Paper 2019/1125

Breaking Anonymity of Some Recent Lightweight RFID Authentication Protocols

Karim Baghery, Behzad Abdolmaleki, Shahram Khazaei, and Mohammad Reza Aref

Abstract

Due to their impressive advantages, Radio Frequency IDentification (RFID) systems are ubiquitously found in various novel applications. These applications are usually in need of quick and accurate authentication or identification. In many cases, it has been shown that if such systems are not properly designed, an adversary can cause security and privacy concerns for end-users. In order to deal with these concerns, impressive endeavors have been made which have resulted in various RFID authentications being proposed. In this study, we analyze three lightweight RFID authentication protocols proposed in Wireless Personal Communications (2014), Computers & Security (2015) and Wireless Networks (2016). We show that none of the studied protocols provides the desired security and privacy required by the end-users. We present various security and privacy attacks such as secret parameter reveal, impersonation, DoS, traceability, and forward traceability against the studied protocols. Our attacks are mounted in the Ouafi–Phan RFID formal privacy model which is a modified version of the well-known Juels–Weis privacy model.

Note: This is a preprint of an article published in Journal of Wireless Networks, 2019, 25: 1235.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Minor revision. Wireless Networks
DOI
10.1007/s11276-018-1717-0
Keywords
Anonymous RFID authentication protocolInternet of Things (IoT)Security and privacyHash functionsOuafi–Phan privacy model
Contact author(s)
karim baghery @ ut ee
History
2019-10-02: received
Short URL
https://ia.cr/2019/1125
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1125,
      author = {Karim Baghery and Behzad Abdolmaleki and Shahram Khazaei and Mohammad Reza Aref},
      title = {Breaking Anonymity of Some Recent Lightweight RFID Authentication Protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1125},
      year = {2019},
      doi = {10.1007/s11276-018-1717-0},
      note = {\url{https://eprint.iacr.org/2019/1125}},
      url = {https://eprint.iacr.org/2019/1125}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.