Abstract
Passive Radio Frequency IDentification (RFID) tags are generally highly constrained and cannot support conventional encryption systems to meet the required security. Hence, designers of security protocols may try to achieve the desired security only using limited ultra-lightweight operations. In this paper, we show that the security of such protocols is not provided by using rotation functions. In the following, for an example, we investigate the security of an RFID authentication protocol that has been recently developed using rotation function named ULRAS, which stands for an Ultra-Lightweight RFID Authentication Scheme and show its security weaknesses. More precisely, we show that the ULRAS protocol is vulnerable against de-synchronization attack. The given attack has the success probability of almost ‘1’, with the complexity of only one session of the protocol. In addition, we show that the given attack can be used as a traceability attack against the protocol if the parameters’ lengths are an integer power of 2, e.g., 128. Moreover, we propose a new authentication protocol named UEAP, which stands for an Ultra-lightweight Encryption based Authentication Protocol, and then informally and formally, using Scyther tool, prove that the UEAP protocol is secure against all known active and passive attacks.
Highlights
Today, many researchers are trying to develop systems that use mobile phones to reach beyond the boundaries of communications and convert a mobile device into a remote authenticator device or a remote control switch
By using the ULRAS protocol as an example, we show that designing a secure protocol using only the rotation operation without the use of cryptography primitives is not possible
We introduce the preliminaries used in this manuscript, as well as the work already done in this field and the ULRAS protocol as an example for rotation-based Radio Frequency IDentification (RFID) authentication protocol
Summary
Many researchers are trying to develop systems that use mobile phones to reach beyond the boundaries of communications and convert a mobile device into a remote authenticator device or a remote control switch. Once the tag or the reader has been successfully identified, in the step it should be authenticated, in order to solve the RFID security issues In this phase, which is known as the authentication phase of their communication, the rest of the readers and the tags in the vicinity are remaining-silent, to avoid collision. Problem Definition: Assuming that a reader and a tag decided to communicate in the identification phase of their communication, to provide the security of RFID users, security protocols are required. Security protocols, such as authentication protocols, are expected to provide the CIA triangle of security which is Confidentiality, Integrity, and Availability.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
