Strong Authentication and Strong Integrity (SASI) Is Not That Strong

In this work, we present a practical passive attack on SASI, an ultra-lightweight mutual authentication protocol for RFID. This attack can be used to reveal with overwhelming probability the secret ID of the prover by eavesdropping about 217 authentications. The result dismantles SASI and, more generally, provides a new approach that threatens ultra-lightweight authentication protocols.

[1]  Raphael C.-W. Phan,et al.  Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI , 2009, IEEE Transactions on Dependable and Secure Computing.

[2]  Alfredo De Santis,et al.  From Weaknesses to Secret Disclosure in a Recent Ultra-Lightweight RFID Authentication Protocol , 2008, IACR Cryptol. ePrint Arch..

[3]  Zahir Tari,et al.  On The Move to Meaningful Internet Systems 2003: OTM 2003 Workshops , 2003, Lecture Notes in Computer Science.

[4]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[5]  Robert H. Deng,et al.  Security Analysis on a Family of Ultra-lightweight RFID Authentication Protocols , 2008, J. Softw..

[6]  Tieyan Li,et al.  Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols , 2007, SEC.

[7]  M. Bárász Passive Attack Against the M 2 AP Mutual Authentication Protocol for RFID Tags ∗ , 2007 .

[8]  Elisa Bertino,et al.  Security Analysis of the SASI Protocol , 2009, IEEE Transactions on Dependable and Secure Computing.

[9]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[10]  Juan E. Tapiador,et al.  Cryptanalysis of the SASI Ultralightweight RFID Authentication Protocol with Modular Rotations , 2008, ArXiv.

[11]  Mike Burmester,et al.  Forward-secure RFID Authentication and Key Exchange , 2007, IACR Cryptol. ePrint Arch..

[12]  Hung-Min Sun,et al.  On the Security of Chien's Ultralightweight RFID Authentication Protocol , 2011, IEEE Transactions on Dependable and Secure Computing.

[13]  D. Nagy,et al.  Breaking LMAP , 2007 .

[14]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[15]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[16]  Basel Alomair,et al.  Passive Attacks on a Class of Authentication Protocols for RFID , 2007, ICISC.

[17]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[18]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[19]  Juan E. Tapiador,et al.  Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol , 2009, WISA.

[20]  Hung-Yu Chien,et al.  Security of ultra-lightweight RFID authentication protocols and its improvements , 2007, OPSR.

[21]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.