Desynchronization and Traceability Attacks on RIPTA-DA Protocol
09 Jul 2013-pp 57-68
TL;DR: Wang et al. as discussed by the authors presented an efficient secret disclosure attack against the protocol, which can be used to mount both de-synchronization and traceability attacks against RIPTA-DA.
Abstract: Recently Gao et al. proposed a lightweight RFID mutual authentication protocol [3] to resist against intermittent position trace attacks and desynchronization attacks and called it RIPTA-DA. They also verified their protocol’s security by data reduction method with the learning parity with noise (LPN) and also formally verified the functionality of the proposed scheme by Colored Petri Nets. In this paper, we investigate RIPTA-DA’s security. We present an efficient secret disclosure attack against the protocol which can be used to mount both de-synchronization and traceability attacks against the protocol. Thus our attacks show that RIPTA-DA protocol is not a RIPTA-DA.
Citations
More filters
03 Jun 2014
TL;DR: In this paper, the authors present the problem of secure outsourcing of cryptographic computations with RFID technology as the use case together with their ideas, where applicable, that can provide a direction towards solving the problems.
Abstract: For the past few years, research works on the topic of secure outsourcing of cryptographic computations has drawn significant attention from academics in security and cryptology disciplines as well as information security practitioners. One main reason for this interest is their application for resource constrained devices such as RFID tags. While there has been significant progress in this domain since Hohenberger and Lysyanskaya have provided formal security notions for secure computation delegation, there are some interesting challenges that need to be solved that can be useful towards a wider deployment of cryptographic protocols that enable secure outsourcing of cryptographic computations. This position paper brings out these challenging problems with RFID technology as the use case together with our ideas, where applicable, that can provide a direction towards solving the problems.
4 citations
20 Nov 2014
TL;DR: This work introduces a software and hardware combined functionality verification for a privacy-preserving RFID design that is the digital part of a passive UHF RFID tag with hash-based mutual authentication protocol and privacy-mode switch.
Abstract: RFID system is one of the most important components for the construction of the Internet of Things. The wireless communication between the tag reader and the RFID tag is based on electromagnetic radiation, which is fully accessible by adversaries and brings the security and privacy problems. The RFID-based applications that are related to personal information urgently require the practical solution to the privacy protection. This work introduces a software and hardware combined functionality verification for a privacy-preserving RFID design. The target RFID design is the digital part of a passive UHF RFID tag with hash-based mutual authentication protocol and privacy-mode switch. We introduce the setup, the procedures and the results of the performed simulation-based and FPGA-based functionality verification. Finally, we explain the benefits and limitations of the performed experiments.
3 citations
Journal Article•
TL;DR: This position paper brings out these challenging problems with RFID technology as the use case together with ideas, where applicable, that can provide a direction towards solving the problems.
Abstract: For the past few years, research works on the topic of secure outsourcing of cryptographic computations has drawn significant attention from academics in security and cryptology disciplines as well as information security practitioners. One main reason for this interest is their application for resource constrained devices such as RFID tags. While there has been significant progress in this domain since Hohenberger and Lysyanskaya have provided formal security notions for secure computation delegation, there are some interesting challenges that need to be solved that can be useful towards a wider deployment of cryptographic protocols that enable secure outsourcing of cryptographic computations. This position paper brings out these challenging problems with RFID technology as the use case together with our ideas, where applicable, that can provide a direction towards solving the problems.
References
More filters
10 Sep 2007
TL;DR: An ultra-lightweight block cipher, present, which is competitive with today's leading compact stream ciphers and suitable for extremely constrained environments such as RFID tags and sensor networks.
Abstract: With the establishment of the AES the need for new block ciphers has been greatly diminished; for almost all block cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight block cipher, present . Both security and hardware efficiency have been equally important during the design of the cipher and at 1570 GE, the hardware requirements for present are competitive with today's leading compact stream ciphers.
2,202 citations
TL;DR: A new ultralightweight RFID authentication protocol is proposed that provides strong authentication and strong integrity protection of its transmission and of updated data and can resist all the possible attacks.
Abstract: As low-cost RFIDs become more and more popular, it is imperative to design ultralightweight RFID authentication protocols to resist all possible attacks and threats. However, all of the previous ultralightweight authentication schemes are vulnerable to various attacks. In this paper, we propose a new ultralightweight RFID authentication protocol that provides strong authentication and strong integrity protection of its transmission and of updated data. The protocol requires only simple bit-wise operations on the tag and can resist all the possible attacks. These features make it very attractive to low-cost RFIDs and very low-cost RFIDs.
505 citations
29 Oct 2006
TL;DR: This work proposes an extremely efficient lightweight mutual-authentication protocol that offers an adequate security level for certain applications and can be implemented even in the most limited low-cost RFID tags, as it only needs around 150 gates.
Abstract: RFID tags are devices of very limited computational capabilities, which only have 250-3K logic gates that can be devoted to security-related tasks Many proposals have recently appeared, but all of them are based on RFID tags using classical cryptographic primitives such as PRNGs, hash functions, block ciphers, etc We believe this assumption to be fairly unrealistic, as classical cryptographic constructions lie well beyond the computational reach of very low-cost RFID tags A new approach is necessary to tackle this problem, so we propose an extremely efficient lightweight mutual-authentication protocol that offers an adequate security level for certain applications and can be implemented even in the most limited low-cost RFID tags, as it only needs around 150 gates.
307 citations
18 Feb 2009
TL;DR: Gossamer is presented, a new protocol inspired by the recently published SASI scheme that is designed to avoid the problems of the past and is examined in some deep its security and performance.
Abstract: The design of ultralightweight authentication protocols that conform to low-cost tag requirements is imperative. This paper analyses the most important proposals (except for those based in hard problems such as the HB [1-3] family) in the area [4-6] and identifies the common weaknesses that have left all of them open to various attacks [7-11]. Finally, we present Gossamer, a new protocol inspired by the recently published SASI scheme [13], that was lately also the subject of a disclosure attack by Hernandez-Castro et al.[14]. Specifically, this new protocol is designed to avoid the problems of the past, and we examine in some deep its security and performance.
209 citations
TL;DR: A more flexible authentication protocol that provides comparable protection without the need for a central database is proposed and a protocol for secure search for RFID tags is suggested.
Abstract: With the increased popularity of RFID applications, different authentication schemes have been proposed to provide security and privacy protection for users. Most recent RFID protocols use a central database to store the RFID tag data. The RFID reader first queries the RFID tag and returns the reply to the database. After authentication, the database returns the tag data to the reader. In this paper, we propose a more flexible authentication protocol that provides comparable protection without the need for a central database. We also suggest a protocol for secure search for RFID tags. We believe that as RFID applications become widespread, the ability to securely search for RFID tags will be increasingly useful.
189 citations