Abstract
Recently, security of the Internet of things on mobile phones, especially the fifth generation (5G), has attracted much attention. In this regard, state-of-the-art authentication protocols have been proposed with their focus on lightweight computations while preserving strong security. However, it has been shown that there are several attacks against these protocols, including denial of service, impersonation and desynchronization. In this paper, we present a secret disclosure attack which can be applied to many of these lightweight protocols that rely on rotation function. The complexity of our attack is only two consecutive protocol runs and with the success probability of “1”. We also implement our proposed attack on two existing protocols to show its correctness. It is obvious that with revealing secret values, all other attacks can be applied.
Similar content being viewed by others
References
Aghili SF, Ashouri-Talouki M, Mala H (2017) DoS, impersonation and de-synchronization attacks against an ultra-lightweight RFID mutual authentication protocol for IOT. J Supercomput 74:509–525
Aghili SF, Mala H (2017) Security analysis of an ultra-lightweight RFID authentication protocol for m-commerce. Technical Report, IACR Cryptology ePrint Archive 2017:547
Al-Fuqaha A, Guizani M, Mohammadi M, Aledhari M, Ayyash M (2015) Internet of Things: a survey on enabling technologies, protocols, and applications. IEEE Commun Surv Tutor 17(4):2347–2376 (Fourthquarter)
Amin R, Kumar N, Biswas G, Iqbal R, Chang V (2018) A light weight authentication protocol for IoT-enabled devices in distributed cloud computing environment. Future Gener Comput Syst 78:1005–1019
Bae W-S (2017) Verifying a secure authentication protocol for IoT medical devices. Cluster Comput. https://doi.org/10.1007/s10586-017-1107-x
Beaulieu R, Treatman-Clark S, Shors D, Weeks B, Smith J, Wingers L (2015) The SIMON and SPECK lightweight block ciphers. In: Design Automation Conference (DAC), 2015 52nd ACM/EDAC/IEEE. IEEE, pp 1–6
Beierle C, Jean J, Kölbl S, Leander G, Moradi A, Peyrin T, Sasaki Y, Sasdrich P, Sim SM (2016) The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw M, Katz J (eds) Advances in Cryptology—CRYPTO 2016—36th Annual International Cryptology Conference, Santa Barbara, CA, USA, 14–18 Aug 2016, Proceedings, Part II, Volume 9815 of Lecture Notes in Computer Science. Springer, pp 123–153
Bilal Z, Masood A, Kausar F (2009) Security analysis of ultra-lightweight cryptographic protocol for low-cost RFID tags: Gossamer protocol. In: International Conference on Network-Based Information Systems, 2009. NBIS’09. IEEE, pp 260–267
Bogdanov A, Knudsen L.R, Leander G, Paar C, Poschmann A, Robshaw M.J, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultra-lightweight block cipher. In: CHES, vol 4727. Springer, pp 450–466
Cao T, Bertino E, Lei H (2009) Security analysis of the SASI protocol. IEEE Trans Dependable Secure Comput 6(1):73–77
Chien H-Y (2007) SASI: a new ultralightweight rfid authentication protocol providing strong authentication and strong integrity. IEEE Trans Dependable Secure Comput 4(4):337–340
Fan K, Ge N, Gong Y, Li H, Su R, Yang Y (2017) An ultra-lightweight RFID authentication scheme for mobile commerce. Peer-to-Peer Netw Appl 10:368–376
Fan K, Gong Y, Liang C, Li H, Yang Y (2016) Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for IoT in 5G. Secur Commun Netw 9(16):3095–3104
Fan K, Wang W, Jiang W, Li H, Yang Y (2017) Secure ultra-lightweight RFID mutual authentication protocol based on transparent computing for IoV. Peer-to-Peer Netw Appl 11:723–734
Giuliano R, Mazzenga F, Neri A, Vegni AM (2017) Security access protocols in IoT capillary networks. IEEE Internet Things J 4(3):645–657
Gope P, Amin R, Islam SH, Kumar N, Bhalla VK (2017) Lightweight and privacy-preserving RFID authentication scheme for distributed IoT infrastructure with secure localization services for smart city environment. Future Gener Comput Syst 83:629–637
Hernandez-Castro JC, Tapiador JM, Peris-Lopez P, Quisquater J-J (2008) Cryptanalysis of the sasi ultralightweight RFID authentication protocol with modular rotations. arXiv preprint arXiv:0811.4257
Jan MA, Khan F, Alam M, Usman M (2017) A payload-based mutual authentication scheme for Internet of Things. Future Gener Comput Syst. https://doi.org/10.1016/j.future.2017.08.035
Lin J, Yu W, Zhang N, Yang X, Zhang H, Zhao W (2017) A survey on Internet of Things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet Things J 4:1125–1142
Peris-Lopez P, Hernandez-Castro JC, Tapiador JM, Ribagorda A (2008) Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In: International Workshop on Information Security Applications. Springer, pp 56–68
Phan RC-W (2009) Cryptanalysis of a new ultralightweight RFID authentication protocol SASI. IEEE Trans Dependable Secure Comput 6(4):316–320
Ronen E, Shamir A, Weingarten AO, O’Flynn C (2017) Iot goes nuclear: creating a ZigBee chain reaction. In: 2017 IEEE Symposium on Security and Privacy (SP), pp 195–212
Safkhani M, Bagheri N (2016) Generalized desynchronization attack on UMAP: application to RCIA, KMAP, SLAP and SASI\(^+\) protocols. IACR Cryptology ePrint Archive 2016:905
Safkhani M, Bagheri N (2017) Passive secret disclosure attack on an ultralightweight authentication protocol for internet of things. J Supercomput 73(8):3579–3585
Safkhani M, Bagheri N, Hosseinzadeh M, Namin ME, Rostampour S (2015) On the (im) possibility of receiving security beyond 2l using an l-bit PRNG: the case of Wang et al. protocol. IACR Cryptology ePrint Archive 2015:365
Safkhani M, Bagheri N, Hosseinzadeh M, Namin ME, Rostampour S (2017) On the security of an RFID-based parking lot management system. Int J Commun Syst. https://doi.org/10.1002/dac.3313
Sciancalepore S, Piro G, Boggia G, Bianchi G (2017) Public key authentication and key agreement in IoT devices with minimal airtime consumption. IEEE Embed Syst Lett 9(1):1–4
Shen J, Chang S, Shen J, Liu Q, Sun X (2018) A lightweight multi-layer authentication protocol for wireless body area networks. Future Gener Comput Syst 78:956–963
Sicari S, Rizzardi A, Grieco LA, Coen-Porisini A (2015) Security, privacy and trust in Internet of Things: the road ahead. Comput Netw 76:146–164
Song B, Cheong Y, Lee T, Jeong J (2017) Design and security analysis of improved identity management protocol for 5G/IoT networks. In: World Conference on Information Systems and Technologies. Springer, pp 311–320
Sun H-M, Ting W-C, Wang K-H (2011) On the security of Chien’s ultralightweight rfid authentication protocol. IEEE Trans Dependable Secure Comput 8(2):315–317
Taylor M, Reilly D, Lempereur B (2017) An access control management protocol for Internet of Things devices. Netw Secur 2017(7):11–17
Teixeira FA, Pereira FMQ, Wong H-C, Nogueira JMS, Oliveira LB (2017) SIoT: securing Internet of Things through distributed systems analysis. Future Gener Comput Syst. https://doi.org/10.1016/j.future.2017.08.010
Tewari A, Gupta BB (2017) Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. J Supercomput 73(3):1085–1102
Wang K-H, Chen C-M, Fang W, Wu T-Y (2017) On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J Supercomput 74:65–70
Wang K-H, Chen C-M, Fang W, Wu T-Y (2018) On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J Supercomput 74(1):65–70
Wazid M, Das AK, Khan MK, Al-Ghaiheb AA-D, Kumar N, Vasilakos A (2017) Secure authentication scheme for medicine anti-counterfeiting system in IoT environment. IEEE Internet Things J 4:1634–1646
Xie G, Chen Y, Li R, Li K (2018) Hardware cost design optimization for functional safety-critical parallel applications on heterogeneous distributed embedded systems. IEEE Trans Ind Inform 14(6):2418–2431
Xie G, Chen Y, Liu Y, Li R, Li K (2018) Minimizing development cost with reliability goal for automotive functional safety during design phase. IEEE Trans Reliab 67(1):196–211
Xie G, Zeng G, Kurachi R, Takada H, Li Z, Li R, Li K (2017) WCRT analysis of can messages in gateway-integrated in-vehicle networks. IEEE Trans Veh Technol 66(11):9623–9637
Xie G, Zeng G, Li Z, Li R, Li K (2017) Adaptive dynamic scheduling on multi-functional mixed-criticality automotive cyber-physical systems. IEEE Trans Veh Technol 66(8):6676–6692
Xie G, Zeng G, Liu Y, Zhou J, Li R, Li K (2018) Fast functional safety verification for distributed automotive applications during early design phase. IEEE Trans Ind Electrons 65(5):4378–4391
Yan C, Xie H, Liu S, Yin J, Zhang Y, Dai Q (2018) Effective Uyghur language text detection in complex background images for traffic prompt identification. IEEE Trans Intell Transport Syst 19(1):220–229
Yan C, Xie H, Yang D, Yin J, Zhang Y, Dai Q (2018) Supervised hash coding with deep neural network for environment perception of intelligent vehicles. IEEE Trans Intell Transport Syst 19(1):284–295
Yan C, Zhang Y, Xu J, Dai F, Li L, Dai Q, Wu F (2014) A highly parallel framework for HEVC coding unit partitioning tree decision on many-core processors. IEEE Signal Process Lett 21(5):573–576
Yan C, Zhang Y, Xu J, Dai F, Zhang J, Dai Q, Wu F (2014) Efficient parallel framework for HEVC motion estimation on many-core processors. IEEE Trans Circuits Syst Video Technol 24(12):2077–2089
Zhou J, Cao Z, Dong X, Vasilakos AV (2017) Security and privacy for cloud-based IoT: challenges. IEEE Commun Mag 55(1):26–33
Acknowledgements
This work was supported by Shahid Rajaee Teacher Training University.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Rights and permissions
About this article
Cite this article
Safkhani, M., Shariat, M. Implementation of secret disclosure attack against two IoT lightweight authentication protocols. J Supercomput 74, 6220–6235 (2018). https://doi.org/10.1007/s11227-018-2538-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-018-2538-8