Skip to main content
SpringerLink
Log in

Security Flaws in Two RFID Lightweight Authentication Protocols

  • Conference paper
Communication Systems and Information Technology

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 100))

  • 1867 Accesses

Abstract

The design of lightweight authentication protocols that conform to low-cost devices is imperative. This paper analyses two recently proposed authentication protocols[11,18]. We show the protocol in [11], which is the modification version of HB +  protocol, still can not resist Man-in-the-Middle attack, and the protocol in [18] can not resist passive attack, and after eavesdropping about 20 consecutive authentications, the adversary can deduce all the secrets stored in the tag.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 329.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. J. ACM 50(4), 506–519 (2003)

    Article  MathSciNet  Google Scholar 

  2. Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)

    Google Scholar 

  4. Gilbert, H., Robshaw, M.J.B., Sibert, H.: An Active Attack Against HB+: A Provably Secure Lightweight Authentication Protocol. IEE Electronics Letters 41(21), 1169–1170 (2005)

    Article  Google Scholar 

  5. Bringer, J., Chabanne, H., Dottax, E.: HB++: a lightweight authentication protocol secure against some attacks. In: IEEE International Conference on Pervasive Services, Workshop on Security, Privacy and Trust in pervasive and Ubiquitous Computing - SecPerU (2006)

    Google Scholar 

  6. Munilla, J., Peinado, A.: HB-MP: A further step in the HB-family of lightweight authentication protocols. Computer Networks 51, 2262–2267 (2007)

    Article  MATH  Google Scholar 

  7. Gilbert, H., Robshaw, M.J.B., Seurin, Y.: HB#: Increasing the security and efficiency of HB+. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 361–378. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  8. Bringer, J., Chabanne, H.: Trusted-HB: A low-cost version of HB + secure against man-inthe-middle attacks. IEEE Transactions on Information Theory 54(9), 4339–4342 (2008)

    Article  MathSciNet  Google Scholar 

  9. Gilbert, H., Robshaw, M.J.B., Seurin, Y.: Good variants of HB+ are hard to find. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 156–170. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  10. Frumkin, D., Shamir, A.: Untrusted-HB: Security vulnerabilities of Trusted-HB. Cryptology ePrint Archive, Report 2009/044 (2009), http://eprint.iacr.org

  11. Piramuthu: Lightweight cryptographic authentication in passive RFID-tagged systems. IEEE Transactions on systems, man and cybernetics – part C: Applications and Reviews 38(3), 360–376 (2008)

    Article  Google Scholar 

  12. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 912–923. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  13. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: An efficient mutual-authentication protocol for low-cost RFID tags. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 352–361. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  14. Peris-Lopez, P., Castro, J.C.H., Estevez-Tapiador, J.M., Ribagorda, A.: LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In: Proceedings of the 2nd Workshop on RFID Security (2006), http://events.iaik.tugraz.at/RFIDSec06/Program/papers/013-LightweightMutualAuthentication.pdf

  15. Li, T., Wang, G.: Security analysis of two ultra-lightweight RFID authentication protocols. In: IFIP SEC 2007, Sandton, Gauteng, South Africa, pp. 14–16 (May 2007)

    Google Scholar 

  16. Li, T., Deng, R.: Vulnerability analysis of EMAP – an efficient RFID mutual authentication protocol. ares. In: The Second International Conference on Availability, Reliability and Security (ARES 2007), pp. 238–245 (2007)

    Google Scholar 

  17. Barasz, M., Boros, B., Ligeti, P., et al.: Passive attack against the M2AP mutual authentication protocol for RFID tags. In: Proc. of First International EURASIP Workshop on FID Technology, pp. 76–83 (2007)

    Google Scholar 

  18. David, M., Prasad, N.R.: Providing strong security and high privacy in low-cost RFID networks. In: Schmidt, A.U., Lian, S. (eds.) MobiSec 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 17, pp. 172–179. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computer, Nanjing University of Post and Telecommunication, Nanjing, 210046, China

    Wang Shaohui

Authors
  1. Wang Shaohui
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. NUS ACM Chapter, 81 Victoria Street, 188065, Singapore, Singapore

    Ming Ma

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shaohui, W. (2011). Security Flaws in Two RFID Lightweight Authentication Protocols. In: Ma, M. (eds) Communication Systems and Information Technology. Lecture Notes in Electrical Engineering, vol 100. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21762-3_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21762-3_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21761-6

  • Online ISBN: 978-3-642-21762-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation