Attacks on a Lightweight Mutual Authentication Protocol under EPC C-1 G-2 Standard

Abstract: Abstract. Yeh et al. have recently proposed a mutual authentication protocol based on EPC Class-1 Gen.-2 standard. They claim their protocol is secure against adversarial attacks and also provides forward secrecy. In this paper we show that the proposed protocol does not have cited security features properly. A powerful and practical attack is presented on this protocol whereby the whole security of the protocol is broken. Furthermore, Yeh et al.'s protocol does not assure the untraceabilitiy and backwarduntra… Show more

“…It is worth to note that the given attack is not applicable to the original protocol of Yeh et al and the complexity of the best known tag impersonation attack against the original protocol is 2 16 evaluations of PRNG function [9]. It shows that Habibi et al have decreased the security of the original protocol while trying to improve it -at least from this attack's point of view.…”

“…In this section we give a brief description of Habibi et al 's protocol -see the original paper [9] for further details. This protocol has two phases: an initialization phase and an (i + 1) th authentication phase, which are described as follows:…”

“…It must be noted that a similar attack was applied by Habibi et al [9] on the original protocol of Yeh et al and the improved protocol was proposed to overcome this weaknesses. In their security analysis the authors claimed that the complexity of disclosing the secret information in their improved protocol is 2 48 evaluations of the PRNG function.…”

“…Researchers, motivated by this, have proposed many EPC-compliant schemes -in an attempt to correct the weaknesses of the standard and improve its security-and have analyzed the security of these new schemes [2-5, 9, 15]. Among them, one of the most recent proposals is a protocol proposed by Habibi et al [9], which is an improvement to the Yeh et al 's protocol [15]. Specifically, the authors analyzed the security of Yeh et al 's protocol and proposed an improved version as a repair for the attacks they found.…”

“…In this paper, we scrutinize the security of an RFID protocol [9], which has been recently proposed, and show important vulnerabilities. Our first attack is a passive one that can disclose all secret information stored on the tags' memory.…”

Another Fallen Hash-Based RFID Authentication Protocol

“…It is worth to note that the given attack is not applicable to the original protocol of Yeh et al and the complexity of the best known tag impersonation attack against the original protocol is 2 16 evaluations of PRNG function [9]. It shows that Habibi et al have decreased the security of the original protocol while trying to improve it -at least from this attack's point of view.…”

“…In this section we give a brief description of Habibi et al 's protocol -see the original paper [9] for further details. This protocol has two phases: an initialization phase and an (i + 1) th authentication phase, which are described as follows:…”

“…It must be noted that a similar attack was applied by Habibi et al [9] on the original protocol of Yeh et al and the improved protocol was proposed to overcome this weaknesses. In their security analysis the authors claimed that the complexity of disclosing the secret information in their improved protocol is 2 48 evaluations of the PRNG function.…”

“…Researchers, motivated by this, have proposed many EPC-compliant schemes -in an attempt to correct the weaknesses of the standard and improve its security-and have analyzed the security of these new schemes [2-5, 9, 15]. Among them, one of the most recent proposals is a protocol proposed by Habibi et al [9], which is an improvement to the Yeh et al 's protocol [15]. Specifically, the authors analyzed the security of Yeh et al 's protocol and proposed an improved version as a repair for the attacks they found.…”

“…In this paper, we scrutinize the security of an RFID protocol [9], which has been recently proposed, and show important vulnerabilities. Our first attack is a passive one that can disclose all secret information stored on the tags' memory.…”

Another Fallen Hash-Based RFID Authentication Protocol

Lightweight Authentication Protocol for Low-Cost RFID Tags

Review of different classes of RFID authentication protocols