[Resource Topic] 2011/426: Cryptanalysis of improved Yeh \textit{et al. }'s authentication Protocol: An EPC Class-1 Generation-2 standard compliant protocol

Welcome to the resource topic for 2011/426

Title:
Cryptanalysis of improved Yeh \textit{et al. }'s authentication Protocol: An EPC Class-1 Generation-2 standard compliant protocol

Authors: Masoumeh Safkhani, Nasour Bagheri, Somitra Kumar Sanadhya, Majid Naderi

Abstract:

EPC class 1 Generation 2(or in short term EPC-C1 G2) is one of the most important standards for RFID passive tags. However, the original protocol known to be insecure. To improve the security of this standard, several protocols have been proposed compliant to this standard. In this paper we analyze the improved Yeh \textit{et al. }‘s protocol by Yoon which is conforming to EPC-C1 G2 standard and is one of the most recent proposed protocol in this field. We present several efficient attacks against this protocol. Our first attack is a passive attack that can retrieve all secret parameters of the tag on the cost of eavesdropping only one session of protocol between the tag and a legitimate reader (connected to the back-end database) and O(2^{16}) evaluations of PRNG-function in off-line . Although the extracted information are enough to mount other relevant attacks (e. g. such as traceability, tag impersonation, reader impersonation, and desynchronization attacks) and would be enough to rule out any security claim for this protocol, to highlight other weaknesses of the protocol we present another tag impersonation attack with the complexity of two runs of protocol and the success probability of ``1’'. In addition, we show a straight forward way to trace the tag as long as it has not updated its secret values.

ePrint: https://eprint.iacr.org/2011/426

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .