Security Analysis of Ultra-lightweight Protocol for Low-Cost RFID Tags: SSL-MAP

In this paper, we analyze the security vulnerabilities of SSL-MAP, an ultra-lightweight RFID mutual authentication protocol recently proposed by Rama N, Suganya R. We present two effective attacks, a de-synchronization attack and a full-disclosure attack, against this protocol. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. The latter completely threats a tag by extracting all the secret information that are stored in the tag. The de-synchronization attack can be carried out in three round of interaction in SSL-MAP while the full-disclosure attack is accomplished across several runs of SSL-MAP. We also discuss ways to counter the attacks.

[1]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[2]  Juan E. Tapiador,et al.  An Ultra Light Authentication Protocol Resistant to Passive Attacks under the Gen-2 Specification , 2009, J. Inf. Sci. Eng..

[3]  Juan E. Tapiador,et al.  Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol , 2009, WISA.

[4]  Tieyan Li,et al.  Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols , 2007, SEC.

[5]  Eman Shaaban,et al.  Lightweight Mutual Authentication Protocol for Low Cost RFID Tags , 2010, ArXiv.

[6]  Srinivas Sampalli,et al.  Technique for preventing DoS attacks on RFID systems , 2010, SoftCOM 2010, 18th International Conference on Software, Telecommunications and Computer Networks.

[7]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[8]  Hung-Yu Chien,et al.  Security of ultra-lightweight RFID authentication protocols and its improvements , 2007, OPSR.

[9]  Zahir Tari,et al.  On The Move to Meaningful Internet Systems 2003: OTM 2003 Workshops , 2003, Lecture Notes in Computer Science.

[10]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[11]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).