Khaled Ouafi scite author profile

Overbeck

Vaudenay

2008

Abstract. At EuroCrypt '08, Gilbert, Robshaw and Seurin proposed HB # to improve on HB + in terms of transmission cost and security against man-in-the-middle attacks. Although the security of HB # is formally proven against a certain class of man-in-the-middle adversaries, it is only conjectured for the general case. In this paper, we present a general man-in-the-middle attack against HB # and Random-HB # , which can also be applied to all anterior HB-like protocols, that recovers the shared secret in 2 25 or 2 20 authentication rounds for HB # and 2 34 or 2 28 for Random-HB # , depending on the parameter set. We further show that the asymptotic complexity of our attack is polynomial under some conditions on the parameter set which are met on one of those proposed in [8].

ARMADILLO: A Multi-purpose Cryptographic Primitive Dedicated to Hardware

Badel

Daǧtekın

Nakahara

et al. 2010

Abstract. This paper describes and analyzes the security of a general-purpose cryptographic function design, with application in RFID tags and sensor networks. Based on these analyzes, we suggest minimum parameter values for the main components of this cryptographic function, called ARMADILLO. With fully serial architecture we obtain that 2 923 GE could perform one compression function computation within 176 clock cycles, consuming 44 µW at 1 MHz clock frequency. This could either authenticate a peer or hash 48 bits, or encrypt 128 bits on RFID tags. A better tradeoff would use 4 030 GE, 77 µW of power and 44 cycles for the same, to hash (resp. encrypt) at a rate of 1.1 Mbps (resp. 2.9 Mbps). As other tradeoffs are proposed, we show that ARMADILLO offers competitive performances for hashing relative to a fair Figure Of Merit (FOM).

Privacy of Recent RFID Authentication Protocols

Phan

Abstract. Privacy is a major concern in RFID systems, especially with widespread deployment of wireless-enabled interconnected personal devices e.g. PDAs and mobile phones, credit cards, e-passports, even clothing and tires. An RFID authentication protocol should not only allow a legitimate reader to authenticate a tag but it should also protect the privacy of the tag against unauthorized tracing: an adversary should not be able to get any useful information about the tag for tracking or discovering the tag's identity. In this paper, we analyze the privacy of some recently proposed RFID authentication protocols (2006 and 2007) and show attacks on them that compromise their privacy. Our attacks consider the simplest adversaries that do not corrupt nor open the tags. We describe our attacks against a general untraceability model; from experience we view this endeavour as a good practice to keep in mind when designing and analyzing security protocols.

Traceable Privacy of Recent Provably-Secure RFID Protocols

Phan

2008

Abstract. One of the main challenges in RFIDs is the design of privacypreserving authentication protocols. Indeed, such protocols should not only allow legitimate readers to authenticate tags but also protect these latter from privacy-violating attacks, ensuring their anonymity and untraceability: an adversary should not be able to get any information that would reveal the identity of a tag or would be used for tracing it. In this paper, we analyze some recently proposed RFID authentication protocols that came with provable security flavours. Our results are the first known privacy cryptanalysis of the protocols.

Lightweight Cryptography for RFID Tags

Maimut¹,

IEEE Secur. Privacy Mag.

2012