Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags

Abstract

Internet of Things (IoT) is an evolving architecture which connects multiple devices to Internet for communication or receiving updates from a cloud or a server. In future, the number of these connected devices will increase immensely making them an indistinguishable part of our daily lives. Although these devices make our lives more comfortable, they also put our personal information at risk. Therefore, security of these devices is also a major concern today. In this paper, we propose an ultra-lightweight mutual authentication protocol which uses only bitwise operation and thus is very efficient in terms of storage and communication cost. In addition, the computation overhead is very low. We have also compared our proposed work with the existing ones which verifies the strength of our protocol, as obtained results are promising. A brief cryptanalysis of our protocol that ensures untraceability is also presented.

References

1. 1.

   Ashton K (2009) That “Internet of Things” thing. RFiD J. http://www.itrco.jp/libraries/RFIDjournal-That%20Internet%20of%20Things%20Thing.pdf. Last accessed August 2016

2. 2.

   Stergiou C, Psannis KE (2016) Recent advances delivered by mobile cloud computing and internet of things for big data applications: a survey. Int J Netw Manag. doi:10.1002/nem.1930

3. 3.

   Shengdong X, Yuxiang W (2014) Construction of tree network with limited delivery latency in homogeneous wireless sensor networks. Wirel Pers Commun 78(1):231–246

4. 4.

   Guo P, Wang J, Li B, Lee S (2014) A variable threshold-value authentication architecture for wireless mesh networks. J Internet Technol 15(6):929–936

5. 5.

   Psannis KE (2016) HEVC in wireless environments. J Real-Time Image Process 12(2):509–516

6. 6.

   Psannis K (2009) Efficient redundant frames encoding algorithm for streaming video over error prone wireless channels. IEICE ELEX J 6(21):1497–1502

7. 7.

   Buckley J (ed) (2006) The internet of things: from RFID to the next-generation pervasive networked systems. Auerbach Publications, New York

8. 8.

   Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54:2787–2805

9. 9.

   Cisco (2016) “IoT Threat Environment”. Available at: http://www.cisco.com/c/dam/en/us/products/collateral/se/internet-of-things/C11-735871.pdf. Last accessed July

10. 10.

    Zorzi M, Gluhak A, Lange S, Bassi A (2010) From today’s intranet of things to a future internet of things: a wireless- and mobility-related view. IEEE Wirel Commun 17:43–51

11. 11.

    Ning HS, Wang ZO (2011) Future internet of things architecture: like mankind neural system or social organization framework? IEEE Commun Lett 15:461–463

12. 12.

    Psannis KE, Xinogalos S, Sifaleras A (2014) Convergence of internet of things and mobile cloud computing. Syst Sci Control Eng Open Access J 2(1):476–483

13. 13.

    Near Field Comminications History (2016) “Timeline of RFID technology”. Available at: http://www.nfcnearfieldcommunication.org/timeline.html, Last accessed July

14. 14.

    Postscapes (2016) “History of internet of things”. Available at: http://postscapes.com/internet-of-things-history. Last accessed July

15. 15.

    Roman R, Najera P, Lopez J (2011) Securing the internet of things. Computer 44(9):51–58

16. 16.

    Gubbi J, Buyya R, Marusic S, Palaniswami M (2013) Internet of things (IoT): a vision, architectural elements, and future directions. Futur Gener Comput Syst 29(7):1645–1660

17. 17.

    Welbourne E, Battle L, Cole G et al (2009) Building the Internet of things Using RFID: The RFID ecosytem experience. IEEE Computing Society. Available at: http://homes.cs.washington.edu/~magda/papers/welbourne-ieeeic09.pdf. Last accessed July 2016

18. 18.

    Khoo B (2011) “RFID as an enabler of the internet of things: issues of security and privacy”. In: Internet of Things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing, pp. 709–712

19. 19.

    Chris Edwards, (2016) “ RFID tags along with the Internet of Things”, Engineering and Technology magazine vol 9, Issue 8. Available at: http://eandt.theiet.org/magazine/2014/08/tagging-along.cfm, Last accessed July

20. 20.

    Thrasher J (2016) “A primer on the internet of things and RFID”. Available at: http://blog.atlasrfidstore.com/internet-of-things-and-rfid. Last accessed July

21. 21.

    Bolic M, Simplot-Ryl D, Stojmenovic I (2010) RFID systems: research trends and challenges. Wiley, New York

22. 22.

    Chien H-Y (2007) SASI: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans Dependable Secur Comput 4(4):337–340

23. 23.

    Henrici A, Muller P (2004) “Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers”. In: International Workshop on Pervasive Computing and Communication Security PerSec, Orlando, Florida, USA, pp 149–153 (ISBN: 0-7695-2106-1)

24. 24.

    Molnar D, Wagner D (2004) “Privacy and security in library RFID: Issues, practices, and architectures”. In: Conference on Computer and Communications Security—ACM CCS, Washington, DC, USA, pp 210–219 (ISBN:1-58113-961-6)

25. 25.

    Weis SA, Sarma SE, Rivest RL, Engels DW (2004) Security and privacy aspects of low-cost radio frequency identification systems. Secur Pervasive Comput LNCS 2802:201–212

26. 26.

    Rhee K, Kwak J, Kim S, Won D (2005) Challenge-response based RFID authentication protocol for distributed database environment. Int Conf Secur Pervasive Comput SPC 2005:70–84

27. 27.

    Jules A (2006) RFID security and privacy: a research survey. IEEE J Sel Areas Commun 24(2):381–394

28. 28.

    Juels A, Weis S (2005) Authenticating pervasive devices with human protocols. CRYPTO’05., vol 3126 of LNCS, IACR. Springer, Heidelberg, pp 293–308

29. 29.

    Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador J, Ribagorda A (2006) “LMAP: a real lightweight mutual authentication protocol for low-cost RFID tags”. Printed handout of Workshop on RFID Security -RFIDSec 06 July

30. 30.

    Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador J, Ribagorda A (2006) ”M2AP: a minimalist mutual-authentication protocol for low-cost RFID tags”. Lecture Notes in Computer Science, pp 912–923. Springer, Berlin

31. 31.

    Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador JM, Ribagorda A (2006) “EMAP: an efficient mutual authentication protocol for low-cost RFID Tags”. OTM Federated Conferences and Workshop: IS Workshop, IS’06, 4277 Lecture Notes in Computer Science, pp 352–361. Springer, Berlin

32. 32.

    Peris-Lopez P, Hernandez-Castro JC, Tapiador JME, Ribagorda A (2008) “Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol,”. In: Proceedings of International Workshop on Information Security Applications, pp 56–68

33. 33.

    Kelsey J, Schneier B, Wagner D, Hall C (1998) Cryptanalytic attacks on pseudorandom number generators, Fast Software Encryption, LNCS, vol 1372, Springer, Berlin. pp 168–188 (ISBN: 978-3-540-69710-71998)

34. 34.

    Erguler I, Unsal C, Anarim E, Saldamli G (2012) Security analysis of an ultra-lightweight RFID authentication protocol-SLMAP*. Secur Comm Netw 5:287–291

35. 35.

    Tagra D, Rahman M, Sampalli S (2010) “Technique for preventing DoS attacks on RFID systems”. In: Proceedings of 18th International Conference on Software Telecommunication and Computer Networks (SoftCOM’10), IEEE Computer Society

36. 36.

    Juels A, Weis SA (2007) “Defining strong privacy for RFID”. In: Proceedings of Fifth Ann IEEE Int’l Conf. Pervasive Computing and Comm. (PerCom ’07), pp 342–347. http://eprint.iacr.org/2006/137

37. 37.

    Phan R (2008) Cryptanalysis of a new ultralightweight RFID authentication protocol—SASI. IEEE Trans Dependable Secur Comput 6(4):316–320

38. 38.

    Ouafi K, Phan RC-W (2008) “Traceable privacy of recent provably-secure RFID protocols”. Proceedings of Sixth Int’l Conf. Applied Cryptography and Network Security (ACNS ’08), pp 479–489

39. 39.

    Ouafi K, Phan R.C.-W (2008) “Privacy of recent RFID authentication protocols”. In: Proceedings of Fourth Information Security Practice and Experience Conference (ISPEC ’08), pp 263–277,

40. 40.

    Hernandez-Castro JC, Tapiador JME, Peris-Lopez P, Quisquater J-J (2008) Cryptanalysis of the sasi ultralightweight rfid authentication protocol with modular rotations. Technical Report arXiv:0811.4257

41. 41.

    Tian Y, Chen G, Li J (2012) A new ultralightweight RFID authentication protocol with permutation. IEEE Commun Lett 16(5):702–705