Abstract : In this paper we focus our attention on the design of several recently proposed ultralightweight authentication protocols and show that the underlying methodology is not sound. Indeed, the common feature of these protocols lies in the use of transforms, which are the main building blocks. We analyze these transforms and show that all of them present some weaknesses, which can be essentially reduced to poor confusion and diffusion in the input-output mappings. Then, exploiting the weaknesses of the transforms, we describe impersonation attacks against the ultralightweight authentication protocols in which they are used: precisely, RCIA, KMAP, SLAP, and SASI$$^{+}$$+. On average, an attack requires a constant number of interactions with the targeted tag, compared to the allegedly needed exponential number in the informal security analysis. Moreover, since the weaknesses are in the transforms, the attack strategies we describe can be used to subvert any other protocol that uses the same transforms or closely-related ones.
https://hal.inria.fr/hal-02023727 Contributor : Hal IfipConnect in order to contact the contributor Submitted on : Thursday, February 21, 2019 - 4:05:33 PM Last modification on : Monday, October 19, 2020 - 8:02:03 PM Long-term archiving on: : Wednesday, May 22, 2019 - 8:18:47 PM
P. D’arco, R. Prisco. Design Weaknesses in Recent Ultralightweight RFID Authentication Protocols. 33th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2018, Poznan, Poland. pp.3-17, ⟨10.1007/978-3-319-99828-2_1⟩. ⟨hal-02023727⟩