Cryptography Reference
In-Depth Information
Passive Cryptanalysis of the UnConditionally
Secure Authentication Protocol for RFID
Systems
Mohammad Reza Sohizadeh Abyaneh
Department of Informatics, University of Bergen
{reza.sohizadeh@ii.uib.no}
Abstract. Recently, Alomair et al. proposed the first UnConditionally
Secure
mutual authentication protocol for low-cost RFID systems(UCS-
RFID). The security of the UCS-RFID relies on five dynamic secret keys
which are updated at every protocol run using a fresh random number
(nonce) secretly transmitted from a reader to tags.
Our results show that, at the highest security level of the protocol (se-
curity parameter= 256), inferring a nonce is feasible with the probability
of 0.99 by eavesdropping(observing) about 90 runs of the protocol. Find-
ing a nonce enables a passive attacker to recover all five secret keys of
the protocol. To do so, we propose a three-phase probabilistic approach
in this paper. Our attack recovers the secret keys with a probability that
increases by accessing more protocol runs. We also show that tracing a
tag using this protocol is also possible even with less runs of the protocol.
Keywords: RFID, Authentication Protocol, Passive Attack.
1
Introduction
As of today, RFID (Radio Frequency Identification) is referred to as the next
technological revolution after the Internet. A typical RFID system involves a
reader ,anumberof tags , which may range from the battery-powered, to the
low-cost ones with even no internal power, and a database .RFIDsystemsenable
the identification of objects in various environments. They can potentially be
applied almost everywhere from electronic passports[20,21], contactless credit
cards[19], to supply chain management[22,23,24].
Keeping RFID systems secure is imperative, because they are vulnerable to
a number of malicious attacks. For low-cost RFID systems, security problems
become much more challenging, as many traditional security mechanisms are
inecient or even impossible due to resource constraints. Some existing solutions
utilize traditional cryptographic primitives such as hash or encryption functions,
which are often too expensive to be implemented on low-cost RFID tags.
Another method of securing RFID systems has been the lightweight ap-
proach. These solutions base themselves on mostly lightweight operations (e.g.
bitwise or simple arithmetic operations) instead of more expensive cryptographic
 
Search WWH ::




Custom Search