Comment on "cryptanalysis of a novel ultralightweight mutual authentication protocol for IoT devices using RFID tags"

To protect the security of IoT devices, Tewari and Gupta proposed an ultralightweight mutual-authentication protocol for an RFID system. In the protocol, only two simple bitwise operations (XOR and rotation) are used to achieve two-pass mutual authentication. Although the protocol is efficient, we observe that the protocol has a security vulnerability. This security weakness could cause the leaking of all secrets in RFID tags. Compared with other researches that also proposed attacks for Tewari and Gupta's protocol, our attack needs less time and smaller space complexity to implement. The time complexity of our attack is O(1), and the attack can successfully crack the protocol with 100% probability.

[1]  Srinivas Sampalli,et al.  Technique for preventing DoS attacks on RFID systems , 2010, SoftCOM 2010, 18th International Conference on Software, Telecommunications and Computer Networks.

[2]  Yun Tian,et al.  A New Ultralightweight RFID Authentication Protocol with Permutation , 2012, IEEE Communications Letters.

[3]  Keith Martin,et al.  Ultra-lightweight Mutual Authentication Protocols: Weaknesses and Countermeasures , 2013, 2013 International Conference on Availability, Reliability and Security.

[4]  Masoumeh Safkhani,et al.  Passive secret disclosure attack on an ultralightweight authentication protocol for Internet of Things , 2017, The Journal of Supercomputing.

[5]  Chien-Ming Chen,et al.  On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags , 2017, The Journal of Supercomputing.

[6]  Kai Fan,et al.  ULRAS: Ultra-Lightweight RFID Authentication Scheme for Mobile Device , 2015, WASA.

[7]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[8]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[9]  Juan E. Tapiador,et al.  Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol , 2009, WISA.

[10]  B. B. Gupta,et al.  Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags , 2017, The Journal of Supercomputing.