Recursive Linear and Differential Cryptanalysis of Ultralightweight Authentication Protocols

Ahmadian, Zahra; Salmasizadeh, Mahmoud; Aref, Mohammadreza

doi:10.1109/tifs.2013.2263499

Cited by 26 publications

(20 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [3,4,[8][9][10][11][12][13][14] ultralightweight authentication mutual protocols for RFID systems have been proposed with several variations in design and primitives but cryptanalysis performed in [5][6][7][19][20][21][22][23][24][25][26][27][28][29][30] highlighted the security loop holes and vulnerabilities in the abovementioned protocols. This raises the need of a new secure and robust ultralightweight mutual authentication protocol to combat against all types of malicious activities.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

RCIA: A New Ultralightweight RFID Authentication Protocol Using Recursive Hash

Mujahid

Najam-ul-Islam

Shami

2015

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

RFID is one of the most protuberant systems in the field of ubiquitous computing. Since RFID tags have limited computation capabilities, numerous ultralightweight authentication protocols have been proposed to provide privacy and security. However all the previously proposed ultralightweight mutual authentication protocols have some security apprehensions and are vulnerable to various desynchronization and full disclosure attacks. This paper proposes a new ultralightweight mutual authentication protocol to provide robust confidentiality, integrity, and authentication (RCIA) in a cost effective manner. RCIA introduces a new ultralightweight primitive recursive hash, which efficiently detects the message tempering and also avoids all possible desynchronization attacks. RCIA involves only bitwise operations such as XOR, AND, left rotation, and recursive hash. Performance evaluation illustrates that RCIA requires less resources on tag in terms of on-chip memory, communication cost, and computational operations.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Hence in order to estimate the secret values for RCIA, other kinds of approximation should be considered. [28]. recursive linear cryptanalysis (RLC) also exploits the -functions and constructs the system of linear equations for each bit of the secret values (Keys and ID).…”

Section: Formal Structural Cryptanalysismentioning

confidence: 99%

RCIA: A New Ultralightweight RFID Authentication Protocol Using Recursive Hash

Mujahid

Najam-ul-Islam

Shami

2015

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

show abstract

“…Exploiting this weak property, ultra-lightweight protocols are broken to a greater or lesser degree [2]. On the other hand, the use of non-triangular operations -mainly rotations-difficult the protocol analysis but it does not guarantee its security [1]. In fact, in our proposed attack an adversary exploits the non-resistance of XOR operation against active attackers and the weak property of rotation operation against ones-word (X << N = X, when X = 0xF F..F and ∀ n ∈ Z+).…”

Section: Countermeasurementioning

confidence: 99%

Comments on "Security Improvement of an RFID Security Protocol of ISO/IEC WD 29167-6"

et al. 2013

View full text Add to dashboard Cite

Abstract-Song et al. recently scrutinized the security of a mutual authentication protocol published as a part of ISO/IEC WD 29167-6, denoted as Protocol 1, and showed its lack of protection against man-in-the-middle attacks [8]. In addition, they proposed an improved version, called Protocol 1+, and claimed resistance against this sort of attacks. Nevertheless, in this letter we show that the new protocol is as insecure as the original protocol against manin-the-middle attacks.

show abstract

“…Since the introduction of this class by PerisLopez et al [1], [2], [3] all of the proposals put forward in this area such as SASI [4], Gossamer [5], LMAP ++ [6] and Yeh et al [7] have made use of the mentioned operations. The exclusive or wide use of T-functions in these protocols is widely criticized since it makes some successful cryptanalysis possible [8], [9] and [10].…”

Section: Introductionmentioning

confidence: 99%

“…Instead, the authors introduced a new data dependent permutation as an ultralightweight operation which is unbalanced and breaks the orders of the bits. In fact, one of the most important features of this operation is its completely non-triangular property which is highly recommended in [8].…”

Section: Introductionmentioning

confidence: 99%

Desynchronization attack on RAPP ultralightweight authentication protocol

Ahmadian¹,

Salmasizadeh²,

Aref³

2013

Information Processing Letters

View full text Add to dashboard Cite

Abstract-RAPP (RFID Authentication Protocol with Permutation) is a recently proposed efficient ultralightweight authentication protocol. The operation used in this protocol is totally different from the other existing ultralightweight protocols due to the use of new introduced data dependent permutations and avoidances of modular arithmetic operations and biased logical operations such as AND and OR. The designers of RAPP claimed that this protocol resists against desynchronization attacks since the last messages of the protocol is sent by the reader and not by the tag. This letter challenges this assumption and shows that RAPP is vulnerable against desynchronization attack. This attack has a remarkable probability of success and is effective whether Hamming weight-based or modular-based rotations are used by the protocol.

show abstract

Recursive Linear and Differential Cryptanalysis of Ultralightweight Authentication Protocols

Cited by 26 publications

References 24 publications

RCIA: A New Ultralightweight RFID Authentication Protocol Using Recursive Hash

RCIA: A New Ultralightweight RFID Authentication Protocol Using Recursive Hash

Comments on "Security Improvement of an RFID Security Protocol of ISO/IEC WD 29167-6"

Desynchronization attack on RAPP ultralightweight authentication protocol

Contact Info

Product

Resources

About