Security Analysis of a new Ultra-lightweight RFID Protocol and Its Improvement

Retrieval of texture images, especially those with different orientation and scale changes, is a challenging and important problem in image analysis. This paper adopts spiking cortical model (SCM) to explore geometrical invariant texture retrieval schemes based on Discrete Cosine Transform (DCT) coefficients of pulse images. The series of pulse images, outputs of SCM, have a robust talent for extracting edge, segment and texture which are inherent in the original images, but they are large 2-dimensional image data so that it is difficult tSome ultra-lightweight RFID protocols have recently been developed. Unlike other RFID protocols, ultra-lightweight protocols generally only need the simplest bitwise operations in the tag side, such as XOR, AND, and OR. In 2012, Tian etal. proposed a new ultra-lightweight RFID protocol named RAPP (RFID authentication protocol with permutation) using a new bitwise operation Permutation in the protocol, which can achieve high security and privacy as claimed. Unfortunately, because of the incomplete session that might occur in RAPP, we present a replay attack which can lead to de-synchronization between a tag and the database, which means the tag can no longer be authenticated by any reader. In addition, we also present a simple de-synchronization attack that can break the synchronization state between a tag and the database, like the replay attack. Some potential threats resulting in more security concerns from RAPP are illustrated by using two properties of Permutation revealed in this paper. We also provide some countermeasures for RAPP to withstand attacks mentioned in the paper.

[1]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[2]  Gildas Avoine,et al.  Yet Another Ultralightweight Authentication Protocol That Is Broken , 2011, RFIDSec.

[3]  Elisa Bertino,et al.  Security Analysis of the SASI Protocol , 2009, IEEE Transactions on Dependable and Secure Computing.

[4]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[5]  Hung-Min Sun,et al.  On the Security of Chien's Ultralightweight RFID Authentication Protocol , 2011, IEEE Transactions on Dependable and Secure Computing.

[6]  Tieyan Li,et al.  Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols , 2007, SEC.

[7]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[8]  Raphael C.-W. Phan,et al.  Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI , 2009, IEEE Transactions on Dependable and Secure Computing.

[9]  Sujuan Liu,et al.  Security Analysis of RAPP An RFID Authentication Protocol based on Permutation , 2012, IACR Cryptol. ePrint Arch..

[10]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[11]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[12]  Yun Tian,et al.  A New Ultralightweight RFID Authentication Protocol with Permutation , 2012, IEEE Communications Letters.

[13]  Mohammad Reza Aref,et al.  Desynchronization attack on RAPP ultralightweight authentication protocol , 2013, Inf. Process. Lett..