Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags


Internet of Things (IoT) is an evolving architecture which connects multiple devices to Internet for communication or receiving updates from a cloud or a server. In future, the number of these connected devices will increase immensely making them an indistinguishable part of our daily lives. Although these devices make our lives more comfortable, they also put our personal information at risk. Therefore, security of these devices is also a major concern today. In this paper, we propose an ultra-lightweight mutual authentication protocol which uses only bitwise operation and thus is very efficient in terms of storage and communication cost. In addition, the computation overhead is very low. We have also compared our proposed work with the existing ones which verifies the strength of our protocol, as obtained results are promising. A brief cryptanalysis of our protocol that ensures untraceability is also presented.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5


  1. 1.

    Ashton K (2009) That “Internet of Things” thing. RFiD J. Last accessed August 2016

  2. 2.

    Stergiou C, Psannis KE (2016) Recent advances delivered by mobile cloud computing and internet of things for big data applications: a survey. Int J Netw Manag. doi:10.1002/nem.1930

  3. 3.

    Shengdong X, Yuxiang W (2014) Construction of tree network with limited delivery latency in homogeneous wireless sensor networks. Wirel Pers Commun 78(1):231–246

    Article  Google Scholar 

  4. 4.

    Guo P, Wang J, Li B, Lee S (2014) A variable threshold-value authentication architecture for wireless mesh networks. J Internet Technol 15(6):929–936

    Google Scholar 

  5. 5.

    Psannis KE (2016) HEVC in wireless environments. J Real-Time Image Process 12(2):509–516

  6. 6.

    Psannis K (2009) Efficient redundant frames encoding algorithm for streaming video over error prone wireless channels. IEICE ELEX J 6(21):1497–1502

    Article  Google Scholar 

  7. 7.

    Buckley J (ed) (2006) The internet of things: from RFID to the next-generation pervasive networked systems. Auerbach Publications, New York

    Google Scholar 

  8. 8.

    Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54:2787–2805

    Article  MATH  Google Scholar 

  9. 9.

    Cisco (2016) “IoT Threat Environment”. Available at: Last accessed July

  10. 10.

    Zorzi M, Gluhak A, Lange S, Bassi A (2010) From today’s intranet of things to a future internet of things: a wireless- and mobility-related view. IEEE Wirel Commun 17:43–51

    Article  Google Scholar 

  11. 11.

    Ning HS, Wang ZO (2011) Future internet of things architecture: like mankind neural system or social organization framework? IEEE Commun Lett 15:461–463

    Article  Google Scholar 

  12. 12.

    Psannis KE, Xinogalos S, Sifaleras A (2014) Convergence of internet of things and mobile cloud computing. Syst Sci Control Eng Open Access J 2(1):476–483

  13. 13.

    Near Field Comminications History (2016) “Timeline of RFID technology”. Available at:, Last accessed July

  14. 14.

    Postscapes (2016) “History of internet of things”. Available at: Last accessed July

  15. 15.

    Roman R, Najera P, Lopez J (2011) Securing the internet of things. Computer 44(9):51–58

    Article  Google Scholar 

  16. 16.

    Gubbi J, Buyya R, Marusic S, Palaniswami M (2013) Internet of things (IoT): a vision, architectural elements, and future directions. Futur Gener Comput Syst 29(7):1645–1660

    Article  Google Scholar 

  17. 17.

    Welbourne E, Battle L, Cole G et al (2009) Building the Internet of things Using RFID: The RFID ecosytem experience. IEEE Computing Society. Available at: Last accessed July 2016

  18. 18.

    Khoo B (2011) “RFID as an enabler of the internet of things: issues of security and privacy”. In: Internet of Things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing, pp. 709–712

  19. 19.

    Chris Edwards, (2016) “ RFID tags along with the Internet of Things”, Engineering and Technology magazine vol 9, Issue 8. Available at:, Last accessed July

  20. 20.

    Thrasher J (2016) “A primer on the internet of things and RFID”. Available at: Last accessed July

  21. 21.

    Bolic M, Simplot-Ryl D, Stojmenovic I (2010) RFID systems: research trends and challenges. Wiley, New York

    Google Scholar 

  22. 22.

    Chien H-Y (2007) SASI: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans Dependable Secur Comput 4(4):337–340

    Article  Google Scholar 

  23. 23.

    Henrici A, Muller P (2004) “Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers”. In: International Workshop on Pervasive Computing and Communication Security PerSec, Orlando, Florida, USA, pp 149–153 (ISBN: 0-7695-2106-1)

  24. 24.

    Molnar D, Wagner D (2004) “Privacy and security in library RFID: Issues, practices, and architectures”. In: Conference on Computer and Communications Security—ACM CCS, Washington, DC, USA, pp 210–219 (ISBN:1-58113-961-6)

  25. 25.

    Weis SA, Sarma SE, Rivest RL, Engels DW (2004) Security and privacy aspects of low-cost radio frequency identification systems. Secur Pervasive Comput LNCS 2802:201–212

    Article  Google Scholar 

  26. 26.

    Rhee K, Kwak J, Kim S, Won D (2005) Challenge-response based RFID authentication protocol for distributed database environment. Int Conf Secur Pervasive Comput SPC 2005:70–84

    Article  Google Scholar 

  27. 27.

    Jules A (2006) RFID security and privacy: a research survey. IEEE J Sel Areas Commun 24(2):381–394

    Article  Google Scholar 

  28. 28.

    Juels A, Weis S (2005) Authenticating pervasive devices with human protocols. CRYPTO’05., vol 3126 of LNCS, IACR. Springer, Heidelberg, pp 293–308

  29. 29.

    Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador J, Ribagorda A (2006) “LMAP: a real lightweight mutual authentication protocol for low-cost RFID tags”. Printed handout of Workshop on RFID Security -RFIDSec 06 July

  30. 30.

    Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador J, Ribagorda A (2006) ”M2AP: a minimalist mutual-authentication protocol for low-cost RFID tags”. Lecture Notes in Computer Science, pp 912–923. Springer, Berlin

  31. 31.

    Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador JM, Ribagorda A (2006) “EMAP: an efficient mutual authentication protocol for low-cost RFID Tags”. OTM Federated Conferences and Workshop: IS Workshop, IS’06, 4277 Lecture Notes in Computer Science, pp 352–361. Springer, Berlin

  32. 32.

    Peris-Lopez P, Hernandez-Castro JC, Tapiador JME, Ribagorda A (2008) “Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol,”. In: Proceedings of International Workshop on Information Security Applications, pp 56–68

  33. 33.

    Kelsey J, Schneier B, Wagner D, Hall C (1998) Cryptanalytic attacks on pseudorandom number generators, Fast Software Encryption, LNCS, vol 1372, Springer, Berlin. pp 168–188 (ISBN: 978-3-540-69710-71998)

  34. 34.

    Erguler I, Unsal C, Anarim E, Saldamli G (2012) Security analysis of an ultra-lightweight RFID authentication protocol-SLMAP*. Secur Comm Netw 5:287–291

    Article  Google Scholar 

  35. 35.

    Tagra D, Rahman M, Sampalli S (2010) “Technique for preventing DoS attacks on RFID systems”. In: Proceedings of 18th International Conference on Software Telecommunication and Computer Networks (SoftCOM’10), IEEE Computer Society

  36. 36.

    Juels A, Weis SA (2007) “Defining strong privacy for RFID”. In: Proceedings of Fifth Ann IEEE Int’l Conf. Pervasive Computing and Comm. (PerCom ’07), pp 342–347.

  37. 37.

    Phan R (2008) Cryptanalysis of a new ultralightweight RFID authentication protocol—SASI. IEEE Trans Dependable Secur Comput 6(4):316–320

  38. 38.

    Ouafi K, Phan RC-W (2008) “Traceable privacy of recent provably-secure RFID protocols”. Proceedings of Sixth Int’l Conf. Applied Cryptography and Network Security (ACNS ’08), pp 479–489

  39. 39.

    Ouafi K, Phan R.C.-W (2008) “Privacy of recent RFID authentication protocols”. In: Proceedings of Fourth Information Security Practice and Experience Conference (ISPEC ’08), pp 263–277,

  40. 40.

    Hernandez-Castro JC, Tapiador JME, Peris-Lopez P, Quisquater J-J (2008) Cryptanalysis of the sasi ultralightweight rfid authentication protocol with modular rotations. Technical Report arXiv:0811.4257

  41. 41.

    Tian Y, Chen G, Li J (2012) A new ultralightweight RFID authentication protocol with permutation. IEEE Commun Lett 16(5):702–705

    Article  Google Scholar 

Download references


This research work is being funded by Department of Electronic and Information technology (DeitY), Ministry of Communications and IT, Government of India.

Author information



Corresponding author

Correspondence to B. B. Gupta.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Tewari, A., Gupta, B.B. Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. J Supercomput 73, 1085–1102 (2017).

Download citation


  • Internet of Things
  • Authentication
  • Confidentiality
  • RFID tags
  • Anonymity