Skip to main content
SpringerLink
Log in

Cryptanalysis of the RNTS system

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Internet of Things is a paradigm that enables communication between different devices connected to a local network or to Internet. Identification and communication between sensors used in Internet of Things and devices like smart-phones or tablets are established using radio frequency identification technology. However, this technology still has several security and privacy issues because of its severe computational constraints. In 2011, Jeong and Anh proposed the combined use of an authentication radio frequency identification protocol together with a ticket issuing system for bank services (in J. Supercomput. 55:307, 2011). In this paper we show that their message generation is weak, because it abuses the XOR operation and the use of a counter, which leaks too much secret protocol information. Our analysis shows important security faults that ruin most of the security properties claimed in the original paper. More precisely, information privacy (via a disclosure and leakage attack) and location privacy (traceability attack) are both compromised. Moreover, an attacker can disrupt the proper working of the system by exploiting the fact that message integrity is not properly checked.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. Corresponding to the first hexadecimal digits of π.

References

  1. Atzori L, Iera A, Morabito G (2010) The Internet of things: a survey. Comput Netw 54(15):2787–2805

    Article  MATH  Google Scholar 

  2. Avoine G, Carpent X, Martin B (2010) Strong authentication and strong integrity (SASI) is not that strong. In: Proceedings of RFIDSec, pp 50–64

    Google Scholar 

  3. Chien H-Y (2007) SASI a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans Dependable Secure Comput 4(4):337–340

    Article  Google Scholar 

  4. Chien H-Y, Huang C-W (2007) Security of ultra-lightweight RFID authentication protocols and its improvements. Oper Syst Rev 41:83–86

    Article  Google Scholar 

  5. Darianian M, Michael MP (2008) Smart home mobile rfid-based Internet-of-things systems and services. In: Proceedings of the 2008 international conference on advanced computer theory and engineering, ICACTE’08, Washington, DC, USA. IEEE Computer Society Press, Los Alamitos, pp 116–120

    Chapter  Google Scholar 

  6. Feldhofer M, Rechberger C (2006) A case against currently used hash functions in RFID protocols. In: Proceedings of OTM. Lecture notes in computer science, vol 4277. Springer, Berlin, pp 372–381

    Google Scholar 

  7. Haller S, Karnouskos S, Schroth C (2009) Future Internet—fis 2008. In: The Internet of things in an enterprise context. Springer, Berlin, pp 14–28

    Google Scholar 

  8. Hardy GH, Wright EM (1979) An introduction to the theory of numbers, 5th edn. Clarendon Press, Oxford

    MATH  Google Scholar 

  9. Jeong C, Ahn K (2011) Efficient RNTS system for privacy of banking off-line customer. J Supercomput 55:307–319

    Article  Google Scholar 

  10. Juels A (2006) RFID security and privacy: a research survey. IEEE J Sel Areas Commun 24(2):381–394

    Article  MathSciNet  Google Scholar 

  11. Juels A, Weis SA (2007) Defining strong privacy for RFID. In: Proceedings of PerCom, pp 342–347

    Google Scholar 

  12. Knudsen LR (2000) Block chaining modes of operation. Reports in Informatics N0. 207, Department of Informatics, University of Bergen, Norway (ISSN 0333-3590), October 2000

  13. Lee K (2010) A two-step mutual authentication protocol based on randomized hash-lock for small RFID networks. In: Proceedings of NSS, September 2010, pp 527–533

    Google Scholar 

  14. Michael MP, Darianian M (2008) Architectural solutions for mobile rfid services for the Internet of things. In: Proceedings of the 2008 IEEE congress on services—part I, SERVICES ’08, Washington, DC, USA. IEEE Computer Society Press, Los Alamitos, pp 71–74

    Chapter  Google Scholar 

  15. Miorandi D, Sicari S, Pellegrini FD, Chlamtac I (2012) Internet of things: vision, applications and research challenges. Ad Hoc Netw 10(7):1497–1516

    Article  Google Scholar 

  16. Moradi A, Poschmann A, Ling S, Paar C, Wang H (2011) Pushing the limits: a very compact and a threshold implementation of AES. In: Proceedings of EUROCRYPT’11, pp 69–88

    Google Scholar 

  17. Syamsuddin I, Dillon T, Chang E, Han S (2008) A survey of RFID authentication protocols based on hash-chain method. In: Proceedings of ICCIT, vol 2. IEEE Press, New York, pp 559–564

    Google Scholar 

  18. Tan L, Wang N (2010) Future Internet: the Internet of things. In: 3rd international conference on advanced computer theory and engineering (ICACTE), vol 5, pp V5–376–V5–380

    Google Scholar 

  19. Weber RH (2010) Internet of things new security and privacy challenges. Comput Law & Secur Rev 26(1):23–30

    Article  Google Scholar 

  20. Welbourne E, Battle L, Cole G, Gould K, Rector K, Raymer S, Balazinska M, Borriello G (2009) Building the Internet of things using rfid: the rfid ecosystem experience. IEEE Internet Comput 13(3):48–55

    Article  Google Scholar 

  21. Yan T, Wen Q (2011) Building the Internet of things using a mobile rfid security protocol based on information technology. In: Jin D, Lin S (eds) Advances in computer science, intelligent system and environment. Advances in intelligent and soft computing, vol 104. Springer, Berlin, pp 143–149

    Chapter  Google Scholar 

  22. Yeh K-H, Lo N, Winata E (2010) An efficient ultralightweight authentication protocol for RFID systems. In: Proceedings of RFIDSec Asia, pp 49–60

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Applied Mathematics, University School of Computer Science (UPM) of Madrid, Madrid, Spain

    Pablo Picazo-Sanchez & Lara Ortiz-Martin

  2. Computer Security Lab (COSEC), Carlos III University of Madrid, Madrid, Spain

    Pedro Peris-Lopez

  3. School of Computing, University of Kent, Canterbury, UK

    Julio Cesar Hernandez-Castro

Authors
  1. Pablo Picazo-Sanchez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lara Ortiz-Martin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pedro Peris-Lopez
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Julio Cesar Hernandez-Castro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pablo Picazo-Sanchez.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Picazo-Sanchez, P., Ortiz-Martin, L., Peris-Lopez, P. et al. Cryptanalysis of the RNTS system. J Supercomput 65, 949–960 (2013). https://doi.org/10.1007/s11227-013-0873-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-013-0873-3

Keywords

Search

Navigation