Cryptanalysis of the David-Prasad RFID Ultralightweight Authentication Protocol
نویسندگان
چکیده
In September 2009, David and Prasad proposed at MobiSec’09 an interesting new ultralightweight mutual authentication protocol for low-cost RFID tags. In this paper, we present a quite powerful cryptanalytic attack against their proposal: we start with a traceability attack, then describe how it can be extended to leak long-term stored secrets, and finally present a full disclosure attack (named Tango attack) where all the secrets that the protocol is designed to conceal are shown to be retrievable, even by a passive attacker after eavesdropping only a small number of authentication sessions. These results imply that very realistic attack scenarios are completely possible. The Tango attack constitutes a new, simple, yet powerful technique of cryptanalysis which is based on the computation and full exploitation of multiple approximations to the secret values, using Hamming distances and the representation of variables in an n-dimensional space.
منابع مشابه
Game-Based Cryptanalysis of a Lightweight CRC-Based Authentication Protocol for EPC Tags
The term "Internet of Things (IoT)" expresses a huge network of smart and connected objects which can interact with other devices without our interposition. Radio frequency identification (RFID) is a great technology and an interesting candidate to provide communications for IoT networks, but numerous security and privacy issues need to be considered. In this paper, we analyze the security and ...
متن کاملCryptanalysis of ultralightweight RFID authentication protocol
Radio frequency identification (RFID) technology is one of the most emerging technologies in the field of pervasive systems, which provides the automatic identification of the object with non-line of sight capability. RFID is much better than its contending identification scheme (Bar code) in terms of efficiency and functional haste. Although it offers many advantages over other identification ...
متن کاملUltralightweight Cryptography for passive RFID systems
RFID (Radio Frequency Identification) is one of the most growing technologies among the pervasive systems. Non line of sight capability makes RFID systems much faster than its other contending systems such as barcodes and magnetic taps etc. But there are some allied security apprehensions with RFID systems. RFID security has been acquired a lot of attention in last few years as evinced by the l...
متن کاملQuasi-Linear Cryptanalysis of a Secure RFID Ultralightweight Authentication Protocol
In 2010, Yeh, Lo and Winata [1] proposed a process-oriented ultralightweight RFID authentication protocol. This protocol is claimed to provide strong security and robust privacy protection, while at the same time the usage of resources on tags is optimized. Nevertheless, in this paper we show how the protocol does not achieve any of its intended security objectives; the main result is that the ...
متن کاملAnalysis and Enhancement of Desynchronization Attack on an Ultralightweight RFID Authentication Protocol
As low-cost RFID tags become more and more ubiquitous, it is necessary to design ultralightweight RFID authentication protocols to prevent possible attacks and threats. We reevaluate Ahmadian et al.’s desynchronization attack on the ultralightweight RFID authentication protocol with permutation (RAPP). Our results are twofold: (1) we demonstrate that the probability of the desynchronization bet...
متن کامل