Lightweight Authentication Protocol for Low-Cost RFID Tags

Dusart, Pierre; Sinaly, Traore

doi:10.1007/978-3-642-38530-8_9

Cited by 7 publications

(12 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With respect to the Dusart-Traoré primitive, we answer the question above via contributions in Section 3. More specifically, we first demonstrate an efficient structural attack in Section 3.2, then, in Section 3.3, algebraic attacks that give a far more precise security estimate regarding the feasibility of such attacks against the primitive than the claims in [12]. In Section 3.4.3 we debunk the claim made in [36] of having broken the Dusart-Traoré primitive; in fact we demonstrate that the attack in [36] is not an attack at all.…”

Section: Introductionmentioning

confidence: 94%

“…This Section describes the authentication protocol and supporting primitive presented in [12,Sections 4 and 5]; for clarity we adopt the same notation, with specific additions introduced where required.…”

Section: Background and Notationmentioning

confidence: 99%

“…The design goals [12,Section 5] (specifically that it is one-way, and produces random output) mean h can be described as a keyed one-way function. Figure 1 illustrates the internal structure, which is essentially a 4-round substitution-permutation network, with no key scheduling, that operates on a 128-bit state (which, in common with AES for instance, is organised as a 16-element array of 8-bit bytes).…”

Section: Background and Notationmentioning

confidence: 99%

“…Along such lines, this paper examines an RFID-based authentication protocol due to Dusart and Traoré [12]. Said protocol makes use of a light-weight keyed one-way function; following [12], we use C Ð hK pM q to denote this "Dusart-Traoré primitive" where a key K is used to process some message M . With respect to the Dusart-Traoré primitive, we answer the question above via contributions in Section 3.…”

Section: Introductionmentioning

confidence: 99%

“…

…”

mentioning

confidence: 99%

See 4 more Smart Citations

Light-weight primitive, feather-weight security

Banciu

Hoerder

Page

2013

Proceedings of the Workshop on Embedded Systems Security

View full text Add to dashboard Cite

In [12], the authors present a new light-weight cryptographic primitive which supports an associated RFID-based authentication protocol. The primitive has some structural similarities to AES, but is presented as a keyed one-way function using a 128-bit key. Although a security analysis is included, this is at a high-level only. To provide a more concrete idea as to the security of this primitive, we therefore make three contributions: first, a structural attack requiring Op2 5 q plaintext/ciphertext pairs (and hence effort online) plus Op2 21 q effort offline, second algebraic attacks on round reduced versions of the primitive which requires only a single plaintext/ciphertext pair, and, third debunk the claimed attack of [36] on the same primitive. Our structural attack completely breaks the primitive and the algebraic attack highlights a crucial weakness of the primitive; we conclude that although one can consider countermeasures against these specific attacks, the design in general is questionable and should therefore be avoided.

show abstract

Section: Introductionmentioning

confidence: 94%

Section: Background and Notationmentioning

confidence: 99%

Section: Background and Notationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

“…

…”

mentioning

confidence: 99%

See 3 more Smart Citations

Light-weight primitive, feather-weight security

Banciu

Hoerder

Page

2013

Proceedings of the Workshop on Embedded Systems Security

View full text Add to dashboard Cite

show abstract

A key recovery attack on an error‐correcting code‐based lightweight security protocol

Erguler

2016

Security Comm Networks

View full text Add to dashboard Cite

One interesting radio‐frequency identification (RFID) application type is RFID searching that aims to hear a specific RFID tag from a large group of tags, that is, ability of detecting whether a target RFID tag is nearby. Very recently, a lightweight protocol using error‐correcting codes has been proposed by Chen et al. to provide a solution in this field. The authors give a detailed analysis of their protocol in terms of security, privacy, communication overhead, and hardware cost, and they claim that it is a realizable scheme with fulfilling security and privacy requirements. In this study, however, we investigate the security aspects of this protocol and clearly demonstrate its security flaws that completely allow an adversary to exploit the system. In particular, by using linear properties of error‐correcting coding, we first describe a tag tracing attack that undermines untraceability property, which is one of the design objectives. Then along with its implementation details, we present a key recovery attack that dramatically reduces the search space of a tag's secret key and show that an adversary can compromise it in convenient time by only querying this tag for several times. As an illustrative example, we retrieve the secret key of the protocol in 2 h for the suggested linear block code scriptC(47,24,11). Copyright © 2017 John Wiley & Sons, Ltd.

show abstract

Subtle Flaws in the Secure RFID Tag Searching Protocol: SRTS

Erguler

2016

Wireless Pers Commun

View full text Add to dashboard Cite

Secure RFID searching emerged as a new application field in RFID systems finds out whether a specific RFID tag is nearby within a group of tags in a secure manner. Although numerous RFID authentication protocols have been proposed in different studies, RFID searching has not drawn much attention from the RFID community. Also, most of the existing RFID searching protocols do not comply with the EPC Class-1 Gen2 standard, because their designs employ hardware complex cryptographic primitives such as hash functions or complicated encryption schemes. Recently, Sundaresan et al. has introduced an ultra-lightweight secure RFID searching protocol which only requires a Pseudo Random Number Generator and XOR encryption, i.e. it can be implemented on low-cost EPC Class-1 Gen2 compliant RFID tags. The authors present a detailed security analysis of their protocol to prove its security correctness and they claim that the protocol fulfills the security and privacy requirements. In this study, however, we describe tracking, replay and tag impersonation attacks that show the protocol fails to bear out some of its privacy and security objectives.

show abstract

Lightweight Authentication Protocol for Low-Cost RFID Tags

Cited by 7 publications

References 29 publications

Light-weight primitive, feather-weight security

Light-weight primitive, feather-weight security

A key recovery attack on an error‐correcting code‐based lightweight security protocol

Subtle Flaws in the Secure RFID Tag Searching Protocol: SRTS

Contact Info

Product

Resources

About