Security Analysis and Improvement of Reconstruction Based Radio Frequency Identification Authentication Protocol

Eyad Taqieddin; Hiba Al-Dahoud; Khaldoon Mhaidat

doi:10.15866/irecap.v8i3.13398

Security Analysis and Improvement of Reconstruction Based Radio Frequency Identification Authentication Protocol

Eyad Taqieddin^(1*), Hiba Al-Dahoud⁽²⁾, Khaldoon Mhaidat⁽³⁾

^(*) Corresponding author

Authors' affiliations

DOI: https://doi.org/10.15866/irecap.v8i3.13398

Abstract

Several ultra-lightweight mutual authentication protocols were proposed to overcome the security problems present in Radio Frequency Identification systems. However; these protocols were proven to fall short of the claimed security properties. Hence, the proposed ultra-lightweight mutual authentication protocols require further study in order to identify their vulnerabilities and then to be improved with the aim of achieving the desired security levels. In this work, we analyze a recently proposed ultra-lightweight mutual authentication protocol, named Reconstruction Based Radio Frequency Identification Authentication Protocol (R2AP), and expose weaknesses that allow for the de-synchronization attack and the active full-disclosure attack to be launched against it. The proposed de-synchronization attack has a high success probability of 0.81 while the full-disclosure attack exposes all secrets in R2AP after interrogating the tag for about 225 times. Moreover, this paper proposes an improvement for R2AP to resist the proposed full-disclosure attack and to add more complexity to the proposed de-synchronization attack while, at the same time, maintains an approximately similar implementation cost compared to the original protocol.
Copyright © 2018 Praise Worthy Prize - All rights reserved.

Keywords

RFID; Mutual Authentication; De-Synchronization; Full Disclosure

Full Text:

PDF

References

A. Juels, RFID security and privacy: a research survey, IEEE J Select Areas Commun., Volume 24, (Issue 2), 2006, Pages 381–394.
http://dx.doi.org/10.1109/jsac.2005.861395

Chikouche N., Cherif F., Cayrel P., Benmohammed M., RFID Authentication Protocols Based on Error-Correcting Codes: A Survey. Wireless Personal Communications. 2017;96(1):509-527.
http://dx.doi.org/10.1007/s11277-017-4181-8

Eslamnezhad Namin M., Hosseinzadeh M., Bagheri N., Khademzadeh A., A secure search protocol for lightweight and low-cost RFID systems. Telecommunication Systems. April 2018, Volume 67, Issue 4, pp 539–552.
http://dx.doi.org/10.1007/s11235-017-0351-y

Bu K., Weng M., Zheng Y., Xiao B., Liu X., You Can Clone But You Cannot Hide: A Survey of Clone Prevention and Detection for RFID. IEEE Communications Surveys & Tutorials. 2017;19(3):1682-1700.
http://dx.doi.org/10.1109/comst.2017.2688411

Mujahid U., Najam-ul-Islam M., Jafri A., Qurat-ul-Ain, Ali Shami M., A New Ultralightweight RFID Mutual Authentication Protocol: SASI Using Recursive Hash. International Journal of Distributed Sensor Networks. 2016;12(2):9648971.
http://dx.doi.org/10.1155/2016/9648971

Ibrahim A., Dalkılıc G., Review of different classes of RFID authentication protocols. Wireless Networks. 2017.
http://dx.doi.org/10.1007/s11276-017-1638-3

H.-Y. Chien, SASI: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity, IEEE Transactions on Dependable and Secure Computing, Volume 4, (Issue 4) 2007, Pages 337–340.
http://dx.doi.org/10.1109/tdsc.2007.70226

X. Zhuang, Y. Zhu, C. Chang, A new ultralightweight RFID protocol for low-cost tags: R2AP, Wireless Personal Communication,Volume 79, (Issue 3), 2014, Pages 1787–1802
http://dx.doi.org/10.1007/s11277-014-1958-x

P. Peris-Lopez, J. Hernandez-Castro, M. Estevez Tapiador, A. Ribagorda, LMAP: a real lightweight mutual authentication protocol for low-cost RFID tags, Workshop on RFID security, pp. 12–14, 2006.
http://dx.doi.org/10.1007/11915034_59

P. Peris-Lopez, J. Hernandez-Castro, J. Estevez-Tapiador, A. Ribagorda, M2AP: a minimalist mutual-authentication protocol for low-cost RFID tags, Ubiquitous Intelligence and Computing. UIC 2006. Lecture Notes in Computer Science, vol 4159. (Springer-Verlag, 2006, pp. 912–923).
http://dx.doi.org/10.1007/11833529_93

P. Peris-Lopez, J. Hernandez-Castro, J. Estevez-Tapiador, A. Ribagorda, EMAP: an efficient mutual-authentication protocol for low-cost RFID tags, On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. OTM 2006. Lecture Notes in Computer Science, vol 4277 (Springer-Verlag, 2006, pp. 352–361).
http://dx.doi.org/10.1007/11915034_59

B. Alomair, L. Lazos, R. Poovendran Passive attacks on a class of authentication protocols for RFID, Information Security and Cryptology - ICISC 2007. ICISC 2007. Lecture Notes in Computer Science, vol 4817 (Springer-Verlag, 2007, pp. 102–115).
http://dx.doi.org/10.1007/978-3-540-76788-6_9

M. Bárász, B. Boros, P. Ligeti, K. Lója, D. Nagy, Breaking LMAP, RFIDSec; 2007.

T. Li, G. Wang, Security analysis of two ultra-lightweight RFID authentication protocols. IFIP International Federation for Information Processing (Sandton Springer US, 2007, pp. 109–120.
http://dx.doi.org/10.1007/978-0-387-72367-9_10

T. Li, R. Deng, Vulnerability analysis of EMAP-an efficient RFID mutual authentication protocol. The Second International Conference on Availability, Reliability and Security, pp. 10–13, April 2007.
http://dx.doi.org/10.1109/ares.2007.159

Li J., Zhou Z., Wang P., Cryptanalysis of the LMAP protocol: A low-cost RFID authentication protocol. In Control And Decision Conference (CCDC), pp. 7292-7297, May2017.
http://dx.doi.org/10.1109/ccdc.2017.7978502

H. Sun, W. Ting, K. Wang, On the security of Chien'sultralightweight RFID authentication protocol, IEEE Transactions on Dependable and Secure Computing, Volume 8, (Issue 2), 2011, Pages 315–317.
http://dx.doi.org/10.1109/tdsc.2009.26

C. Raphael, Cryptanalysis of a new ultralightweight RFID authentication protocol—SASI, IEEE Transactions on Dependable and Secure Computing, Volume 6, (Issue 4), 2009, Pages 316–320.
http://dx.doi.org/10.1109/tdsc.2008.33

G. Avoine, X. Carpent, B. Martin, Strong authentication and strong integrity (SASI) is not that strong, Radio Frequency Identification: Security and Privacy Issues. RFIDSec 2010 (Springer-Verlag, 2010, pp. 50–64).
http://dx.doi.org/10.1007/978-3-642-16822-2_5

J. Hernandez-Castro, J. Tapiador, P. Peris-Lopez, J. Quisquater, Cryptanalysis of the SASI ultralightweight RFID authentication protocol with modular rotations, arXiv preprint arXiv 2008.
http://dx.doi.org/10.1007/978-3-642-16822-2_3

P. Peris-Lopez, J. Hernandez-Castro, J. Tapiador, A. Ribagorda, Advances in ultralightweight cryptography for low-cost RFID tags: gossamer protocol, Information Security Applications (Springer-Verlag, 2009, pp. 56–68).
http://dx.doi.org/10.1007/978-3-642-00306-6_5

Orinevsky, S. Boyd, G. Stein, Optimization-based tuning of low-bandwidth control in spatially distributed systems, American Control Conference, Vol. 3, pp. 2658–2663, Denver, CO, June 2003.
http://dx.doi.org/10.1109/acc.2003.1243479

Y. Tian, G. Chen, J. Li, A new ultralightweight RFID authentication protocol with permutation, IEEE Communications Letters, Volume 16, (Issue 5), 2012, Pages 702–705.
http://dx.doi.org/10.1109/lcomm.2012.031212.120237

N. Bagheri, M. Safkhani, P. Peris-Lopez, J. Tapiador, Weaknesses in a new ultralightweight RFID authentication protocol with permutation-RAPP, Security and Communication Networks, Volume 7, (Issue 6), 2013, Pages 945–949.
http://dx.doi.org/10.1002/sec.803

W. Shao-hui, H. Zhijie, L. Sujuan, C. Dan-wei, Security analysis of RAPP : an RFID authentication protocol based on permutation. Cryptology ePrint Archive 2012.
http://dx.doi.org/10.1007/s12243-013-0361-z

X. Zhuang, Z. Wang, C. Chang, Y. Zhu, Security analysis of a new ultra-lightweight RFID protocol and its improvement, Journal of Information Hiding and Multimedia Signal Processing, Volume 4, (Issue 3), 2013, Pages 166–177.
http://dx.doi.org/10.1109/iih-msp.2014.164

Z. Ahmadian, M. Salmasizadeh, M. Aref, Desynchronization attack on RAPP ultralightweight authentication protocol, Information Processing Letters, Volume 133, (Issue 7), 2013, Pages 205–209.
http://dx.doi.org/10.1016/j.ipl.2013.01.003

I. Jeon, E. Yoon, New ultra-lightweight RFID authentication protocol using merge and separation operations, International Journal of Mathematical Analysis, Volume 7, (Issue 52), 2013 Pages 2583–2593.
http://dx.doi.org/10.12988/ijma.2013.36146

S. Wang, S. Liu, D. Chen, Security analysis and improvement on two RFID authentication protocols, Wireless Personal Communications, Volume 82, (Issue 1), 2015, Pages 21–33.
http://dx.doi.org/10.1007/s11277-014-2189-x

Mujahid U., Najam-ul-Islam M., Shami M., RCIA: A New Ultralightweight RFID Authentication Protocol Using Recursive Hash. International Journal of Distributed Sensor Networks. 2015; 11(1):642180.
http://dx.doi.org/10.1155/2015/642180

H. Luo, G. Wen, J. Su, Z. Huang, SLAP: succinct and lightweight authentication protocol for low-cost RFID system, Wireless Networks, 2016, Pages 1–10.
http://dx.doi.org/10.1007/s11276-016-1323-y

U. Mujahid, M. Najam-ul-Islam, S. Sarwar, A new ultralightweight RFID authentication protocol for passive low cost tags: KMAP, Wireless Personal Communications, Volume 94, (Issue 3), 2017, Pages 725–744.
http://dx.doi.org/10.1007/s11277-016-3647-4

M. Safkhani, N. Bagheri, Generalized desynchronization attack on UMAP: application to RCIA, KMAP, SLAP and SASI+ protocols. Cryptology ePrint Archive 2016.

Tewari A., Gupta B., Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. The Journal of Supercomputing. 2016;73(3):1085-1102.
http://dx.doi.org/10.1007/s11227-016-1849-x

Safkhani M., Bagheri N., Passive secret disclosure attack on an ultralightweight authentication protocol for Internet of Things. The Journal of Supercomputing. 2017;73(8):3579-3585.
http://dx.doi.org/10.1007/s11227-017-1959-0

G. Avoine, X. Carpent, J. Hernandez-Castro, Pitfalls in ultralightweight authentication protocol designs, IEEE Transactions on Mobile Computing, Volume 15, (Issue 9), 2016, Pages 2317-2332.
http://dx.doi.org/10.1109/tmc.2015.2492553

Byte Generator [Internet]. https://www.random.org/bytes/ [Accessed 12 August 2017].

M. Safkhani, J. P. Peris-Lopez, J. Hernandez-Castro, N. Bagheri, Cryptanalysis of the Cho et al. protocol: A hash-based RFID tag mutual authentication protocol, Journal of Computational and Applied Mathematics, Volume 259, 2014, Pages 571–577.
http://dx.doi.org/10.1016/j.cam.2013.09.073

Ennajih, A., Zbitou, J., Latrach, M., Errkik, A., Tajmouati, A., El Abdellaoui, L., A New Design of UHF RFID Tag Antenna Using Double Negative Metamaterial Based on Fractal SRR, (2017) International Review on Modelling and Simulations (IREMOS), 10 (6), pp. 392-398.
http://dx.doi.org/10.15866/iremos.v10i6.12280

Al Hazza, M., Abu Bakar, A., Adesta, E., Taha, A., Real Time Handling System to Enhance the Productivity Based on the Layout Improvement, (2016) International Review on Modelling and Simulations (IREMOS), 9 (6), pp. 459-463.
http://dx.doi.org/10.15866/iremos.v9i5.9645

Dhaouadi, M., Mabrouk, M., Vuong, T., Ghazel, A., Magnetic Tag Antenna for UHF Near-ﬁeld and Far-Field RFID Applications, (2015) International Journal on Communications Antenna and Propagation (IRECAP), 5 (2), pp. 119-123.
http://dx.doi.org/10.15866/irecap.v5i2.5802

Necibi, O., Guesmi, C., Naoui, S., Gharsallah, A., A Novel Electromagnetic Signature Based on RF Identification of Numbers, (2016) International Journal on Communications Antenna and Propagation (IRECAP), 6 (6), pp. 400-405.
http://dx.doi.org/10.15866/irecap.v6i6.10462

Refbacks

There are currently no refbacks.

Username
Password
Remember me