On the Security of Tan et al. Serverless RFID Authentication and Search Protocols

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7739)


In this paper, we analyze the security of the mutual authentication and search protocols recently proposed by Tan et al. [20]. Our security analysis clearly highlights important security pitfalls in these. More precisely, privacy location of the tags’ holder is compromised by the authentication protocol. Moreover, the static identifier which represents the most valuable information that a tag supposedly transmits in a secure way, can be exposed by an adversary when the authentication protocol is used in combination with one of the search protocols. Finally, we point out how the improved search protocols are vulnerable to traceability attacks, and show the way an attacker can impersonate a legitimate tag.


RFID Mutual Authentication Search Protocol Cryptanalysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Needham, R.M.: Prudent Engineering Practice for Cryptographic Protocols. IEEE Trans. Software Eng. 22(1), 6–15 (1996)CrossRefGoogle Scholar
  2. 2.
    Black, J., Rogaway, P., Shrimpton, T.: Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–335. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Phan, R.C.-W.: Cryptanalysis of a New Ultralightweight RFID Authentication Protocol –SASI. IEEE Transactions on Dependable and Secure Computing 6, 316–320 (2009)CrossRefGoogle Scholar
  4. 4.
    Damgård, I.B.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  5. 5.
    Davies, D.W., Price, W.L.: The Application of Digital Signatures Based on Public-Key Cryptosystems. In: Proc. Fifth Intl. Computer Communications Conference, pp. 525–530 (October 1980)Google Scholar
  6. 6.
    Dean, R.D.: Formal Aspects of Mobile Code Security. PhD thesis, Princeton University (1999)Google Scholar
  7. 7.
    Feldhofer, M., Rechberger, C.: A Case Against Currently Used Hash Functions in RFID Protocols. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM Workshops 2006. LNCS, vol. 4277, pp. 372–381. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    FIPS. Secure Hash Standard. National Institute for Standards and Technology, pub-NIST:adr (August 2002)Google Scholar
  9. 9.
    Gauravaram, P., Knudsen, L.R.: On Randomizing Hash Functions to Strengthen the Security of Digital Signatures. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 88–105. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Halevi, S., Krawczyk, H.: Strengthening Digital Signatures Via Randomized Hashing. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 41–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Juels, A.: Strengthening EPC Tags Against Cloning. In: Proc. of WiSe 2005, pp. 67–76. ACM Press (2005)Google Scholar
  12. 12.
    Juels, A., Weis, S.: Defining Strong Privacy for RFID. In: Proc. of PerCom 2007, pp. 342–347. IEEE Computer Society Press (2007)Google Scholar
  13. 13.
    Kelsey, J., Schneier, B.: Second Preimages on n-Bit Hash Functions for Much Less than 2n Work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Lai, X., Massey, J.L.: Hash Functions Based on Block Ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  15. 15.
    Merkle, R.C.: One Way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)Google Scholar
  16. 16.
    National Institute of Standards and Technology. Secure hash standard (SHS). FIPS Publication 180 (May 1993)Google Scholar
  17. 17.
    Preneel, B.: Analysis and Design of Cryptographic Hash Functions. Thesis (Ph.D.), Katholieke Universiteit Leuven, Leuven, Belgium (January 1993)Google Scholar
  18. 18.
    Preneel, B., Govaerts, R., Vandewalle, J.: Hash Functions Based on Block Ciphers: A Synthetic Approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  19. 19.
    Rivest, R.L.: RFC 1321: The MD5 Message-Digest Algorithm. Internet Activities Board (April 1992)Google Scholar
  20. 20.
    Tan, C.C., Sheng, B., Li, Q.: Secure and Serverless RFID Authentication and Search Protocols. IEEE Transactions on Wireless Communications 7(4), 1400–1407 (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.Department of Electrical EngineeringIran University of Science and Technology (IUST)TehranIran
  2. 2.Computer Security Lab (COSEC)Carlos III University of MadridSpain
  3. 3.Department of Electrical EngineeringShahid Rajaee Teachers Training UniversityTehranIran
  4. 4.School of ComputingUniversity of PortsmouthUK

Personalised recommendations