Security Issues in Ultralightweight RFID Authentication Protocols

Ultralightweight RFID authentication protocols have attracted much attention from both fields of science and industry in recent years due to their high efficiencies and extensive applicability. However, many studies have shown that the published ultralightweight protocols are vulnerable to various kinds of malicious attacks, which generally are empirical analysis based and protocol dependent. A general and comprehensive study of these security issues is still absent. To supplement theory study in this area, this paper propose general attack models of three most serious attacks: de-synchronization attack, replay attack and full disclosure attack, for ultralightweight RFID protocols. To formalize the de-synchronization attack, we define an artificial function named FindIndex to analyze the ability of an ultralightweight RFID protocol to keep its data integrity. The proposed de-synchronization attack can break synchronization between RFID tag and database of most ultralightweight protocols with considerable success rates. Our replay attack demonstrates the uselessness of all existing redundancy mechanisms used to solve problems caused by losing final messages. That means all the protocols adopting redundancy mechanisms that store old secrets in one side or both sides cannot resist the proposed replay attack. Furthermore, we develop full-disclosure attacks for T-function based and rotation based RFID protocols, respectively. The described full-disclosure attacks are quite effective and can reveal some or all secrets in RFID tags. Our study shows the most common design flaws in those RFID protocols so that researchers are still faced with challenges to develop a secure ultralightweight RFID protocol.

[1]  Eun-Jun Yoon,et al.  A new ultra-lightweight RFID authentication protocol using merge and separation operations , 2013 .

[2]  Mohammad Reza Aref,et al.  Recursive Linear and Differential Cryptanalysis of Ultralightweight Authentication Protocols , 2013, IEEE Transactions on Information Forensics and Security.

[3]  Robert H. Deng,et al.  Security Analysis on a Family of Ultra-lightweight RFID Authentication Protocols , 2008, J. Softw..

[4]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[5]  Raphael C.-W. Phan,et al.  Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI , 2009, IEEE Transactions on Dependable and Secure Computing.

[6]  Tieyan Li,et al.  Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols , 2007, SEC.

[7]  Yung-Cheng Lee,et al.  Two Ultralightweight Authentication Protocols for Low- Cost RFID Tags , 2012 .

[8]  Xu Zhuang,et al.  Security Analysis of a new Ultra-lightweight RFID Protocol and Its Improvement , 2013, J. Inf. Hiding Multim. Signal Process..

[9]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[10]  Kuo-Hui Yeh,et al.  Analysis against secret redundancy mechanism for RFID authentication protocol , 2012, 2012 IEEE International Conference on Communication, Networks and Satellite (ComNetSat).

[11]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[12]  Adi Shamir,et al.  New Applications of T-Functions in Block Ciphers and Hash Functions , 2005, FSE.

[13]  Neeli R. Prasad,et al.  Providing Strong Security and High Privacy in Low-Cost RFID Networks , 2009, MobiSec.

[14]  Tieyan Li Employing Lightweight Primitives on Low-Cost RFID Tags for Authentication , 2008, 2008 IEEE 68th Vehicular Technology Conference.

[15]  Y.-C. Lee,et al.  A New Ultralightweight RFID Protocol with Mutual Authentication , 2009, 2009 WASE International Conference on Information Engineering.

[16]  Juan E. Tapiador,et al.  An Ultra Light Authentication Protocol Resistant to Passive Attacks under the Gen-2 Specification , 2009, J. Inf. Sci. Eng..

[17]  Xu Zhuang,et al.  A New Ultralightweight RFID Protocol for Low-Cost Tags: R$$^{2}$$2AP , 2014, Wirel. Pers. Commun..

[18]  Juan E. Tapiador,et al.  Cryptanalysis of the David-Prasad RFID Ultralightweight Authentication Protocol , 2010, RFIDSec.

[19]  Yun Tian,et al.  A New Ultralightweight RFID Authentication Protocol with Permutation , 2012, IEEE Communications Letters.