Cryptanalysis and Improvement of a New. Ultra-lightweight RFID Authentication. Protocol with Permutation

Similar documents
Security Flaws of Cheng et al. s Biometric-based Remote User Authentication Scheme Using Quadratic Residues

A New Secure Mutual Authentication Scheme with Smart Cards Using Bilinear Pairings

Robust EC-PAKA Protocol for Wireless Mobile Networks

Cryptanalysis of Some RFID Authentication Protocols

Yet Another Ultralightweight Authentication Protocol that is Broken

Protocol for Privacy Protection in IoT

Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols

Security Analysis of a PUF based RFID Authentication Protocol

A ROBUST AND FLEXIBLE BIOMETRICS REMOTE USER AUTHENTICATION SCHEME. Received September 2010; revised January 2011

SE-H: Secure and Efficient Hash Protocol for RFID System

Available online at ScienceDirect. Procedia Computer Science 37 (2014 )

Security Improvements of Dynamic ID-based Remote User Authentication Scheme with Session Key Agreement

Cryptanalysis and Improvement on a New RFID Mutual Authentication Protocol Compatible with EPC Standard

Cryptanalysis and Improvement of a Dynamic ID Based Remote User Authentication Scheme Using Smart Cards

An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards

Efficient RFID Authentication protocol for Ubiquitous Computing Environment

Cryptanalysis on Efficient Two-factor User Authentication Scheme with Unlinkability for Wireless Sensor Networks

Security Weaknesses of a Biometric-Based Remote User Authentication Scheme Using Smart Cards

Smart-card-loss-attack and Improvement of Hsiang et al. s Authentication Scheme

Analysis and Improvement of the securing RFID systems conforming to EPC Class 1 Generation 2 standard

Security Analysis of Lightweight Authentication Protocol from WISTP ,2) P, Xiao FuP P, Chen Dan-weiP P, Wang Ru-chuanP

The Modified Scheme is still vulnerable to. the parallel Session Attack

A Hash-based Strong Password Authentication Protocol with User Anonymity

On the Security of Yoon and Yoo s Biometrics Remote User Authentication Scheme

We are IntechOpen, the world s leading publisher of Open Access books Built by scientists, for scientists. International authors and editors

Weaknesses in Two Recent Lightweight RFID Authentication Protocols

Remote User Authentication Scheme in Multi-server Environment using Smart Card

Cryptanalysis Of Dynamic ID Based Remote User Authentication Scheme With Key Agreement

Secure Smart Card Based Remote User Authentication Scheme for Multi-server Environment

A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags

An efficient and practical solution to secure password-authenticated scheme using smart card

On the Designing of EPC C1 G2 Authentication Protocols using AKARI-1 and AKARI-2 PRNGs

RFID SECURITY USING LIGHTWEIGHT MUTUAL AUTHENTICATION AND OWNERSHIP TRANSFER PROTOCOL

A Smart Card Based Authentication Protocol for Strong Passwords

A Lightweight RFID Authentication Protocol based on Elliptic Curve Cryptography

A Hash-based RFID Search Protocol for Mobile Reader

Attacks on a Lightweight Mutual Authentication Protocol under EPC C-1 G-2 Standard

The Password Change Phase is Still Insecure

Security Analysis and Improvements of Two-Factor Mutual Authentication with Key Agreement in Wireless Sensor Networks

Cryptanalysis of improved Yeh et al. s authentication Protocol: An EPC Class-1 Generation-2 standard compliant protocol

Efficient RFID authentication scheme for supply chain applications

CRYPTANALYSIS OF SULMA, AN ULTRA- LIGHTWEIGHT MUTUAL AUTHENTICATION PROTOCOL FOR LOW-COST RFID TAGS

RFID technology does not require line-of-sight contact

Three Party Authentication Scheme with Privacy in Telecare Medicine Information Systems

Cryptanalysis of a Markov Chain Based User Authentication Scheme

(In)security of ecient tree-based group key agreement using bilinear map

Efficient password authenticated key agreement using bilinear pairings

Cryptanalysis of An Advanced Temporal Credential- Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks

A robust smart card-based anonymous user authentication protocol for wireless communications

Wireless LAN Security. Gabriel Clothier

Improved differential fault analysis on lightweight block cipher LBlock for wireless sensor networks

Rainbow Vertex-Connection Number of 3-Connected Graph

An Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings

A Noble Remote User Authentication Protocol Based on Smart Card Using Hash Function

Adaptive Aggregation Scheduling Using. Aggregation-degree Control in Sensor Network

Cryptanalysis of Two Password-Authenticated Key Exchange. Protocols between Clients with Different Passwords

A SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS

HGLAP : Hierarchical Group-index based Lightweight Authentication Protocol for Distributed RFID system

Some Algebraic (n, n)-secret Image Sharing Schemes

A Thesis for the Degree of Master. A Lightweight Authentication Protocol using Integer Arithmetic for low-cost RFID tags

Improved Remote User Authentication Scheme Preserving User Anonymity

(2½ hours) Total Marks: 75

Stochastic Coalitional Games with Constant Matrix of Transition Probabilities

A Simple User Authentication Scheme for Grid Computing

CSCE 813 Internet Security Symmetric Cryptography

authentication will be required between roaming user, visited network and home network.

The Generalized Stability Indicator of. Fragment of the Network. II Critical Performance Event

Reliable Broadcast Message Authentication in Wireless Sensor Networks

A Design of Authentication Protocol for a Limited Mobile Network Environment

Article. A genetic tango attack against the David Prasad RFID ultra-lightweight authentication protocol

RADIO-FREQUENCY identification (RFID) is a contactless

Analysing the Molva and Di Pietro Private RFID Authentication Scheme

arxiv: v2 [cs.cr] 20 Jun 2010

DEFENSE AGAINST PASSWORD GUESSING ATTACK IN SMART CARD

Data Encryption Standard (DES)

Dominator Coloring of Prism Graph

An Enhanced Dynamic Identity Based Remote User Authentication Scheme Using Smart Card without a Verification Table

An Efficient Arbitration Mechanism for Secure Data Exchange with NFC

Implementation on Real Time Public. Transportation Information Using GSM Query. Response System

Improved Integral Histogram Algorithm. for Big Sized Images in CUDA Environment

Mersenne twister-based RFID authentication protocol

Implementation of Semantic Information Retrieval. System in Mobile Environment

Research Article Enhanced ID-Based Authentication Scheme Using OTP in Smart Grid AMI Environment

E-commerce security: SSL/TLS, SET and others. 4.1

Cryptanalysis. Ed Crowley

Applicability Estimation of Mobile Mapping. System for Road Management

Encryption / decryption system. Fig.1. Block diagram of Hummingbird

Cryptography ThreeB. Ed Crowley. Fall 08

Journal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10

BCA III Network security and Cryptography Examination-2016 Model Paper 1

An Approach to Security and Privacy of RFID Systems in Anti- Desynchronization

A Chosen-key Distinguishing Attack on Phelix

L13. Reviews. Rocky K. C. Chang, April 10, 2015

A Related-Key Attack on TREYFER

A SMART CARD BASED AUTHENTICATION SCHEME FOR REMOTE USER LOGIN AND VERIFICATION. Received April 2011; revised September 2011

Efficient remote mutual authentication and key agreement

Wenling Wu, Lei Zhang

Security Enhanced IEEE 802.1x Authentication Method for WLAN Mobile Router

Key Management Protocol for Roaming in Wireless Interworking System

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Transcription:

Applied Mathematical Sciences, Vol. 7, 2013, no. 69, 3433-3444 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ams.2013.211587 Cryptanalysis and Improvement of a New Ultra-lightweight RFID Authentication Protocol with Permutation Il-Soo Jeon School of Electrical Engineering Kumoh National Institute of Technology 77 Sanho-Ro, Yangho-Dong, Gumi Kyungsangpuk-Do 730-701, South Korea Eun-Jun Yoon * Department of Cyber Security, Kyungil University 33 Buho-Ri, Hayang-Ub, Kyungsan-Si Kyungsangpuk-Do 712-701, South Korea Copyright 2013 Il-Soo Jeon and Eun-Jun Yoon. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Abstract The security of RFID systems is a very important issue in the applications of RFID systems. Developing of authentication protocols is a general solution to * Corresponding author: e-mail: ejyoon@kiu.ac.kr (Eun-Jun Yoon)

3434 Il-Soo Jeon and Eun-Jun Yoon resist security attacks. However, since low-cost RFID tags have very limited hardware resources, it is not easy to develop an authentication protocol to resist the security and privacy attacks. This paper proposes an efficient ultra-lightweight RFID authentication (EURFID) protocol for low-cost RFID tags in order to reduce hardware resource requirement on the tags, each tag uses only two operations: XOR and separation operations. Keywords: Low-Cost RFID Tags, Authentication, Ultra-lightweight Authentication Protocol, Merge, Separation 1 Introduction These days, the applications of RFID (Radio Frequency Identification) systems are increasing due to their convenience and usefulness in identifying objects. There are good application examples of RFID systems such as access control, supply chain management, inventory control, smart labels, etc. RFID systems are composed of three entities: tags, readers, and the server connected to the reader. The communications between the reader and the server are generally safe, but the communications between the reader and the tags are not safe from the adversary. The reader reads the information of the tag and identifies it through a wireless channel; however, the channel is vulnerable to various security attacks. Therefore, in the applications of RFID systems, for the sake of secure communication between the reader and the tags, RFID authentication protocols are used to resist the security attacks and invasion of privacy. However, since low-cost RFID tags have very limited hardware resources, it is difficult for them to adapt the existing authentication protocols by using modern ciphers which require a lot of computation cost and storage space. Thus, several ultra-lightweight authentication protocols for low-cost RFID tags have been proposed. These protocols have generally been designed to use very lightweight operations such as XOR, rotation, AND, OR, permutation, etc. In 2006, Peris-Lopez et al. proposed a family of ultra-lightweight authentication protocols for low-cost RFID, LMAP[1] and M2AP[2], which use bitwise operations, XOR, AND, OR, and modular operation. Since their protocols were very simple, they were suitable for low-lost RFID tags. Unfortunately, their protocols are vulnerable to de-synchronization attack and full disclose attack[3]. In 2007, Chien[4] proposed a new ultra-lightweight authentication protocol, SASI,

Cryptanalysis and improvement 3435 which supports mutual authentication and tag anonymity. However, Sun et el.[5] showed that SASI cannot resist from the de-synchronization attack. Cao et al.[6] showed that SASI is vulnerable to the de-synchronization attack through the man-in-the-middle attack. Phan[7] used the imbalance of the bitwise OR operation to do the tracking attack for SASI. In 2009, Peris-Lopez et al.[8] proposed another ultra-lightweight authentication protocol called Gossamer. But in 2010, Targa et al.[9] showed that Gossamer is vulnerable to the de-synchronization attack. In 2011, Tian et al.[10] proposed a new ultra-lightweight authentication protocol (RAPP) for low-cost RFID tags. They defined and used permutation operation in their protocol. However, in 2012, Jeon et al. pointed out that RAPP is vulnerable to denial of service attack and de-synchronization attack and then proposed an improved RAPP (IRAPP) which overcomes the vulnerabilities of RAPP[11]. This paper proposes an efficient new ultra-lightweight RFID authentication protocol for low-cost RFID tags (EURFID). In EURFID, in order to reduce hardware resource requirement on the tags, each tag uses only two operations: XOR and separation operations. We show that EURFID can resist the various security and privacy attacks through security analysis. The rest of this paper is organized as follows. In the following section, we present an efficient new ultra-lightweight RFID authentication protocol that is suitable for the low-cost RFID. In Section 3, the security and performance analysis of the proposed protocol are discussed. Finally, the conclusion is given in Section 4. 2 Proposed EURFID protocol This section propose an efficient ultra-lightweight RFID authentication protocol (EURFID) which uses only Sep() operations. Some notations are defined in Table 1 to describe protocol throughout this paper.

3436 Il-Soo Jeon and Eun-Jun Yoon Symbol Table 1. Notations Description A unique identity, Old and new pseudonym of tags respectively, Random numbers created by the reader A, B l-bit strings Secret key composed of 2l bits, where total counts of 0 and 1 K are equal, Left half part and right half part of K respectively Separation operation which demerges C to A and B according Sep(C, K, A, B) to K. If the bit of K is 0, then the bit of C moves to A, otherwise the bit of B moves to C. Bit-wise XOR operator String concatenation operator message transmission The detail definition of the Sep() operation is described below. Definition. Suppose A and B are two l-bit strings, K and C are 2l-bit strings, where, 0,1, 1,2,,, 0,1, 1,2,,, 0,1, 1,2,,2, total count of 0 = total count of 1=l, 0,1, 1,2,,2 Then Sep(C,K,A,B) operation is as follows: i,j 1 for n=1 to 2l if =0 then, i i+1 else, j j+1 end if end for To easily understand the Sep() operation, an execution example of these operations is illustrated in Fig. 1 [12].

Cryptanalysis and improvement 3437 Fig. 1 Execution example of Sep() Since the hardware of low-cost tags is so limited, it is very important to reduce the number of operations to implement an authentication protocol in the tags. Based on this point, we propose an efficient ultra-lightweight RFID authentication protocol (EURFID) which uses only Sep() operations. In the proposed EURFID, each tag and the server shares the five elements, {,,,, }. We summarized the proposed EURFID in Fig. 2 and described the detail procedures below. 1. The reader sends a Hello message to the tag. 2. If the Hello message is received a second time, the tag sends IDS as. Otherwise, the tag sends IDS as to the reader. 3. The reader searches the received IDS in the back-end database. If IDS does not exist in the database, the reader sends the Hello message again. Otherwise, the reader obtains,, and of the matched IDS from the database. The reader generates two random numbers, and, then computes, S,,,,, and,,,. Finally the reader sends the message,,,,, to the tag. 4. The tag extracts, by computing,,,, and S from the received message. Then it executes,,. If or, the tag does not authenticate the reader and terminates the protocol run.

3438 Il-Soo Jeon and Eun-Jun Yoon Otherwise the tag authenticates the reader and executes,,,,,,,, and. Then the tag sends the message,, to the reader. Finally, the tag updates as IDS, and by the executing of S,,,,,,,,,, and S. 5. The reader executes,,,,,,,, and from the received message. If does not equal to, the reader does not authenticate the tag and terminates the protocol run. Otherwise, the reader authenticates the tag and updates as IDS, and by the executing of S,,,,,,,,,, and S. The proposed EURFID protocol updates IDS after a successful protocol, but it does not update the secret keys for every protocol run. EURFID uses Sep() operations instead of Mer() operations in the tags side. Although EURFID uses only Sep() operations in the tags, there is no increase of the protocol run time. Furthermore, it does not require any additional information such as random numbers or secret keys to design the improved protocol.

Cryptanalysis and improvement 3439 Reader {,,,, } Hello If IDS exist in the DB then obtains,, from the DB else resends Hello; Generate, S,,,,,,,,,,,,,,, Updating: S S S,,,,,, S Tag {,,,, } If Hello is received a second time then S else S ; S,,, S,,, &,,,,,, Updating: S S S,,,,,, S 3. Security Analysis and Performance Evaluation 3.1 Security Analysis Fig. 2 The proposed EURFID protocol We will analyze the security and privacy of the proposed protocol. Security is analyzed with resistances to several security attacks and privacy is analyzed with anonymity and resistance to tracking the tags.

3440 Il-Soo Jeon and Eun-Jun Yoon 3.1.1 Resistance to Brute Force Attack The key space of EURFID is calculated as in expression (1), where l is each length of two secret keys,,.!... (1)!! The K has 2l bits, where the total count of 0 is equal to that of 1. In other words, K has l bits whose value is 0 and l bits whose value is 1. If l is 64, then S is approximately 2 from the expression (1). Therefore, if each key length is greater than or equal to 64 bits, the key space is too big to be successful from the brute force attack. Actually, it is not possible to extract some secrets such as keys, random numbers, and the unique identity of the tag even if all possible keys are examined in EURFID. Therefore, EURFID is safe from the brute force attack if each key length of the tag is greater than or equal to 64 bits. 3.1.2 Resistance to reply attack Suppose the adversary replays the messages sent by the reader. In the messages, two random numbers, tag s identity, and tag s pseudonym are diffused by the execution of XOR and Sep() operations. Since the two random numbers and tag s pseudonym are changed each session, the replay messages cannot be authenticated by the tag. Suppose the adversary replays the messages sent by the tag. In the messages, two random numbers are mixed by the Sep() operation. Since the random numbers will be changed each session, the replay messages cannot be authenticated by the reader. Therefore, EURFID is safe from the replay attacks. 4.1.3 Resistance to de-synchronization attack Suppose the adversary blocked some communication messages. As a result, either the reader or the tag updated the tag s pseudonym. If the reader did not update the pseudonym, the reader will send the Hello message again and then receives the old pseudonym from the tag. Since the old pseudonym is stored in the back-end database, the session will be performed successfully. If the tag did not update its pseudonym, the reader will receive the old pseudonym as the response for the first Hello message. Since the reader can find the old pseudonym in the database, the session will be performed successfully as well. Therefore, EURFID is safe from the de-synchronization attacks.

Cryptanalysis and improvement 3441 3.1.4 Resistance to disclosure attack In EURFID, it does not disclose any secrets such as secret keys, random numbers, tag s unique identity by the simple executions of XOR and Sep() operations for the communication messages between the reader and the tag. Suppose the adversary does some modification for the communication messages and the modified communication messages pass the verifications executed in either the reader side or the tag side, so he/she can acquire some information about the secrets. But as far as we know, there is no trapdoor that can help these attacks. Therefore, EURFID is safe from these disclose attacks. 3.1.5 Tag anonymity and resistance to tracking Each tag uses its pseudonym instead of its unique identity and the pseudonym is updated after each successful run of EURFID. Since the updated pseudonym is made by the diffusion of random numbers, secret keys, tag s identity, and current pseudonym, it is random enough to guarantee the tag anonymity. In addition, even if the adversary probes pseudonyms successively, there is no way to know whether the pseudonyms are the same identity or not. Therefore, EURFID can resist the tracking of the tag. 3.2 Performance Evaluation Since the hardware and software power of the reader and the server is generally good enough to run the protocol, we analyzed the performance of EURFID for the tag side. The performance of EURFID is evaluated in terms of security, computation operation, storage requirement, and communication cost. The evaluation results are summarized in Table 2 with some other ultra-lightweight authentication protocols. In Table 2, L denotes the length of each item stored in each tag. As listed in Table 2, each tag only uses XOR and Sep() operations in EURFID. Even though the Mer() operation was defined and used in IRAPLT, the tag side does not use the Mer() operation. So considering on the tags side, the operation implementation space of EURFID is reduced to half that of EURFID. Therefore, EURFID is suitable for the low-cost tags which have very limited hardware resources. The communication cost of EURFID for each tag is 3L. But it is the worst case only when the de-synchronization attack occurred. Therefore, we can say that actual communication cost of EURFID is 2L. Thus, the communication cost of EURFID is low like other protocols in Table 2. EURFID requires 5L

3442 Il-Soo Jeon and Eun-Jun Yoon storage space in the tag, which is less than or equal to those of other protocols. Generally, the most important factor to evaluate authentication protocols is security. EURFID is one of the most secure protocols in Table 2. Consequently, we can say that EURFID shows good performances for all the comparison factors. Factors Table 2. Comparison of the Improved RAPP and Other Protocols. Protocol LMAP [1] M 2 AP [2] SASI [4] Gossamer [8] RAPP [10] IRAPP [11] EURFID Untraceability no no no yes yes yes yes De-synchronization Attack resistance Disclose attack resistance Required storage space Operation types no no no no no yes yes no no no yes yes yes yes 6L 6L 7L 7L 5L 9L 9L,,,,,,,,,,,,,,, 4. Conclusion In this paper, we proposed an efficient ultra-lightweight RFID authentication protocol for low-cost RFID tags in order to reduce hardware resource requirement on the tags, each tag uses only two operations: XOR and separation operations. The proposed EURFID is designed to use three low-cost operations: XOR, Mer(), and Sep() operations. However, the tags only use two operations: XOR and Sep() operations. We showed that EURFID can resist the various security and privacy attacks and has good performance in terms of both storage space and communication cost. Therefore, EURFID will be a good solution to resist the various security attacks for the very low-cost RFID tags. Acknowledgements: This work was supported by Research Fund, Kumoh National Institute of Technology.

Cryptanalysis and improvement 3443 References [1] P. Peris-Lopez, J. C. Hernandez- Castro, J. M. E. Tapiador, and A. Ribagorda, LMAP: a real lightweight mutual authentication protocol for low-cost RFID tags, in Proc. 2006 Workshop RFID Security. 2006. [2] P. Peris-Lopez, J. C. Hernandez- Castro, J. M. E. Tapiador, and A. Ribagorda, M2AP: a minimalist mutual-authentication protocol for low cost RFID tags, in Proc. 2006 International Conference on Ubiquitous Intelligence and Computing, pp. 912 923. 2006. [3] T. Li and G. Wang, Security analysis of two ultra-lightweight RFID authentication protocols, in Proc. 2007 IFIP RC-11 International Information Security Conference, pp. 109 120. 2007. [4] H.-Y. Chien, SASI: a new ultra-lightweight RFID authentication protocol providing strong authentication and strong integrity, IEEE Trans. Dependable and Secure Computing, vol. 4, no. 4, pp. 337 340, 2007. [5] H.-M. Sun, W.-C. Ting, and K.-H. Wang, On the security of Chien s ultra-lightweight RFID authentication protocol, IEEE Trans. Dependable and Secure Computing, vol. 8, no. 2, pp. 315 317, 2011. [6] T. Cao, E. Bertino, and H. Lei, Security analysis of the SASI protocol, IEEE Trans. Dependable and Secure Computing, vol. 6, no. 1, pp. 73 77, 2009. [7] R. C.-W. Phan, Cryptanalysis of a new ultra-lightweight RFID authentication protocol SASI, IEEE Trans. Dependable and Secure Computing, vol. 6, no. 4, pp. 316 320, 2009. [8] P. Peris-Lopez, J. Hernandez-Castro, J. Tapiador, A. Ribagorda, Advances in ultra-lightweight cryptography for low-cost RFID tags: Gossamer protocol, Information Security Applications, pp. 56 68, 2009. [9] D. Tagra, M. Rahman, S. Sampalli, Technique for preventing DoS attacks on RFID systems, 18th international conference on software telecommunications and computer networks SoftCOM'10, IEEE Computer Society, 2010.

3444 Il-Soo Jeon and Eun-Jun Yoon [10] Y. Tian, G. Chen, J. Li, A New Ultralightweight authentication protocol with permutation, IEEE Communication Letters, Vol. 16, No. 5, pp. 702-705, 2012. [11] I.-S. Jeon, E.-J. Yoon, Cryptanalysis and improvement of a new ultra-lightweight RFID authentication protocol with permutation, The Korea Society for Industrial Systems, Vol. 17, No. 6, pp. 1-9, 2012. Received: June 1, 2013

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback