Cryptanalysis of the David-Prasad RFID Ultralightweight Authentication Protocol

  • Julio Cesar Hernandez-Castro
  • Pedro Peris-Lopez
  • Raphael C. -W. Phan
  • Juan M. E. Tapiador
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6370)


In September 2009, David and Prasad proposed at MobiSec’09 an interesting new ultralightweight mutual authentication protocol for low-cost RFID tags. In this paper, we present a quite powerful cryptanalytic attack against their proposal: we start with a traceability attack, then describe how it can be extended to leak long-term stored secrets, and finally present a full disclosure attack (named Tango attack) where all the secrets that the protocol is designed to conceal are shown to be retrievable, even by a passive attacker after eavesdropping only a small number of authentication sessions. These results imply that very realistic attack scenarios are completely possible. The Tango attack constitutes a new, simple, yet powerful technique of cryptanalysis which is based on the computation and full exploitation of multiple approximations to the secret values, using Hamming distances and the representation of variables in an n-dimensional space.


Authentication Protocol Passive Adversary Traceability Attack Authentication Session Mutual Authentication Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chien, H.-Y.: SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity. IEEE Trans. Dependable Secur. Comput. 4(4), 337–340 (2007)CrossRefGoogle Scholar
  2. 2.
    David, M., Prasad, N.R.: Providing Strong Security and High Privacy in Low-Cost RFID Networks. In: Proc. of Security and Privacy in Mobile Information and Communication Systems, MobiSec 2009, pp. 172–179. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    EPCglobal: Class-1 Generation 2 UHF Air Interface Protocol Standard Version 1.2.0: Gen 2. (2008),
  4. 4.
    Juels, A., Weis, S.: Defining strong privacy for RFID. In: Proc. of PerCom 2007, pp. 342–347. IEEE Computer Society Press, Los Alamitos (2007)Google Scholar
  5. 5.
    Klimov, A., Shamir, A.: New Applications of T-Functions in Block Ciphers and Hash Functions. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 18–31. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 56–68. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J., Ribagorda, A.: LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags. In: Hand. of RFIDSec (2006)Google Scholar
  8. 8.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J., Ribagorda, A.: M2AP: A Minimalist Mutual-Authentication Protocol for Low-cost RFID Tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 912–923. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: An efficient mutual-authentication protocol for low-cost RFID tags. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 352–361. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Phan, R.: Cryptanalysis of a new ultralightweight RFID authentication protocol - SASI. IEEE Transactions on Dependable and Secure Computing (2008), doi: 10.1109/TDSC.2008.33Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Julio Cesar Hernandez-Castro
    • 1
  • Pedro Peris-Lopez
    • 2
  • Raphael C. -W. Phan
    • 3
  • Juan M. E. Tapiador
    • 4
  1. 1.School of ComputingUniversity of Portsmouth 
  2. 2.Security Lab, Faculty of EEMCSDelft University of Technology 
  3. 3.Department of Electronic and Electrical EngineeringLoughborough University 
  4. 4.Department of Computer ScienceUniversity of York 

Personalised recommendations