Cryptanalysis of a new ultralightweight RFID authentication protocolSASI

IEEE Transactions on Dependable and Secure Computing

Volumn 6, Issue 4, 2009, Pages 316-320

  Phan, Raphael C W ^a  

^a LOUGHBOROUGH UNIVERSITY   (United Kingdom)

Author keywords

Authentication; Cryptanalysis; Pervasive and embedded computing; RFID; SASI; Terms Security of cryptographic protocols; Traceability; Ultralightweight

Indexed keywords

AUTHENTICATION; CRYPTOGRAPHY;

CRYPTANALYSIS; CRYPTOGRAPHIC PROTOCOLS; EMBEDDED COMPUTING; SASI; TRACEABILITY; ULTRA LIGHTWEIGHTS;

RADIO FREQUENCY IDENTIFICATION (RFID);

EID: 70450265312     PISSN: 15455971     EISSN: None     Source Type: Journal    
DOI: 10.1109/TDSC.2008.33     Document Type: Article

References (34)

1. "Albertsons Announces Mandate," RFID J., http://www. rfidjournal.com/ article/articleview/819/1/1/, Mar. 2004.
2. G. Avoine, Adversarial Model for Radio Frequency Identification, Cryptology ePrint Archive, report 2005/049, IACR ePrint Archive, http://eprint. iacr.org/2005/049, Feb. 2005.
3. M. Bellare, D. Pointcheval, and P. Rogaway, "Authenticated Key Exchange Secure against Dictionary Attacks," Proc. Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '00), pp. 139-155, 2000.
4. D. Carluccio, K. Lemke, and C. Paar, "E-Passport: The Global Traceability or How to Feel Like a UPS Package," Proc. Seventh Int'l Workshop Information Security Applications (WISA '07), pp. 391-404, 2007.
5. CASPIAN, Boycott Benetton, http://www.boycottbenetton.com, 2007.
6. H.-Y. Chien, "SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity," IEEE Trans. Dependable and Secure Computing, vol.4, no.4, pp. 337-340, Oct.-Dec. 2007.
7. H.-Y. Chien and C.-W. Huang, "Security of Ultra-Lightweight RFID Authentication Protocols and Its Improvements," ACM Operating System Rev., vol.41, no.2, pp. 83-86, 2007.
8. T.S. Heydt-Benjamin, D.V. Bailey, K. Fu, A. Juels, and T. O'Hare, "Vulnerabilities in First-Generation RFID-Enabled Credit Cards," Proc. 11th Int'l Conf. Financial Cryptography and Data Security (FC '07), pp. 2-14, 2007.
9. J.-H. Hoepman, E. Hubbers, B. Jacobs, M. Oostdijk, and R.W. Schreur, "Crossing Borders: Security and Privacy Issues of the European e-Passport," Proc. First Int'l Workshop Security (IWSEC '06), pp. 152-167, 2006.
10. A. Juels, D. Molnar, and D. Wagner, "Security and Privacy Issues in E-Passports," Proc. First IEEE Conf. Security and Privacy for Emerging Areas in Comm. Networks (SecureComm '05), http://eprint.iacr.org/2005/095, last revised Sept. 2007, pp. 74-88, 2005.
11. A. Juels and S.A. Weis, "Defining Strong Privacy for RFID," Proc. Fifth Ann. IEEE Int'l Conf. Pervasive Computing and Comm. (PerCom '07), http://eprint.iacr.org/2006/137, pp. 342-347, Mar. 2007.
12. E. Kosta, M. Meints, M. Hensen, and M. Gasson, "An Analysis of Security and Privacy Issues Relating to RFID Enabled ePassports," Proc. 22nd IFIP TC-11 Int'l Information Security Conf. (IFIP SEC '07), vol.232, pp. 467-472, 2007.
13. T.V. Le, M. Burmester, and B. de Medeiros, "Universally Composable and Forward-Secure RFID Authentication and Authenticated Key Exchange," Proc. ACM Symp. Information, Computer and Comm. Security (ASIACCS '07), http://eprint.iacr.org/2007/051, pp. 242-252, 2007.
14. T. Li and R.H. Deng, "Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol," Proc. Second Int'l Conf. Availability, Reliability and Security (AReS '07), pp. 238-245, 2007.
15. T. Li and G. Wang, "Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols," Proc. 22nd IFIP TC-11 Int'l Information Security Conf. (IFIP SEC '07), vol.232, pp. 109-120, 2007.
16. T. Li, G. Wang, and R.H. Deng, "Security Analysis on a Family of Ultra-Lightweight RFID Authentication Protocols," J. Software, vol.3, no.3, pp. 1-10, 2008.
17. "Michelin Embeds RFID Tags in Tires," RFID J., http://www.rfidjournal. com/article/articleview/269/1/1/, Jan. 2003.
18. "Mitsubishi Electric Asia Switches on RFID," RFID J., http:// www.rfidjournal.com/article/articleview/2644/, Sept. 2006.
19. J. Monnerat, S. Vaudenay, and M. Vuagnoux, "About Machine- Readable Travel Documents: Privacy Enhancement Using (Weakly) Non-Transferable Data Authentication," Proc. Third Workshop RFID Security (RFIDSec '07), pp. 15-28, 2007.
20. M. Naor and M. Yung, "Public-Key Cryptosystems Provably Secure against Chosen Ciphertext Attacks," Proc. ACM Symp. Theory of Computing (STOC '90), pp. 427-437, 1990.
21. K. Ouafi and R.C.-W. Phan, "Privacy of Recent RFID Authentication Protocols," Proc. Fourth Information Security Practice and Experience Conf. (ISPEC '08), pp. 263-277, 2008.
22. K. Ouafi and R.C.-W. Phan, "Traceable Privacy of Recent Provably-Secure RFID Protocols," Proc. Sixth Int'l Conf. Applied Cryptography and Network Security (ACNS '08), pp. 479-489, 2008.
23. R.I. Paise and S. Vaudenay, "Mutual Authentication in RFID," Proc. ACM Symp. Information, Computer and Comm. Security (ASIACCS '08), pp. 292-299, 2008.
24. P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, "LMAP: A Real Lightweight Mutual Authentication Protocol for Low-Cost RFID Tags," Proc. Second Workshop RFID Security (RFIDSec '06), July 2006.
25. P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, "EMAP: A Efficient Mutual Authentication Protocol for Low-Cost RFID Tags," Proc. OTM Information Security Workshop (IS '06), pp. 352-361, 2006. (Pubitemid 44891824)
26. P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, "M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags," Proc. Third Int'l Conf. Ubiquitous Intelligence and Computing (UIC '06), pp. 912-923, 2006. (Pubitemid 44577871)
27. R.C.-W. Phan, K.-K.R. Choo, and S.-H. Heng, "Security of a Leakage- Resilient Protocol for Key Establishment and Mutual Authentication," Proc. Int'l Conf. Provable Security (ProvSec '07), pp. 169-177, 2007.
28. R.C.-W. Phan and B.-M. Goi, "Cryptanalysis of the N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords," Proc. Fourth Int'l Conf. Applied Cryptography and Network Security (ACNS '06), pp. 226-238, 2006.
29. R.C.-W. Phan and B.-M. Goi, "Cryptanalysis of Two Provably Secure Cross- Realm C2C-PAKE Protocols," Proc. Seventh Int'l Conf. Cryptology in India (Indocrypt '06), pp. 104-117, 2006.
30. C. Rackoff and D. Simon, "Non-interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack," Proc. 11th Ann. Int'l Cryptology Conf. (CRYPTO '91), pp. 433-444, 1991.
31. "Target, Wal-Mart Share EPC Data," RFID J., http://www.rfidjournal. com/article/articleview/642/1/1/, Oct. 2005.
32. S. Vaudenay, "RFID Privacy Based on Public-Key Cryptography," Proc. Ninth Ann. Int'l Conf. Information Security and Cryptology (ICISC '06), pp. 1-6, 2006.
33. S. Vaudenay, "On Privacy Models for RFID," Proc. 13th Ann. Int'l Conf. Theory and Application of Cryptology and Information Security (Asiacrypt '07), pp. 68-87, 2007.
34. A. Westin, Privacy and Freedom. Atheneum, 1967.