Security Flaws in Two Recently Proposed RFID Authentication Protocols

On the basis of Vaudenay’s untraceability model, this paper describes cryptanalyses of recently proposed Zhuang et al.’s ultralightweight RFID authentication protocol for low cost tags RAP and Dehkordi and Farzaneh’s improved hash based RFID mutual authentication protocol. This paper formally demonstrates that RAP is insecure and does not attain even Narrow Forward privacy level of security. Additionally, RAP protocol is traceable and suffers from impersonation attack. Also Dehkordi and Farzaneh’s proposed protocol is impractical formally as it does not attain even Narrow Forward privacy level of security.

[1]  Raphael C.-W. Phan,et al.  Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI , 2009, IEEE Transactions on Dependable and Secure Computing.

[2]  Juan E. Tapiador,et al.  Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol , 2009, WISA.

[3]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[4]  Gildas Avoine,et al.  Yet Another Ultralightweight Authentication Protocol That Is Broken , 2011, RFIDSec.

[5]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[6]  Yong Guan,et al.  Lightweight Mutual Authentication and Ownership Transfer for RFID Systems , 2010, 2010 Proceedings IEEE INFOCOM.

[7]  Hung-Min Sun,et al.  On the Security of Chien's Ultralightweight RFID Authentication Protocol , 2011, IEEE Transactions on Dependable and Secure Computing.

[8]  Amit K. Awasthi,et al.  RFID Authentication Protocol to Enhance Patient Medication Safety , 2013, Journal of Medical Systems.

[9]  Firdous Kausar,et al.  Security Analysis of Ultra-lightweight Cryptographic Protocol for Low-cost RFID Tags: Gossamer Protocol , 2009, 2009 International Conference on Network-Based Information Systems.

[10]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[11]  Tieyan Li,et al.  Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols , 2007, SEC.

[12]  Y. Yang,et al.  Security analysis of Kulseng et al.'s mutual authentication protocol for RFID systems , 2012, IET Inf. Secur..

[13]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[14]  Young-Sik Jeong,et al.  Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (RFID) tag mutual authentication protocol , 2015, Comput. Math. Appl..

[15]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[16]  Xu Zhuang,et al.  A New Ultralightweight RFID Protocol for Low-Cost Tags: R$$^{2}$$2AP , 2014, Wirel. Pers. Commun..

[17]  Yun Tian,et al.  A New Ultralightweight RFID Authentication Protocol with Permutation , 2012, IEEE Communications Letters.

[18]  Pierre Dusart,et al.  Lightweight Authentication Protocol for Low-Cost RFID Tags , 2013, WISTP.

[19]  Masoud Hadian Dehkordi,et al.  Improvement of the Hash-Based RFID Mutual Authentication Protocol , 2014, Wirel. Pers. Commun..