Another Fallen Hash-Based RFID Authentication Protocol

Abstract : In this paper, we scrutinize the security of an RFID protocol [9], which has been recently proposed, and show important vulnerabilities. Our first attack is a passive one that can disclose all secret information stored on the tags’ memory. We only need to eavesdrop one session of the protocol between a tag and a legitimate reader (connected to the back-end database) and perform O(217) off-line evaluations of the PRNG-function – while the authors wrongly claimed the complexity of any such attack would be around 248 operations. Although the extracted information is enough to launch other relevant attacks and thus to completely rule out any of the protocol’s security claims, we additionally present several attacks using alternative strategies that show the protocol is flawed in more than one way and has many exploitable weaknesses. More precisely, we present a tag impersonation attack that requires the execution of only two runs of the protocol, and has a success probability of 1. It must be noted that this attack is, however, not applicable to the original protocol that the authors attempted to improve so, in a way, their improvement is not such. Finally, we show two approaches to trace a tag, as long as it has not updated its secret values. For all the above, we conclude that the improved protocol is even less secure than the original proposal, which is also quite insecure, and cannot be recommended.
Type de document :
Communication dans un congrès
Ioannis Askoxylakis; Henrich C. Pöhls; Joachim Posegga. 6th International Workshop on Information Security Theory and Practice (WISTP), Jun 2012, Egham, United Kingdom. Springer, Lecture Notes in Computer Science, LNCS-7322, pp.29-37, 2012, Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems. 〈10.1007/978-3-642-30955-7_4〉
Liste complète des métadonnées

Littérature citée [14 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01534308
Contributeur : Hal Ifip <>
Soumis le : mercredi 7 juin 2017 - 15:03:41
Dernière modification le : mercredi 7 juin 2017 - 15:05:25
Document(s) archivé(s) le : vendredi 8 septembre 2017 - 12:41:42

Fichier

978-3-642-30955-7_4_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Julio Hernandez-Castro, Pedro Peris-Lopez, Masoumeh Safkhani, Nasour Bagheri, Majid Naderi. Another Fallen Hash-Based RFID Authentication Protocol. Ioannis Askoxylakis; Henrich C. Pöhls; Joachim Posegga. 6th International Workshop on Information Security Theory and Practice (WISTP), Jun 2012, Egham, United Kingdom. Springer, Lecture Notes in Computer Science, LNCS-7322, pp.29-37, 2012, Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems. 〈10.1007/978-3-642-30955-7_4〉. 〈hal-01534308〉

Partager

Métriques

Consultations de la notice

51

Téléchargements de fichiers

9