLink
Log in

Implementation of secret disclosure attack against two IoT lightweight authentication protocols

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Recently, security of the Internet of things on mobile phones, especially the fifth generation (5G), has attracted much attention. In this regard, state-of-the-art authentication protocols have been proposed with their focus on lightweight computations while preserving strong security. However, it has been shown that there are several attacks against these protocols, including denial of service, impersonation and desynchronization. In this paper, we present a secret disclosure attack which can be applied to many of these lightweight protocols that rely on rotation function. The complexity of our attack is only two consecutive protocol runs and with the success probability of “1”. We also implement our proposed attack on two existing protocols to show its correctness. It is obvious that with revealing secret values, all other attacks can be applied.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Aghili SF, Ashouri-Talouki M, Mala H (2017) DoS, impersonation and de-synchronization attacks against an ultra-lightweight RFID mutual authentication protocol for IOT. J Supercomput 74:509–525

    Article  Google Scholar 

  2. Aghili SF, Mala H (2017) Security analysis of an ultra-lightweight RFID authentication protocol for m-commerce. Technical Report, IACR Cryptology ePrint Archive 2017:547

  3. Al-Fuqaha A, Guizani M, Mohammadi M, Aledhari M, Ayyash M (2015) Internet of Things: a survey on enabling technologies, protocols, and applications. IEEE Commun Surv Tutor 17(4):2347–2376 (Fourthquarter)

    Article  Google Scholar 

  4. Amin R, Kumar N, Biswas G, Iqbal R, Chang V (2018) A light weight authentication protocol for IoT-enabled devices in distributed cloud computing environment. Future Gener Comput Syst 78:1005–1019

    Article  Google Scholar 

  5. Bae W-S (2017) Verifying a secure authentication protocol for IoT medical devices. Cluster Comput. https://doi.org/10.1007/s10586-017-1107-x

    Article  Google Scholar 

  6. Beaulieu R, Treatman-Clark S, Shors D, Weeks B, Smith J, Wingers L (2015) The SIMON and SPECK lightweight block ciphers. In: Design Automation Conference (DAC), 2015 52nd ACM/EDAC/IEEE. IEEE, pp 1–6

  7. Beierle C, Jean J, Kölbl S, Leander G, Moradi A, Peyrin T, Sasaki Y, Sasdrich P, Sim SM (2016) The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw M, Katz J (eds) Advances in Cryptology—CRYPTO 2016—36th Annual International Cryptology Conference, Santa Barbara, CA, USA, 14–18 Aug 2016, Proceedings, Part II, Volume 9815 of Lecture Notes in Computer Science. Springer, pp 123–153

    Chapter  Google Scholar 

  8. Bilal Z, Masood A, Kausar F (2009) Security analysis of ultra-lightweight cryptographic protocol for low-cost RFID tags: Gossamer protocol. In: International Conference on Network-Based Information Systems, 2009. NBIS’09. IEEE, pp 260–267

  9. Bogdanov A, Knudsen L.R, Leander G, Paar C, Poschmann A, Robshaw M.J, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultra-lightweight block cipher. In: CHES, vol 4727. Springer, pp 450–466

  10. Cao T, Bertino E, Lei H (2009) Security analysis of the SASI protocol. IEEE Trans Dependable Secure Comput 6(1):73–77

    Article  Google Scholar 

  11. Chien H-Y (2007) SASI: a new ultralightweight rfid authentication protocol providing strong authentication and strong integrity. IEEE Trans Dependable Secure Comput 4(4):337–340

    Article  Google Scholar 

  12. Fan K, Ge N, Gong Y, Li H, Su R, Yang Y (2017) An ultra-lightweight RFID authentication scheme for mobile commerce. Peer-to-Peer Netw Appl 10:368–376

    Article  Google Scholar 

  13. Fan K, Gong Y, Liang C, Li H, Yang Y (2016) Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for IoT in 5G. Secur Commun Netw 9(16):3095–3104

    Article  Google Scholar 

  14. Fan K, Wang W, Jiang W, Li H, Yang Y (2017) Secure ultra-lightweight RFID mutual authentication protocol based on transparent computing for IoV. Peer-to-Peer Netw Appl 11:723–734

    Article  Google Scholar 

  15. Giuliano R, Mazzenga F, Neri A, Vegni AM (2017) Security access protocols in IoT capillary networks. IEEE Internet Things J 4(3):645–657

    Article  Google Scholar 

  16. Gope P, Amin R, Islam SH, Kumar N, Bhalla VK (2017) Lightweight and privacy-preserving RFID authentication scheme for distributed IoT infrastructure with secure localization services for smart city environment. Future Gener Comput Syst 83:629–637

    Article  Google Scholar 

  17. Hernandez-Castro JC, Tapiador JM, Peris-Lopez P, Quisquater J-J (2008) Cryptanalysis of the sasi ultralightweight RFID authentication protocol with modular rotations. arXiv preprint arXiv:0811.4257

  18. Jan MA, Khan F, Alam M, Usman M (2017) A payload-based mutual authentication scheme for Internet of Things. Future Gener Comput Syst. https://doi.org/10.1016/j.future.2017.08.035

    Article  Google Scholar 

  19. Lin J, Yu W, Zhang N, Yang X, Zhang H, Zhao W (2017) A survey on Internet of Things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet Things J 4:1125–1142

    Article  Google Scholar 

  20. Peris-Lopez P, Hernandez-Castro JC, Tapiador JM, Ribagorda A (2008) Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In: International Workshop on Information Security Applications. Springer, pp 56–68

  21. Phan RC-W (2009) Cryptanalysis of a new ultralightweight RFID authentication protocol SASI. IEEE Trans Dependable Secure Comput 6(4):316–320

    Article  Google Scholar 

  22. Ronen E, Shamir A, Weingarten AO, O’Flynn C (2017) Iot goes nuclear: creating a ZigBee chain reaction. In: 2017 IEEE Symposium on Security and Privacy (SP), pp 195–212

  23. Safkhani M, Bagheri N (2016) Generalized desynchronization attack on UMAP: application to RCIA, KMAP, SLAP and SASI\(^+\) protocols. IACR Cryptology ePrint Archive 2016:905

  24. Safkhani M, Bagheri N (2017) Passive secret disclosure attack on an ultralightweight authentication protocol for internet of things. J Supercomput 73(8):3579–3585

    Article  Google Scholar 

  25. Safkhani M, Bagheri N, Hosseinzadeh M, Namin ME, Rostampour S (2015) On the (im) possibility of receiving security beyond 2l using an l-bit PRNG: the case of Wang et al. protocol. IACR Cryptology ePrint Archive 2015:365

  26. Safkhani M, Bagheri N, Hosseinzadeh M, Namin ME, Rostampour S (2017) On the security of an RFID-based parking lot management system. Int J Commun Syst. https://doi.org/10.1002/dac.3313

    Article  Google Scholar 

  27. Sciancalepore S, Piro G, Boggia G, Bianchi G (2017) Public key authentication and key agreement in IoT devices with minimal airtime consumption. IEEE Embed Syst Lett 9(1):1–4

    Article  Google Scholar 

  28. Shen J, Chang S, Shen J, Liu Q, Sun X (2018) A lightweight multi-layer authentication protocol for wireless body area networks. Future Gener Comput Syst 78:956–963

    Article  Google Scholar 

  29. Sicari S, Rizzardi A, Grieco LA, Coen-Porisini A (2015) Security, privacy and trust in Internet of Things: the road ahead. Comput Netw 76:146–164

    Article  Google Scholar 

  30. Song B, Cheong Y, Lee T, Jeong J (2017) Design and security analysis of improved identity management protocol for 5G/IoT networks. In: World Conference on Information Systems and Technologies. Springer, pp 311–320

  31. Sun H-M, Ting W-C, Wang K-H (2011) On the security of Chien’s ultralightweight rfid authentication protocol. IEEE Trans Dependable Secure Comput 8(2):315–317

    Article  Google Scholar 

  32. Taylor M, Reilly D, Lempereur B (2017) An access control management protocol for Internet of Things devices. Netw Secur 2017(7):11–17

    Article  Google Scholar 

  33. Teixeira FA, Pereira FMQ, Wong H-C, Nogueira JMS, Oliveira LB (2017) SIoT: securing Internet of Things through distributed systems analysis. Future Gener Comput Syst. https://doi.org/10.1016/j.future.2017.08.010

    Article  Google Scholar 

  34. Tewari A, Gupta BB (2017) Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. J Supercomput 73(3):1085–1102

    Article  Google Scholar 

  35. Wang K-H, Chen C-M, Fang W, Wu T-Y (2017) On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J Supercomput 74:65–70

    Article  Google Scholar 

  36. Wang K-H, Chen C-M, Fang W, Wu T-Y (2018) On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J Supercomput 74(1):65–70

    Article  Google Scholar 

  37. Wazid M, Das AK, Khan MK, Al-Ghaiheb AA-D, Kumar N, Vasilakos A (2017) Secure authentication scheme for medicine anti-counterfeiting system in IoT environment. IEEE Internet Things J 4:1634–1646

    Article  Google Scholar 

  38. Xie G, Chen Y, Li R, Li K (2018) Hardware cost design optimization for functional safety-critical parallel applications on heterogeneous distributed embedded systems. IEEE Trans Ind Inform 14(6):2418–2431

    Article  Google Scholar 

  39. Xie G, Chen Y, Liu Y, Li R, Li K (2018) Minimizing development cost with reliability goal for automotive functional safety during design phase. IEEE Trans Reliab 67(1):196–211

    Article  Google Scholar 

  40. Xie G, Zeng G, Kurachi R, Takada H, Li Z, Li R, Li K (2017) WCRT analysis of can messages in gateway-integrated in-vehicle networks. IEEE Trans Veh Technol 66(11):9623–9637

    Article  Google Scholar 

  41. Xie G, Zeng G, Li Z, Li R, Li K (2017) Adaptive dynamic scheduling on multi-functional mixed-criticality automotive cyber-physical systems. IEEE Trans Veh Technol 66(8):6676–6692

    Article  Google Scholar 

  42. Xie G, Zeng G, Liu Y, Zhou J, Li R, Li K (2018) Fast functional safety verification for distributed automotive applications during early design phase. IEEE Trans Ind Electrons 65(5):4378–4391

    Article  Google Scholar 

  43. Yan C, Xie H, Liu S, Yin J, Zhang Y, Dai Q (2018) Effective Uyghur language text detection in complex background images for traffic prompt identification. IEEE Trans Intell Transport Syst 19(1):220–229

    Article  Google Scholar 

  44. Yan C, Xie H, Yang D, Yin J, Zhang Y, Dai Q (2018) Supervised hash coding with deep neural network for environment perception of intelligent vehicles. IEEE Trans Intell Transport Syst 19(1):284–295

    Article  Google Scholar 

  45. Yan C, Zhang Y, Xu J, Dai F, Li L, Dai Q, Wu F (2014) A highly parallel framework for HEVC coding unit partitioning tree decision on many-core processors. IEEE Signal Process Lett 21(5):573–576

    Article  Google Scholar 

  46. Yan C, Zhang Y, Xu J, Dai F, Zhang J, Dai Q, Wu F (2014) Efficient parallel framework for HEVC motion estimation on many-core processors. IEEE Trans Circuits Syst Video Technol 24(12):2077–2089

    Article  Google Scholar 

  47. Zhou J, Cao Z, Dong X, Vasilakos AV (2017) Security and privacy for cloud-based IoT: challenges. IEEE Commun Mag 55(1):26–33

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported by Shahid Rajaee Teacher Training University.

Author information

Authors and Affiliations

  1. Computer Engineering Department, Shahid Rajaee Teacher Training University, Tehran, 16788-15811, Iran

    Masoumeh Safkhani & Mahyar Shariat

Authors
  1. Masoumeh Safkhani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mahyar Shariat
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Masoumeh Safkhani.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Safkhani, M., Shariat, M. Implementation of secret disclosure attack against two IoT lightweight authentication protocols. J Supercomput 74, 6220–6235 (2018). https://doi.org/10.1007/s11227-018-2538-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-018-2538-8

Keywords

Search

Navigation