Welcome to the resource topic for 2019/851
Title:
On Designing Lightweight RFID Security Protocols for Medical IoT
Authors: Masoumeh Safkhani, Ygal Bendavid, Samad Rostampour, Nasour Bagheri
Abstract:Recently, in IEEE Transactions on Industrial Informatics, Fan et al. proposed a lightweight RFID protocol which has been suggested to be employed for protecting the Medical Privacy in an IoT system. However, the protocol has trivial flaws, as it is shown recently by Aghili et al., in Future Generation Computer Systems. Aghili et al. also proposed an improved version of the protocol, based on the similar designing paradigm, called SecLAP. Although the protocol’s designers claimed full security against all attacks, we show that the proposed protocol has serious security flaws, by presenting traceability and passive secret disclosure attacks against this protocol. More precisely, we present passive partial secret disclosure attack with the complexity of eavesdropping one session of the protocol and success probability of `1’. The disclosed parameters can be used to trace the tag/reader in any later session which compromises the tag/reader privacy. In addition, we present a passive full secret disclosure attack against SecLAP which can disclose 2n-bit secret key, n-bit TID and n-bit RID with the computational complexity of 27n^7. In addition, we show that, as it is expected, Fan et al.'s protocol has security flaws in random oracle model, where the adversary’s advantage after q queries to distinguish the protocol from a random oracle is 1- 2^{-q} . We also evaluate the security of SecLAP in the random oracle model and show that it is as insecure as its predecessor.
ePrint: https://eprint.iacr.org/2019/851
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .