Quasi-Linear Cryptanalysis of a Secure RFID Ultralightweight Authentication Protocol

  • Pedro Peris-Lopez
  • Julio Cesar Hernandez-Castro
  • Raphael C. -W. Phan
  • Juan M. E. Tapiador
  • Tieyan Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6584)


In 2010, Yeh, Lo and Winata [1] proposed a process-oriented ultralightweight RFID authentication protocol. This protocol is claimed to provide strong security and robust privacy protection, while at the same time the usage of resources on tags is optimized. Nevertheless, in this paper we show how the protocol does not achieve any of its intended security objectives; the main result is that the most valuable information stored on the tag, that is, the static identifier ID, is easily recovered even by a completely passive attacker in a number of ways. More precisely, we start by presenting a traceability attack on the protocol that allows tags to be traced. This essentially exploits the fact that the protocol messages leak out at least one bit of the static identifier. We then present a passive attack (named Norwegian attack) that discloses \(\lfloor \log_2 L \rfloor\) bits of the ID, after observing roughly O(L) authentication sessions. Although this attack may seem less feasible in retrieving the full 96-bits of the ID due to the large number of eavesdropped sessions involved, it is already powerful enough to serve as a basis for a very effective traceability attack. Finally, our last attack represents a step forward in the use of a recent cryptanalysis technique (called Tango attack [2]), which allows for an extremely efficient full disclosure attack, capable of revealing the value of the whole ID after eavesdropping only a very small number of sessions.


RFID Cryptanalysis Ultralightweight Authentication 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Yeh, K.-H., Lo, N.W., Winata, E.: An Efficient Ultralightweight Authentication Protocol for RFID Systems. In: Proc. of RFIDSec Asia 2010. Cryptology and Information Security Series, vol. 4, pp. 49–60. IOS Press, Amsterdam (2010)Google Scholar
  2. 2.
    Hernandez-Castro, J.C., Peris-Lopez, P., Phan, R.C.-W., Tapiador, J.M.E.: Cryptanalysis of the David-Prasad RFID Ultralightweight Authentication Protocol. In: Proc. of Workshop on RFID Security 2010 (2010)Google Scholar
  3. 3.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In: Hand. of Workshop on RFID and Lightweight Crypto (2006)Google Scholar
  4. 4.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 912–923. Springer, Heidelberg (2006)Google Scholar
  5. 5.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: An efficient mutual-authentication protocol for low-cost RFID tags. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 352–361. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Hernandez-Castro, J.C., Tapiador, J.E., Peris, P., Li, T., Quisquater, J.-J.: Cryptanalysis of the SASI Ultralightweight RFID Authentication Protocol with Modular Rotations. In: Proc. of WCC 2009, May 10-15 (2009)Google Scholar
  7. 7.
    Li, T., Wang, G.: Security analysis of two ultra-lightweight RFID authentication protocols. In: Proc. of IFIP-SEC 2007 (2007)Google Scholar
  8. 8.
    Chien, H.Y., Huang, C.-W.: Security of ultra-lightweight RFID authentication protocols and its improvements. SIGOPS Oper. Syst. Rev. 41(4), 83–86 (2007)CrossRefGoogle Scholar
  9. 9.
    Bárász, M., Boros, B., Ligeti, P., Lója, K., Nagy, D.: Breaking LMAP. In: Proc. of RFIDSec 2007 (2007)Google Scholar
  10. 10.
    Bárász, M., Boros, B., Ligeti, P., Lója, K., Nagy, D.: Passive attack against the M2AP mutual authentication protocol for RFID tags. In: Proc. of First International EURASIP Workshop on RFID Technology (2007)Google Scholar
  11. 11.
    Chien, H.-Y.: SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing 4(4), 337–340 (2007)CrossRefGoogle Scholar
  12. 12.
    Cao, T., Bertino, E., Lei, H.: Security Analysis of the SASI Protocol. IEEE Transactions on Dependable and Secure Computing 6(1), 73–77 (2009)CrossRefGoogle Scholar
  13. 13.
    D’Arco, P., De Santis, A.: Weaknesses in a Recent Ultra-Lightweight RFID Authentication Protocol. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 27–39. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Phan, R.: Cryptanalysis of a new ultralightweight RFID authentication protocol - SASI. IEEE Transactions on Dependable and Secure Computing 6(4), 316–320 (2009)CrossRefGoogle Scholar
  15. 15.
    Peris-Lopez, P., Hernandez-Castro, J.C., Tapiador, J.M.E., Ribagorda, A.: Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protocol. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 56–68. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Yeh, K.-H., Lo, N.W.: Improvement of Two Lightweight RFID Authentication Protocols. Information Assurance and Security Letters (2010) (in press)Google Scholar
  17. 17.
    GS1 EPCglobal. EPCglobal Tag Data Standards Version 1.4, (ratified on June 2008)

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Pedro Peris-Lopez
    • 1
  • Julio Cesar Hernandez-Castro
    • 2
  • Raphael C. -W. Phan
    • 3
  • Juan M. E. Tapiador
    • 4
  • Tieyan Li
    • 5
  1. 1.Security & Privacy Lab, Faculty of EEMCSDelft University of TechnologyThe Netherlands
  2. 2.School of ComputingUniversity of PortsmouthUK
  3. 3.Department of Electronic and Electrical EngineeringLoughborough UniversityUK
  4. 4.Department of Computer ScienceUniversity of YorkUK
  5. 5.Institute for Infocomm ResearchA*STAR SingaporeSingapore

Personalised recommendations