Abstract
The design of lightweight authentication protocols that conform to low-cost devices is imperative. This paper analyses two recently proposed authentication protocols[11,18]. We show the protocol in [11], which is the modification version of HB + protocol, still can not resist Man-in-the-Middle attack, and the protocol in [18] can not resist passive attack, and after eavesdropping about 20 consecutive authentications, the adversary can deduce all the secrets stored in the tag.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. J. ACM 50(4), 506–519 (2003)
Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)
Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)
Gilbert, H., Robshaw, M.J.B., Sibert, H.: An Active Attack Against HB+: A Provably Secure Lightweight Authentication Protocol. IEE Electronics Letters 41(21), 1169–1170 (2005)
Bringer, J., Chabanne, H., Dottax, E.: HB++: a lightweight authentication protocol secure against some attacks. In: IEEE International Conference on Pervasive Services, Workshop on Security, Privacy and Trust in pervasive and Ubiquitous Computing - SecPerU (2006)
Munilla, J., Peinado, A.: HB-MP: A further step in the HB-family of lightweight authentication protocols. Computer Networks 51, 2262–2267 (2007)
Gilbert, H., Robshaw, M.J.B., Seurin, Y.: HB#: Increasing the security and efficiency of HB+. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 361–378. Springer, Heidelberg (2008)
Bringer, J., Chabanne, H.: Trusted-HB: A low-cost version of HB + secure against man-inthe-middle attacks. IEEE Transactions on Information Theory 54(9), 4339–4342 (2008)
Gilbert, H., Robshaw, M.J.B., Seurin, Y.: Good variants of HB+ are hard to find. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 156–170. Springer, Heidelberg (2008)
Frumkin, D., Shamir, A.: Untrusted-HB: Security vulnerabilities of Trusted-HB. Cryptology ePrint Archive, Report 2009/044 (2009), http://eprint.iacr.org
Piramuthu: Lightweight cryptographic authentication in passive RFID-tagged systems. IEEE Transactions on systems, man and cybernetics – part C: Applications and Reviews 38(3), 360–376 (2008)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 912–923. Springer, Heidelberg (2006)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: An efficient mutual-authentication protocol for low-cost RFID tags. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 352–361. Springer, Heidelberg (2006)
Peris-Lopez, P., Castro, J.C.H., Estevez-Tapiador, J.M., Ribagorda, A.: LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In: Proceedings of the 2nd Workshop on RFID Security (2006), http://events.iaik.tugraz.at/RFIDSec06/Program/papers/013-LightweightMutualAuthentication.pdf
Li, T., Wang, G.: Security analysis of two ultra-lightweight RFID authentication protocols. In: IFIP SEC 2007, Sandton, Gauteng, South Africa, pp. 14–16 (May 2007)
Li, T., Deng, R.: Vulnerability analysis of EMAP – an efficient RFID mutual authentication protocol. ares. In: The Second International Conference on Availability, Reliability and Security (ARES 2007), pp. 238–245 (2007)
Barasz, M., Boros, B., Ligeti, P., et al.: Passive attack against the M2AP mutual authentication protocol for RFID tags. In: Proc. of First International EURASIP Workshop on FID Technology, pp. 76–83 (2007)
David, M., Prasad, N.R.: Providing strong security and high privacy in low-cost RFID networks. In: Schmidt, A.U., Lian, S. (eds.) MobiSec 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 17, pp. 172–179. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shaohui, W. (2011). Security Flaws in Two RFID Lightweight Authentication Protocols. In: Ma, M. (eds) Communication Systems and Information Technology. Lecture Notes in Electrical Engineering, vol 100. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21762-3_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-21762-3_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21761-6
Online ISBN: 978-3-642-21762-3
eBook Packages: EngineeringEngineering (R0)