论文信息 - Cryptanalysis of the David-Prasad RFID Ultralightweight Authentication Protocol

Cryptanalysis of the David-Prasad RFID Ultralightweight Authentication Protocol

In September 2009, David and Prasad proposed at MobiSec' 09 an interesting new ultralightweight mutual authentication protocol for low-cost RFID tags. In this paper, we present a quite powerful cryptanalytic attack against their proposal: we start with a traceability attack, then describe how it can be extended to leak long-term stored secrets, and finally present a full disclosure attack (named Tango attack) where all the secrets that the protocol is designed to conceal are shown to be retrievable, even by a passive attacker after eavesdropping only a small number of authentication sessions. These results imply that very realistic attack scenarios are completely possible. The Tango attack constitutes a new, simple, yet powerful technique of cryptanalysis which is based on the computation and full exploitation of multiple approximations to the secret values, using Hamming distances and the representation of variables in an n-dimensional space.

Juan E. Tapiador | Raphael C.-W. Phan | Julio César Hernández Castro | Pedro Peris-Lopez

[1] Pedro Peris-López,et al. LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[2] Ari Juels,et al. Defining Strong Privacy for RFID , 2007, PerCom Workshops.

[3] Gerhard Goos,et al. Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[4] Neeli R. Prasad,et al. Providing Strong Security and High Privacy in Low-Cost RFID Networks , 2009, MobiSec.

[5] Raphael C.-W. Phan,et al. Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI , 2009, IEEE Transactions on Dependable and Secure Computing.

[6] Zahir Tari,et al. On The Move to Meaningful Internet Systems 2003: OTM 2003 Workshops , 2003, Lecture Notes in Computer Science.

[7] Juan E. Tapiador,et al. Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol , 2009, WISA.

[8] Juan E. Tapiador,et al. EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[9] Hung-Yu Chien,et al. SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[10] Juan E. Tapiador,et al. M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[11] Adi Shamir,et al. New Applications of T-Functions in Block Ciphers and Hash Functions , 2005, FSE.