Cryptanalysis of Cho et al.'s Protocol, A Hash-Based Mutual Authentication Protocol for RFID Systems

Radio frequency identification systems need protocols to provide confidentiality, user privacy, mutual authentication and etc. These protocols should resist active and passive attacks such as forgery, traceability, replay and desynchronization attacks. In this paper we cryptanalysis a hash based RFID mutual authentication protocol which has been recently proposed by Cho et al. More precisely, we present the following attacks on this protocol: 1. Desynchronization attack: the success probability of attack is “1” while the attack complexity is one run of protocol. 2. Tag impersonation attack: the success probability of attack is “ 1 4 ” for two runs of protocol. 3. Reader impersonation attack: the success probability of attack is “ 14 ” for two runs of protocol.

[1]  Masoumeh Safkhani,et al.  Cryptanalysis of AFMAP , 2010, IEICE Electron. Express.

[2]  Rasool Jalili,et al.  FLMAP: A fast lightweight mutual authentication protocol for RFID systems , 2008, 2008 16th IEEE International Conference on Networks.

[3]  Juan E. Tapiador,et al.  Cryptanalysis of the SASI Ultralightweight RFID Authentication Protocol with Modular Rotations , 2008, ArXiv.

[4]  Jean Arlat,et al.  IEEE Transactions on Dependable and Secure Computing , 2006 .

[5]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[6]  Yong Guan,et al.  Lightweight Mutual Authentication and Ownership Transfer for RFID Systems , 2010, 2010 Proceedings IEEE INFOCOM.

[7]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[8]  Masoumeh Safkhani,et al.  Cryptanalysis of Some Protocols for RFID Systems , 2011, IACR Cryptol. ePrint Arch..

[9]  Sang-Soo Yeo,et al.  Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value , 2011, Comput. Commun..

[10]  Guang Gong,et al.  A Lightweight Stream Cipher WG-7 for RFID Encryption and Authentication , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[11]  Yu-Yi Chen,et al.  The design of RFID access control protocol using the strategy of indefinite-index and challenge-response , 2011, Comput. Commun..

[12]  Raphael C.-W. Phan,et al.  Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI , 2009, IEEE Transactions on Dependable and Secure Computing.

[13]  Juan E. Tapiador,et al.  Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol , 2009, WISA.

[14]  Masoumeh Safkhani,et al.  Cryptanalysis of Chen et al.'s RFID Access Control Protocol , 2011, IACR Cryptol. ePrint Arch..

[15]  Masoumeh Safkhani,et al.  Tag Impersonation Attack on Two RFID Mutual Authentication Protocols , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[16]  Stephen A. Weis Security and Privacy in Radio-Frequency Identification Devices , 2003 .

[17]  Kwangjo Kim,et al.  Mutual Authentication Protocol for Low-cost RFID , 2005, CRYPTO 2005.

[18]  Bo Sheng,et al.  Secure and Serverless RFID Authentication and Search Protocols , 2008, IEEE Transactions on Wireless Communications.

[19]  M. Bárász Passive Attack Against the M 2 AP Mutual Authentication Protocol for RFID Tags ∗ , 2007 .

[20]  Hung-Yu Chien,et al.  Secure Access Control Schemes for RFID Systems with Anonymity , 2006, 7th International Conference on Mobile Data Management (MDM'06).

[21]  Masoumeh Safkhani,et al.  Security analysis of LMAP++, an RFID authentication protocol , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[22]  Chien-Hung Wu,et al.  Improvement of the RFID authentication scheme based on quadratic residues , 2011, Comput. Commun..

[23]  Kwangjo Kim,et al.  Defending RFID authentication protocols against DoS attacks , 2011, Comput. Commun..

[24]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[25]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[26]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[27]  Elisa Bertino,et al.  Security Analysis of the SASI Protocol , 2009, IEEE Transactions on Dependable and Secure Computing.

[28]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[29]  Rasool Jalili,et al.  AFMAP: Anonymous Forward-Secure Mutual Authentication Protocols for RFID Systems , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[30]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).