Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI

Since RFID tags are ubiquitous and at times even oblivious to the human user, all modern RFID protocols are designed to resist tracking so that the location privacy of the human RFID user is not violated. Another design criterion for RFIDs is the low computational effort required for tags, in view that most tags are passive devices that derive power from an RFID reader's signals. Along this vein, a class of ultralightweight RFID authentication protocols has been designed, which uses only the most basic bitwise and arithmetic operations like exclusive-OR, OR, addition, rotation, and so forth. In this paper, we analyze the security of the SASI protocol, a recently proposed ultralightweight RFID protocol with better claimed security than earlier protocols. We show that SASI does not achieve resistance to tracking, which is one of its design objectives.

[1]  Bart Jacobs,et al.  Crossing Borders: Security and Privacy Issues of the European e-Passport , 2006, IWSEC.

[2]  Raphael C.-W. Phan,et al.  Traceable Privacy of Recent Provably-Secure RFID Protocols , 2008, ACNS.

[3]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[4]  Joseph Gray Jackson,et al.  Privacy and Freedom , 1968 .

[5]  Marit Hansen,et al.  An analysis of security and privacy issues relating to RFID enabled ePassports , 2007, SEC.

[6]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[7]  Raphael C.-W. Phan,et al.  Cryptanalysis of the N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords , 2006, ACNS.

[8]  Raphael C.-W. Phan,et al.  Privacy of Recent RFID Authentication Protocols , 2008, ISPEC.

[9]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[10]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[11]  Raphael C.-W. Phan,et al.  Cryptanalysis of Two Provably Secure Cross-Realm C2C-PAKE Protocols , 2006, INDOCRYPT.

[12]  Hung-Yu Chien,et al.  Security of ultra-lightweight RFID authentication protocols and its improvements , 2007, OPSR.

[13]  Christof Paar,et al.  E-Passport: The Global Traceability Or How to Feel Like a UPS Package , 2006, WISA.

[14]  Gildas Avoine Adversarial Model for Radio Frequency Identification , 2005, IACR Cryptol. ePrint Arch..

[15]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[16]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[17]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[18]  Tieyan Li,et al.  Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols , 2007, SEC.

[19]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[20]  Kim-Kwang Raymond Choo,et al.  Security of a Leakage-Resilient Protocol for Key Establishment and Mutual Authentication , 2007, ProvSec.

[21]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[22]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[23]  David A. Wagner,et al.  Security and Privacy Issues in E-passports , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[24]  Robert H. Deng,et al.  Security Analysis on a Family of Ultra-lightweight RFID Authentication Protocols , 2008, J. Softw..

[25]  Serge Vaudenay RFID Privacy Based on Public-Key Cryptography , 2006, ICISC.

[26]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[27]  About Machine-Readable Travel Documents Privacy Enhancement Using ( Weakly ) Non-Transferable Data Authentication , 2007 .

[28]  Kevin Fu,et al.  Vulnerabilities in First-Generation RFID-Enabled Credit Cards , 2007, Financial Cryptography.