Probabilistic Full Disclosure Attack on IoT Network Authentication Protocol

The Internet of Things (IoTs) is one of the most promising technologies of 5G. The IoTs is basically a system of interconnected computing devices which are provided with unique identification number and capability of transmitting information without human intervention. Since the computing devices (sensors) in IoTs communicate with each other using wireless channel which is accessible for all types of adversaries. Therefore, mutual authentication protocols play an important role for secure communication between the computing nodes. Recently Tewari and Gupta proposed an extremely lightweight authentication protocol to ensure the security and privacy of IoT networks in a cost-effective manner. The proposed protocol uses only two bitwise logical operators; Rotation and XOR and claimed to be one of the most secure Ultralightweight Mutual Authentication Protocol (UMAP). In this paper we have highlighted probabilistic full disclosure attack on the said protocol and challenged their security claims. The proposed attack model is passive and success probability is close to unity.

[1]  Masoumeh Safkhani,et al.  Passive secret disclosure attack on an ultralightweight authentication protocol for Internet of Things , 2017, The Journal of Supercomputing.

[2]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[3]  Klaus Finkenzeller,et al.  Rfid Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification , 2003 .

[4]  Gildas Avoine,et al.  Strong Authentication and Strong Integrity (SASI) Is Not That Strong , 2010, RFIDSec.

[5]  B. B. Gupta,et al.  Security in Internet of Things: issues, challenges, taxonomy, and architecture , 2017, Telecommunication Systems.

[6]  Zvonimir Sipus,et al.  Active wireless sensor with radio frequency identification chip , 2012, 2012 Proceedings of the 35th International Convention MIPRO.

[7]  Juan E. Tapiador,et al.  Cryptanalysis of the David-Prasad RFID Ultralightweight Authentication Protocol , 2010, RFIDSec.

[8]  Jian Su,et al.  SLAP: Succinct and Lightweight Authentication Protocol for low-cost RFID system , 2018, Wirel. Networks.

[9]  Xinyu Yang,et al.  A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications , 2017, IEEE Internet of Things Journal.

[10]  Imran A. Zualkernan,et al.  Internet of things (IoT) security: Current status, challenges and prospective measures , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[11]  Umar Mujahid,et al.  RCIA: A New Ultralightweight RFID Authentication Protocol Using Recursive Hash , 2015, Int. J. Distributed Sens. Networks.

[12]  Salekul Islam,et al.  Security analysis of LMAP using AVISPA , 2014, Int. J. Secur. Networks.

[13]  Antonio Iera,et al.  The Social Internet of Things (SIoT) - When social networks meet the Internet of Things: Concept, architecture and network characterization , 2012, Comput. Networks.

[14]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[15]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[16]  Shahzad Sarwar,et al.  A New Ultralightweight RFID Authentication Protocol for Passive Low Cost Tags: KMAP , 2017, Wirel. Pers. Commun..

[17]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[18]  Masoumeh Safkhani,et al.  Generalized Desynchronization Attack on UMAP: Application to RCIA, KMAP, SLAP and SASI+ protocols , 2016, IACR Cryptol. ePrint Arch..

[19]  Hung-Min Sun,et al.  On the Security of Chien's Ultralightweight RFID Authentication Protocol , 2011, IEEE Transactions on Dependable and Secure Computing.

[20]  B. B. Gupta,et al.  Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags , 2017, The Journal of Supercomputing.

[21]  Simon G. M. Koo,et al.  A Survey of Technologies in Internet of Things , 2014, 2014 IEEE International Conference on Distributed Computing in Sensor Systems.

[22]  Ramjee Prasad,et al.  Proposed Security Model and Threat Taxonomy for the Internet of Things (IoT) , 2010, CNSA.