[Resource Topic] 2008/470: From Weaknesses to Secret Disclosure in a Recent Ultra-Lightweight RFID Authentication Protocol

Welcome to the resource topic for 2008/470

Title:
From Weaknesses to Secret Disclosure in a Recent Ultra-Lightweight RFID Authentication Protocol

Authors: Paolo D'Arco, Alfredo De Santis

Abstract:

A recent research trend, motivated by the massive deployment of RFID technology, looks at cryptographic protocols for securing communication between entities in which al least one of the parties has very limited computing capabilities. In this paper we focus our attention on SASI, a new Ultra-Lightweight RFID Authentication Protocol, designed for providing Strong Authentication and Strong Integrity. The protocol, suitable for passive Tags with limited computational power and storage, involves simple bitwise operations like and, or, exclusive or, modular addition, and cyclic shift operations. It is efficient, fits the hardware constraints, and can be seen as an example of the above research trend. We start by showing some weaknesses in the protocol and, then, we describe how such weaknesses, through a sequence of simple steps, can be used to compute in an efficient way all secret data used for the authentication process. More precisely, we describe three attacks: - A de-synchronisation attack, through which an adversary can break the synchronisation between the RFID Reader and the Tag. - An identity disclosure attack, through which an adversary can compute the identity of the Tag. - A full disclosure attack, which enables an adversary to retrieve all secret data stored in the Tag. Then we present some experimental results we have obtained by running several tests on an implementation of the protocol, in order to evaluate the performance of the proposed attacks. The results confirm that the attacks are effective and efficient.

ePrint: https://eprint.iacr.org/2008/470

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .