Pitfalls in Ultralightweight RFID Authentication Protocol

Khokhar, Umar Mujahid; Najam-ul-Islam, Muhammad

doi:10.17762/ijcnis.v7i3.1357

Cited by 1 publication

(2 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most of the proposed authentication protocols can be categorized as ultralightweight, lightweight, or non-lightweight protocols from a high-level perspective regarding the components used. The foundation of ultralightweight protocols is bit-level operations such as Exclusive-or (XOR), Rotation, AND, and OR, for instance, SASI [4], RAPP [5], R 2 AP [6], RCIA [7], KMAP [8], SLAP [9], SecLAP [10], Eghdamian and Samsudin's protocol [11], David-Prasad ultralightweight authentication protocol [12], and UMAPSS [13]. However, due to a lack of sufficient confusion and diffusion, nearly all protocols in this class have been severely degraded up to this point [14][15][16][17][18][19][20][21].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Toward Designing a Secure Authentication Protocol for IoT Environments

et al. 2023

View full text Add to dashboard Cite

Authentication protocol is a critical part of any application to manage the access control in many applications. A former research recently proposed a lightweight authentication scheme to transmit data in an IoT subsystem securely. Although the designers presented the first security analysis of the proposed protocol, that protocol has not been independently analyzed by third-party researchers, to the best of our knowledge. On the other hand, it is generally agreed that no cryptosystem should be used in a practical application unless its security has been verified through security analysis by third parties extensively, which is addressed in this paper. Although it is an efficient protocol by design compared to other related schemes, our security analysis identifies the non-ideal properties of this protocol. More specifically, we show that this protocol does not provide perfect forward secrecy. In addition, we show that it is vulnerable to an insider attacker, and an active insider adversary can successfully recover the shared keys between the protocol’s entities. In addition, such an adversary can impersonate the remote server to the user and vice versa. Next, the adversary can trace the target user using the extracted information. Finally, we redesign the protocol such that the enhanced protocol can withstand all the aforementioned attacks. The overhead of the proposed protocol compared to its predecessor is only 15.5% in terms of computational cost.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Protocol Class [4][5][6][7][8][9][10][11][12][13] Ultralightweight [43][44][45][46][47][48] PUF based [52][53][54][55] Smartcard based [56][57][58][59] Biometric based [40][41][42] Blockchain based…”

Section: Protocolmentioning

confidence: 99%