Cryptanalysis of Two RFID Authentication Protocols

Radio frequency identification (RFID) technologies have many advantages in applications such as object tracking and monitoring, ticketing, supply-chain management, contactless payment systems. However, the RFID system may bring about various security and privacy problems. In this paper we present our security analysis of the LAK protocol and the CWH protocol. First, we show that the LAK protocol cannot resist replay attacks, and there- fore an adversary can impersonate a legal tag. Next, we present a full-disclosure attack on the CWH protocol. By sending malicious queries to a tag and collecting the response messages emitted by the tag, the full-disclosure attack allows an adversary to extract the secret information from the tag.

[1]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[2]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[3]  Hung-Yu Chien,et al.  A Lightweight RFID Protocol Using Substring , 2007, EUC.

[4]  Hung-Yu Chien,et al.  Security of ultra-lightweight RFID authentication protocols and its improvements , 2007, OPSR.

[5]  Kwangjo Kim,et al.  RFID mutual Authentication Scheme based on Synchronized Secret Information , 2006 .

[6]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[7]  Sang Ho Lee,et al.  Security and Privacy on Authentication Protocol for Low-cost RFID , 2006, 2006 International Conference on Computational Intelligence and Security.

[8]  Min-Shiang Hwang,et al.  Low-Cost RFID Authentication Protocol for Anti-Counterfeiting and Privacy Protection , 2006 .

[9]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[10]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[11]  Tieyan Li,et al.  Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols , 2007, SEC.

[12]  Kwangjo Kim,et al.  Security and Privacy on Authentication Protocol for Low-cost RFID , 2005 .

[13]  Elisa Bertino,et al.  Security Analysis of the SASI Protocol , 2009, IEEE Transactions on Dependable and Secure Computing.

[14]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[15]  Hicham G. Elmongui,et al.  Data Management in RFID Applications , 2007, DEXA.