Security Analysis of Niu et al. Authentication and Ownership Management Protocol

  • Masoumeh Safkhani
  • Hoda Jannati
  • Nasour Bagheri
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10155)


Over the past decade, besides authentication, ownership management protocols have been suggested to transfer or delegate the ownership of RFID tagged items. Recently, Niu et al. have proposed an authentication and ownership management protocol based on 16-bit pseudo random number generators and exclusive-or operations which both can be easily implemented on low-cost RFID passive tags in EPC global Class-1 Generation-2 standard. They claim that their protocol offers location and data privacy and also resists against desynchronization attack. In this paper, we analyze the security of their proposed authentication and ownership management protocol and show that the protocol is vulnerable to secret disclosure and desynchronization attacks. The complexity of most of the attacks is only two runs of the protocol and the success probability of the attacks is almost 1. We also proposed an improved version of the protocol which is secure against the attacks presented in this paper.


RFID Ownership transfer Secret disclosure attack Desynchronization attack 


  1. 1.
    Ahmadian, Z., Salmasizadeh, M., Aref, M.R.: Desynchronization attack on RAPP ultralightweight authentication protocol. Inf. Process. Lett. 113(7), 205–209 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Ahmadian, Z., Salmasizadeh, M., Aref, M.R.: Recursive linear and differential cryptanalysis of ultralightweight authentication protocols. IEEE Transactions on Information Forensics and Security 8(7), 1140–1151 (2013)CrossRefGoogle Scholar
  3. 3.
    Avoine, G., Carpent, X.: Yet another ultralightweight authentication protocol that is broken. In: Hoepman, J.-H., Verbauwhede, I. (eds.) RFIDSec 2012. LNCS, vol. 7739, pp. 20–30. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36140-1_2 CrossRefGoogle Scholar
  4. 4.
    Avoine, G., Carpent, X., Martin, B.: Privacy-friendly synchronized ultralightweight authentication protocols in the storm. J. Netw. Comput. Appl. 35(2), 826–843 (2012)CrossRefGoogle Scholar
  5. 5.
    Bagheri, N., Safkhani, M., Peris-Lopez, P., Tapiador, J.E.: Weaknesses in a new ultralightweight RFID authentication protocol with permutation - RAPP. Secur. Commun. Netw. 7(6), 945–949 (2014)CrossRefGoogle Scholar
  6. 6.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK lightweight block ciphers. In Proceedings of the 52nd Annual Design Automation Conference, San Francisco, CA, USA, June 7–11, 2015, p. 175. ACM (2015)Google Scholar
  7. 7.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74735-2_31 CrossRefGoogle Scholar
  8. 8.
    Class-1 generation 2 UHF air interface protocol standard version 1.2.0, Gen 2 (2008).
  9. 9.
    D’Arco, P., Santis, A.: Weaknesses in a recent ultra-lightweight RFID authentication protocol. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 27–39. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-68164-9_3 CrossRefGoogle Scholar
  10. 10.
    D’Arco, P., Santis, A.D.: On ultralightweight RFID authentication protocols. IEEE Trans. Dependable Sec. Comput. 8(4), 548–563 (2011)CrossRefGoogle Scholar
  11. 11.
    Doss, R., Zhou, W., Yu, S.: Secure RFID tag ownership transfer based on quadratic residues. IEEE Trans. Inf. Foren. Secur. 8(2), 390–401 (2013)CrossRefGoogle Scholar
  12. 12.
    Falahati, A., Jannati, H.: All-or-nothing approach to protect a distance bounding protocol against terrorist fraud attack for low-cost devices. Electron. Commer. Res. 15(1), 75–95 (2015)CrossRefGoogle Scholar
  13. 13.
    Jannati, H., Falahati, A.: Cryptanalysis and enhancement of a secure group ownership transfer protocol for RFID tags. In: Georgiadis, C.K., Jahankhani, H., Pimenidis, E., Bashroush, R., Al-Nemrat, A. (eds.) ICGS3/e-Democracy 2011. LNICST, vol. 99, pp. 186–193. Springer, Berlin, Heidelberg (2011). doi: 10.1007/978-3-642-33448-1_26 Google Scholar
  14. 14.
    Miles, S.B., Sarma, S.E., Williams, J.R.: RFID Technology and Applications. Cambridge University Press, New York (2011)Google Scholar
  15. 15.
    Niu, B., Zhu, X., Chi, H., Li, H.: Privacy and authentication protocol for mobile RFID systems. Wirel. Pers. Commun. 77(3), 1713–1731 (2014)CrossRefGoogle Scholar
  16. 16.
    Niu, H., Taqieddin, E., Jagannathan, S.: EPC gen2v2 RFID standard authentication and ownership management protocol. IEEE Trans. Mob. Comput. 15(1), 137–149 (2016)CrossRefGoogle Scholar
  17. 17.
    Peris-Lopez, P., Orfila, A., Mitrokotsa, A., van der Lubbe, J.C.A.: A comprehensive RFID solution to enhance inpatient medication safety. I. J. Med. Inf. 80(1), 13–24 (2011)CrossRefGoogle Scholar
  18. 18.
    Phan, R.C.-W.: Cryptanalysis of a new ultralightweight RFID authentication protocol - SASI. IEEE Trans. Dependable Secure Comput. 6(4), 316–320 (2009)CrossRefGoogle Scholar
  19. 19.
    Safkhani, M., Bagheri, N., Naderi, M.: A note on the security of IS-RFID, an inpatient medication safety. I. J. Med. Inf. 83(1), 82–85 (2014)CrossRefGoogle Scholar
  20. 20.
    Sundaresan, S., Doss, R., Piramuthu, S., Zhou, W.: Secure tag search in RFID systems using mobile readers. IEEE Trans. Dependable Sec. Comput. 12(2), 230–242 (2015)CrossRefGoogle Scholar
  21. 21.
    Yang, G., Zhu, B., Suder, V., Aagaard, M.D., Gong, G.: The Simeck family of lightweight block ciphers. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 307–329. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48324-4_16 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Masoumeh Safkhani
    • 1
  • Hoda Jannati
    • 2
  • Nasour Bagheri
    • 2
    • 3
  1. 1.Computer Engineering DepartmentShahid Rajaee Teacher Training UniversityTehranIran
  2. 2.School of Computer ScienceInstitute for Research in Fundamental Sciences (IPM)TehranIran
  3. 3.Electrical Engineering DepartmentShahid Rajaee Teacher Training UniversityTehranIran

Personalised recommendations