Call for Paper - November 2021 Edition
IJCA solicits original research papers for the November 2021 Edition. Last date of manuscript submission is October 20, 2021. Read More

Security Flaws in Two Recently Proposed RFID Authentication Protocols

Print
PDF
IJCA Proceedings on International Conference on Computer Systems and Mathematical Sciences
© 2017 by IJCA Journal
ICCSMS 2016 - Number 1
Year of Publication: 2017
Authors:
Sonam Devgan Kaul
Amit K. Awasthi
{bibtex}iccsms201658.bib{/bibtex}

Abstract

On the basis of Vaudenay's untraceability model, this paper describes cryptanalyses of recently proposed Zhuang et al. 's ultralightweight RFID authentication protocol for low cost tags R2AP and Dehkordi and Farzaneh's improved hash based RFID mutual authentication protocol. This paper formally demonstrates that R2AP is insecure and does not attain even Narrow Forward privacy level of security. Additionally, R2AP protocol is traceable and suffers from impersonation attack. Also Dehkordi and Farzaneh's proposed protocol is impractical formally as it does not attain even Narrow Forward privacy level of security.

References

  • S. D. Kaul and A. K. Awasthi, "Rfid authentication protocol to enhance patient medication safety," Journal of medical systems, vol. 37, no. 6, pp. 1–6, 2013.
  • P. Peris-Lopez, J. C. Hernandez-Castro, J. M. Estevez-Tapiador, and A. Ribagorda, "LMAP : A real lightweight authentication protocol for low cost rfid tags," In Hand of Workshop on RFID and Lightweight Crypto, 2006.
  • Peris Lopez, Pedro, et al. , "M2AP : A minimalist mutual authentication protocol for low cost rfid tags," In Proc. of UIC'06, Springer Verlag, vol. 4159, pp. 912–923, 2006.
  • Peris Lopez, Pedro, et al. ,, "EMAP : An efficient mutual authentication protocol for low cost rfid tags," In Proc. of IS'06, Springer Verlag, vol. 4277, pp. 352– 361, 2006.
  • T. Li and G. Wang, "Security analysis of two ultra-lightweight rfid authentication protocols," in New Approaches for Security, Privacy and Trust in Complex Environments. Springer, 2007, pp. 109–120.
  • H. Y. Chien, "SAS1: A new ultralightweight rfid authentication protocol providing strong authentication and strong integrity," IEEE Transactions on Dependable and Secure Computing, vol. 4, no. 4, pp. 337–340, Oct-Dec 2007.
  • R. -W. Phan, "Cryptanalysis of a new ultralightweight rfid authentication protocolsasi," Dependable and Secure Computing, IEEE Transactions on, vol. 6, no. 4, pp. 316–320, 2009.
  • H. -M. Sun, W. -C. Ting, and K. -H. Wang, "On the security of chien's ultralightweight rfid authentication protocol," IEEE Transactions on Dependable and Secure Computing, no. 2, pp. 315–317, 2009.
  • P. Peris-Lopez, J. C. Hernandez-Castro, J. M. Estevez-Tapiador, and A. Ribagorda, "Advances in ultralightweight cryptography for low cost rfid tags : Gossamer protocol," In Proc. of WISA'08, Springer Verlag, vol. 5379, pp. 56–68, 2008.
  • Z. Bilal, A. Masood, and F. Kausar, "Security analysis of ultra-lightweight cryptographic protocol for low-cost rfid tags: Gossamer protocol," in Network-Based Information Systems, 2009. NBIS'09. In-ternational Conference on. IEEE, 2009, pp. 260–267.
  • L. Kulseng, Z. Yu, Y. Wei, and Y. Guan, "Lightweight mutual authen-tication and ownership transfer for rfid systems," in INFOCOM, 2010 Proceedings IEEE. IEEE, 2010, pp. 1–5.
  • Y. Yang, J. Gu, C. Lv, Q. Jiang, W. Ma, "Security analysis of Kulseng et al. 's mutual authentication protocol for RFID systems" Information Security, IET, vol. 6, no. 4, pp. 239–248, 2012.
  • Y. Tian, G. Chen, and J. Li, "A new ultralightweight rfid authentication protocol with permutation," IEEE Communications Letters, vol. 16, no. 5, pp. 702–705, May 2012.
  • G. Avoine and X. Carpent, "Yet another ultralightweight authentication protocol that is broken," in Radio Frequency Identification. Security and Privacy Issues. Springer, 2013, pp. 20–30.
  • X. Zhuang, Y. Zhu, and C. -C. Chang, "A new ultralightweight rfid protocol for low-cost tags: R2AP ," Wireless Personal Communications, vol. 79, no. 3, pp. 1787–1802, 2014.
  • A. Juels and S. A. Weis, "Defining strong privacy for rfid," ACM Transactions on Information and System Security (TISSEC), vol. 13, no. 1, p. 7, 2009.
  • J. -S. Cho, Y. -S. Jeong, and S. O. Park, "Consideration on the brute-force attack cost and retrieval cost: A hash-based radio-frequency identification (rfid) tag mutual authentication protocol," Computers & Mathematics with Applications, 2012.
  • M. H. Dehkordi and Y. Farzaneh, "Improvement of the hash-based rfid mutual authentication protocol," Wireless personal communications, vol. 75, no. 1, pp. 219–232, 2014.
  • S. Vaudenay, "On privacy models for rfid," in Advances in Cryptology– ASIACRYPT 2007. Springer, 2007, pp. 68–87.