A New Ultralightweight RFID Protocol for Low-Cost Tags: R$$^{2}$$2AP

Several ultralightweight radio frequency identification (RFID) authentication protocols have been proposed in recent years. However, all of these protocols are reported later that they are vulnerable to various kinds of attacks (such as replay attack, de-synchronization attack, full disclosure attack, etc.) and/or have user privacy concerns. In this paper, we propose a new ultralightweight RFID protocol named reconstruction based RFID authentication protocol (R$$^{2}$$2AP), which is based on the use of a new bitwise operation reconstruction. Operation reconstruction has three important properties: Hamming weight unpredictability, irreversibility and effectiveness. Some or all of these properties are absent in previous protocols and therefore has caused a lot of insecurity issues. The proposed R$$^{2}$$2AP takes advantage of reconstruction to guarantee security of RFID system. Furthermore, we improve the Juels–Weis untraceability model so that the extended mathematic model can be used to analyze security functionality for ultralightweight RFID protocols. Our security analysis and performance evaluations demonstrate that (1) R$$^{2}$$2AP can withstand all attacks mentioned in the paper and protect users’ privacy; (2) R$$^{2}$$2AP is indeed an effective RFID protocol that can be implemented on low-cost tags.

[1]  Raphael C.-W. Phan,et al.  Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI , 2009, IEEE Transactions on Dependable and Secure Computing.

[2]  Y.-C. Lee,et al.  A New Ultralightweight RFID Protocol with Mutual Authentication , 2009, 2009 WASE International Conference on Information Engineering.

[3]  Elisa Bertino,et al.  Security Analysis of the SASI Protocol , 2009, IEEE Transactions on Dependable and Secure Computing.

[4]  Eun-Jun Yoon,et al.  A new ultra-lightweight RFID authentication protocol using merge and separation operations , 2013 .

[5]  Juan E. Tapiador,et al.  Quasi-Linear Cryptanalysis of a Secure RFID Ultralightweight Authentication Protocol , 2010, Inscrypt.

[6]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[7]  Gildas Avoine,et al.  Privacy-friendly synchronized ultralightweight authentication protocols in the storm , 2012, J. Netw. Comput. Appl..

[8]  Yun Tian,et al.  A New Ultralightweight RFID Authentication Protocol with Permutation , 2012, IEEE Communications Letters.

[9]  Juan E. Tapiador,et al.  Cryptanalysis of the SASI Ultralightweight RFID Authentication Protocol with Modular Rotations , 2008, ArXiv.

[10]  Mohammad Reza Aref,et al.  Recursive Linear and Differential Cryptanalysis of Ultralightweight Authentication Protocols , 2013, IEEE Transactions on Information Forensics and Security.

[11]  Juan E. Tapiador,et al.  Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol , 2009, WISA.

[12]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[13]  Hung-Min Sun,et al.  On the Security of Chien's Ultralightweight RFID Authentication Protocol , 2011, IEEE Transactions on Dependable and Secure Computing.

[14]  Xu Zhuang,et al.  Security Analysis of a new Ultra-lightweight RFID Protocol and Its Improvement , 2013, J. Inf. Hiding Multim. Signal Process..

[15]  Juan E. Tapiador,et al.  Security Flaws in a Recent Ultralightweight RFID Protocol , 2009, ArXiv.

[16]  Gildas Avoine,et al.  Yet Another Ultralightweight Authentication Protocol That Is Broken , 2011, RFIDSec.

[17]  Adi Shamir,et al.  A New Class of Invertible Mappings , 2002, CHES.

[18]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, PerCom Workshops.

[19]  Yung-Cheng Lee,et al.  Two Ultralightweight Authentication Protocols for Low- Cost RFID Tags , 2012 .

[20]  Srinivas Sampalli,et al.  Technique for preventing DoS attacks on RFID systems , 2010, SoftCOM 2010, 18th International Conference on Software, Telecommunications and Computer Networks.

[21]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[22]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[23]  Basel Alomair,et al.  Passive Attacks on a Class of Authentication Protocols for RFID , 2007, ICISC.

[24]  Tieyan Li,et al.  Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols , 2007, SEC.

[25]  Neeli R. Prasad,et al.  Providing Strong Security and High Privacy in Low-Cost RFID Networks , 2009, MobiSec.

[26]  Kuo-Hui Yeh,et al.  Analysis against secret redundancy mechanism for RFID authentication protocol , 2012, 2012 IEEE International Conference on Communication, Networks and Satellite (ComNetSat).

[27]  Mohammad Reza Aref,et al.  Desynchronization attack on RAPP ultralightweight authentication protocol , 2013, Inf. Process. Lett..

[28]  Azman Samsudin,et al.  A Secure Protocol for Ultralightweight Radio Frequency Identification (RFID) Tags , 2011 .