Yet Another Ultralightweight Authentication Protocol That Is Broken

Eghdamian and Samsudin published at ICIEIS 2011 an ultralightweight mutual authentication protocol that requires few bitwise operations. The simplicity of the design makes the protocol very suitable to low-cost RFID tags. However, we demonstrate in this paper that the long-term key shared by the reader and the tag can be recovered by an adversary with a few eavesdropped sessions only. Additionally, we provide the backbone of some attacks on a series of similar recent protocols, and highlight important common weaknesses in the design of ultralightweight protocols.

[1]  Gildas Avoine,et al.  Privacy-friendly synchronized ultralightweight authentication protocols in the storm , 2012, J. Netw. Comput. Appl..

[2]  Ayman I. Kayssi,et al.  A PUF-based ultra-lightweight mutual-authentication RFID protocol , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[3]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[4]  Yun Tian,et al.  A New Ultralightweight RFID Authentication Protocol with Permutation , 2012, IEEE Communications Letters.

[5]  Juan E. Tapiador,et al.  Security Flaws in a Recent Ultralightweight RFID Protocol , 2009, ArXiv.

[6]  Yung-Cheng Lee,et al.  Two Ultralightweight Authentication Protocols for Low- Cost RFID Tags , 2012 .

[7]  Dhiren R. Patel,et al.  Improvements over Extended LMAP+: RFID Authentication Protocol , 2012, IFIPTM.

[8]  Gildas Avoine,et al.  Strong Authentication and Strong Integrity (SASI) Is Not That Strong , 2010, RFIDSec.

[9]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[10]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[11]  Kristiyan Haralambiev,et al.  HBN: An HB-like protocol secure against man-in-the-middle attacks , 2011, IACR Cryptol. ePrint Arch..

[12]  Azman Samsudin,et al.  A Secure Protocol for Ultralightweight Radio Frequency Identification (RFID) Tags , 2011 .