Advertisement

Weaknesses in a Recent Ultra-Lightweight RFID Authentication Protocol

  • Paolo D’Arco
  • Alfredo De Santis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5023)

Abstract

In this paper we show weaknesses in SASI, a new Ultra- Lightweight RFID Authentication Protocol, designed for providing Strong Authentication and Strong Integrity. We identify three attacks, namely, a de-synchronisation attack, through which an adversary can break the synchronisation between the RFID Reader and the Tag, an identity disclosure attack, through which an adversary can compute the identity of the Tag, and a full disclosure attack, which enables an adversary to retrieve all secret data stored in the Tag. The attacks are effective and efficient.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Avoine, G.: Bibliography on Security and Privacy in RFID Systems, Massachusetts Institute of Technology, Cambridge, Massachusetts, USA (last update in Jun 2007), Available online at: http://lasecwww.epfl.ch/~gavoine/rfid/
  2. 2.
    Chien, H.: SASI: A new Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity. IEEE Transactions on Dependable and Secure Computing 4(4), 337–340 (2007)CrossRefGoogle Scholar
  3. 3.
    Chien, H., Hwang, C.: Security of ultra-lightweight RFID authentication protocols and its improvements. ACM SIGOPS Operating Systems Review 41(4), 83–86 (2007)CrossRefGoogle Scholar
  4. 4.
    Juels, A.: The Vision of Secure RFID. Proceedings of the IEEE 95(8), 1507–1508 (2007)CrossRefGoogle Scholar
  5. 5.
    Juels, A., Pappu, R., Garfinkel, S.: RFID Privacy: An Overview of Problems and Proposed Solutions. IEEE Security and Privacy 3(3), 34–43 (2005)CrossRefGoogle Scholar
  6. 6.
    Li, T., Deng, R.: Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol. In: Proc. of the The Second International Conference on Availability, Reliability and Security, pp. 238–245 (2007)Google Scholar
  7. 7.
    Li, T., Wang, G.: Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols. In: Proc. of the 22-nd IFIP SEC 2007 (May 2007)Google Scholar
  8. 8.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags. In: Proc. of the Second Workshop RFID Security, July11-14, Graz University of Technology (2006)Google Scholar
  9. 9.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 352–361. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 912–923. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Sun, H., Ting, W., Wang, K.: On the Security of Chien’s Ultralightweight RFID Authentication Protocol, eprint archieve, report 83 (February 25, 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Paolo D’Arco
    • 1
  • Alfredo De Santis
    • 1
  1. 1.Dipartimento di Informatica ed ApplicazioniUniversità degli Studi di SalernoFisciano (SA)Italy

Personalised recommendations