Security Analysis of Niu et al. Authentication and Ownership Management Protocol
Over the past decade, besides authentication, ownership management protocols have been suggested to transfer or delegate the ownership of RFID tagged items. Recently, Niu et al. have proposed an authentication and ownership management protocol based on 16-bit pseudo random number generators and exclusive-or operations which both can be easily implemented on low-cost RFID passive tags in EPC global Class-1 Generation-2 standard. They claim that their protocol offers location and data privacy and also resists against desynchronization attack. In this paper, we analyze the security of their proposed authentication and ownership management protocol and show that the protocol is vulnerable to secret disclosure and desynchronization attacks. The complexity of most of the attacks is only two runs of the protocol and the success probability of the attacks is almost 1. We also proposed an improved version of the protocol which is secure against the attacks presented in this paper.
KeywordsRFID Ownership transfer Secret disclosure attack Desynchronization attack
- 6.Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK lightweight block ciphers. In Proceedings of the 52nd Annual Design Automation Conference, San Francisco, CA, USA, June 7–11, 2015, p. 175. ACM (2015)Google Scholar
- 7.Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74735-2_31 CrossRefGoogle Scholar
- 8.Class-1 generation 2 UHF air interface protocol standard version 1.2.0, Gen 2 (2008). http://www.epcglobalinc.org/standards/
- 13.Jannati, H., Falahati, A.: Cryptanalysis and enhancement of a secure group ownership transfer protocol for RFID tags. In: Georgiadis, C.K., Jahankhani, H., Pimenidis, E., Bashroush, R., Al-Nemrat, A. (eds.) ICGS3/e-Democracy 2011. LNICST, vol. 99, pp. 186–193. Springer, Berlin, Heidelberg (2011). doi: 10.1007/978-3-642-33448-1_26 Google Scholar
- 14.Miles, S.B., Sarma, S.E., Williams, J.R.: RFID Technology and Applications. Cambridge University Press, New York (2011)Google Scholar