Vulnerability Analysis of Two Ultralightweight RFID Authentication Protocols

Vulnerability Analysis of Two Ultralightweight RFID Authentication Protocols

Yousof Farzaneh1, Mahdi Azizi2, Masoud Dehkordi1, and Abdolrasoul Mirghadri2

 1School of Mathematics, Iran University of Science and Technology, Iran

2Faculty of Communication and Information Technology, IHU University, Iran

Abstract: Ultralightweight Radio Frequency Identification (RFID) authentication protocols are suitable for low-cost RFID tags with restricted computational power and memory space. Recently, Lee proposed two ultra lightweight authentication protocols for low-cost RFID tags, namely DIDRFID and SIDRFID protocols. The first protocol is based on dynamic identity and the second one on static identity. Lee claimed that his protocols can resist tracking, replay, impersonation, and DOS attacks. In this paper, we show that Lee’s protocols are not secure and they are vulnerable against tracking, impersonation, and full disclosure attacks. Specially, an adversary can accomplish an effective full disclosure attack on DIDRFID protocol by eavesdropping two consecutive sessions and gets all the secret information stored on a tag. Also, we demonstrate that an adversary with ability of obtaining secret information of a single compromised tag in SIDRFID protocol, can get the secret information of other tags and she/he can completely control the whole RFID system.

 Keywords: Low-cost RFID, cryptography, protocol, vulnerability.

Received August 8, 2012; accepted July 28, 2013

Full Text

 

 

Read 1913 times Last modified on Sunday, 19 August 2018 04:54
Share
Top
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…