Efficient Passive Full-disclosure Attack on RFID Light-weight Authentication Protocols LMAP++ and SUAP

Radio Frequency Identification (RFID) is a technology that has been widely used in daily life, such as in access control, in electronic passports, in payment and ticketing. However, since the RFID information may be easily unveiled over the air, security and the privacy issues always exist. Many RFID authentication protocols have been proposed to preserve security and privacy of the system. Nevertheless, most of these protocols are analyzed and it is shown that they can not provide security against some RFID attacks. LMAP++ and SUAP are two typical and recently proposed RFID lightweight authentication protocols, which were presented to resist passive attack. In this work, utilizing the particular structures of these two protocols and the property of bitwise operations, we present a new and efficient passive full-disclosure attack on LMAP++, SUAP-1 and SUAP-3 protocol. We point out the construction weakness of these two protocols and our passive attack can be used to reveal all the secrets shared by the Reader and Tag by eavesdropping about 20 rounds of the authentication messages. DOI:  http://dx.doi.org/10.11591/telkomnika.v10i6.1398 Full Text: PDF

[1]  Juan E. Tapiador,et al.  Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol , 2009, WISA.

[2]  Hung-Yu Chien,et al.  Security of ultra-lightweight RFID authentication protocols and its improvements , 2007, OPSR.

[3]  Hung-Min Sun,et al.  On the Security of Chien's Ultralightweight RFID Authentication Protocol , 2011, IEEE Transactions on Dependable and Secure Computing.

[4]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[5]  Gildas Avoine,et al.  Strong Authentication and Strong Integrity (SASI) Is Not That Strong , 2010, RFIDSec.

[6]  Wei-wei Zhang,et al.  Passive Attack on RFID LMAP++ Authentication Protocol , 2011, CANS.

[7]  Basel Alomair,et al.  Passive Attacks on a Class of Authentication Protocols for RFID , 2007, ICISC.

[8]  Tieyan Li Employing Lightweight Primitives on Low-Cost RFID Tags for Authentication , 2008, 2008 IEEE 68th Vehicular Technology Conference.

[9]  Tieyan Li,et al.  Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols , 2007, SEC.

[10]  Hongnian Yu,et al.  Secure ubiquitous authentication protocols for RFID systems , 2012, EURASIP J. Wirel. Commun. Netw..

[11]  Jin Bo Ultra-lightweight RFID Mutual Authentication Protocol , 2011 .

[12]  Kampus Baru,et al.  An Algorithm for Predicting the Speed of Traffic Light Violators , 2011 .

[13]  Chung-Hsing Chao A Remote Power Management Strategy for the Solar Energy Powered Bicycle , 2011 .

[14]  M. Bárász Passive Attack Against the M 2 AP Mutual Authentication Protocol for RFID Tags ∗ , 2007 .

[15]  Juan E. Tapiador,et al.  Cryptanalysis of the SASI Ultralightweight RFID Authentication Protocol with Modular Rotations , 2008, ArXiv.

[16]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[17]  Elisa Bertino,et al.  Security Analysis of the SASI Protocol , 2009, IEEE Transactions on Dependable and Secure Computing.

[18]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[19]  Alfredo De Santis,et al.  From Weaknesses to Secret Disclosure in a Recent Ultra-Lightweight RFID Authentication Protocol , 2008, IACR Cryptol. ePrint Arch..

[20]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[21]  Masoumeh Safkhani,et al.  Security analysis of LMAP++, an RFID authentication protocol , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[22]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .