Security Analysis of the SASI Protocol

The ultralightweight RFID protocols only involve simple bit-wise operations (like XOR, AND, OR, etc.) on tags. In this paper, we show that the ultralightweight strong authentication and strong integrity (SASI) protocol has two security vulnerabilities, namely denial-of-service (DoS) and anonymity tracing based on a compromised tag. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. The latter links a compromised tag with past actions performed on this tag.

[1]  Selwyn Piramuthu,et al.  Protocols for RFID tag/reader authentication , 2007, Decis. Support Syst..

[2]  Ari Juels,et al.  Strengthening EPC tags against cloning , 2005, WiSe '05.

[3]  Jean Arlat,et al.  IEEE Transactions on Dependable and Secure Computing , 2006 .

[4]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[5]  Kwangjo Kim,et al.  Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning , 2006 .

[6]  Tieyan Li,et al.  Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols , 2007, SEC.

[7]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[8]  Hung-Yu Chien,et al.  Security of ultra-lightweight RFID authentication protocols and its improvements , 2007, OPSR.

[9]  Stephen A. Weis Security parallels between people and pervasive devices , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[10]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[11]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[12]  Julien Bringer,et al.  HB^+^+: a Lightweight Authentication Protocol Secure against Some Attacks , 2006, Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU'06).

[13]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[14]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[15]  Matthew J. B. Robshaw,et al.  An Active Attack Against HB +-A Provably Secure Lightweight Authentication Protocol , 2022 .