Abstract
The Internet of Things (IoTs) is one of the most promising technologies of 5G. The IoTs is basically a system of interconnected computing devices which are provided with unique identification number and capability of transmitting information without human intervention. Since the computing devices (sensors) in IoTs communicate with each other using wireless channel which is accessible for all types of adversaries. Therefore, mutual authentication protocols play an important role for secure communication between the computing nodes. Recently Tewari and Gupta proposed an extremely lightweight authentication protocol to ensure the security and privacy of IoT networks in a cost-effective manner. The proposed protocol uses only two bitwise logical operators; Rotation and XOR and claimed to be one of the most secure Ultralightweight Mutual Authentication Protocol (UMAP). In this paper we have highlighted probabilistic full disclosure attack on the said protocol and challenged their security claims. The proposed attack model is passive and success probability is close to unity.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Atzori, L., et al.: The social internet of things (siot)–when social networks meet the internet of things: concept, architecture and network characterization. Comput. Netw. 56(16), 3594–3608 (2012)
Lin, J., et al.: A survey on internet of things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet Things J. 4(5), 1125–1142 (2017)
Mahmoud, R., et al.: Internet of things (IoT) security: current status, challenges and prospective measures. In: 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST). IEEE (2015)
Babar, S., et al.: Proposed security model and threat taxonomy for the Internet of Things (IoT). In: International Conference on Network Security and Applications, Springer (2010)
Ćika, D., Draganić, M., Šipuš, Z.: Active wireless sensor with radio frequency identification chip. In MIPRO, 2012 Proceedings of the 35th International Convention. IEEE (2012)
Tan, J., Koo, S.G.: A survey of technologies in internet of things. In: 2014 IEEE International Conference on Distributed Computing in Sensor Systems (DCOSS), IEEE (2014)
Finkenzeller, K.: RFID handbook: fundamentals and applications in contactless smart cards, radio frequency identification and near-field communication. Wiley (2010)
Class, E.: Generation-2 Class-1 Generation 2 UHF Air Interface Protocol Standard Version 1.2. 0. Gen. 2: p. 2008
Peris-Lopez, P., et al.: LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In: Proceedings of 2nd Workshop on RFID Security (2006)
Peris-Lopez, P., et al.: EMAP: an efficient mutual-authentication protocol for low-cost RFID tags. In OTM Confederated International Conferences On the Move to Meaningful Internet Systems. Springer (2006)
Peris-Lopez, P., et al.: M2AP: a minimalist mutual-authentication protocol for low-cost RFID tags. In: International Conference on Ubiquitous Intelligence and Computing. Springer (2006)
Islam, S.: Security analysis of LMAP using AVISPA. Int. J. Secure. Netw. 9(1), 30–39 (2014)
Li, T., Deng, R.: Vulnerability analysis of EMAP-an efficient RFID mutual authentication protocol. In: The Second International Conference on Availability, Reliability and Security, 2007. ARES 2007. IEEE (2007)
Bárász, M., et al.: Passive attack against the M2AP mutual authentication protocol for RFID tags. In Proceedings of First International EURASIP Workshop on RFID Technology (2007)
Chien, H.-Y.: Sasi: a new ultralightweight rfid authentication protocol providing strong authentication and strong integrity. IEEE Trans. Dependable Secure Comput. 4(4), 337–340 (2007)
Mujahid, U., Najam-ul-Islam, M., Shami, M.A.: Rcia: a new ultralightweight rfid authentication protocol using recursive hash. Int. J. Distrib. Sens. Netw. 11(1), 642180 (2015)
Mujahid, U., Najam-ul-Islam, M., Sarwar, S.: A new ultralightweight RFID authentication protocol for passive low cost tags: KMAP. Wireless Pers. Commun. 94(3), 725–744 (2017)
Luo, H., et al.: SLAP: succinct and lightweight authentication protocol for low-cost RFID system. Wireless Netw. 24(1), 69–78 (2018)
Sun, H.-M., Ting, W.-C., Wang, K.-H.: On the security of Chien’s ultralightweight RFID authentication protocol. IEEE Trans. Dependable Secure Comput. 8(2), 315–317 (2011)
Avoine, G., Carpent, X., Martin, B.: Strong authentication and strong integrity (SASI) is not that strong. In International Workshop on Radio Frequency Identification: Security and Privacy Issues. Springer (2010)
Safkhani, M., Bagheri, N.: Generalized desynchronization attack on UMAP: application to RCIA, KMAP, SLAP and SASI + protocols. IACR Cryptology ePrint Arch. 2016, 905 (2016)
Tewari, A., Gupta, B.: Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. J. Supercomput. 73(3), 1085–1102 (2017)
Adat, V., Gupta, B.: Security in internet of things: issues, challenges, taxonomy, and architecture. Telecommun. Syst. 67(3), 423–441 (2018)
Safkhani, M., Bagheri, N.: Passive secret disclosure attack on an ultralightweight authentication protocol for internet of things. J. Supercomput. 73(8), 3579–3585 (2017)
Hernandez-Castro, J.C., et al.: Cryptanalysis of the David-Prasad RFID ultralightweight authentication protocol. In International Workshop on Radio Frequency Identification: Security and Privacy Issues. Springer (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix A
Appendix A
Good approximation equation calculation to estimate tag’s \( ID \) (100 tests).
\( X \) | \( dist\left( {ID,X} \right) \) | GA equations |
---|---|---|
\( \varvec{P} \) | 30.48 | • |
\( \varvec{Q} \) | 31.75 | • |
\( \varvec{R} \) | 31.69 | • |
\( \varvec{S} \) | 30.59 | • |
\( \varvec{P} \oplus \varvec{Q} \) | 31.69 | • |
\( \varvec{P} \oplus \varvec{R} \) | 31.93 | • |
\( \varvec{P} \oplus \varvec{S} \) | 28.89 | • |
\( \varvec{Q} \oplus \varvec{R} \) | 29.40 | • |
\( Q \oplus S \) | 32.28 | â–² |
\( \varvec{S} \oplus \varvec{R} \) | 31.42 | • |
\( \varvec{P} \oplus \varvec{Q} \oplus \varvec{R} \) | 31.74 | • |
\( \varvec{P} \oplus \varvec{Q} \oplus \varvec{S} \) | 31.60 | • |
\( Q \oplus R \oplus S \) | 32.03 | â–² |
\( \varvec{P} \oplus \varvec{S} \oplus \varvec{R} \) | 31.8 | • |
\( \varvec{P} \oplus \varvec{Q} \oplus \varvec{R} \oplus \varvec{S} \) | 31.23 | • |
\( P^{\prime} \) | 33.52 | â–² |
\( Q^{\prime} \) | 32.25 | â–² |
\( R^{\prime} \) | 32.31 | â–² |
\( S^{\prime} \) | 33.41 | â–² |
\( Q^{\prime} \oplus S^{\prime} \) | 32.28 | â–² |
\( \varvec{S^{\prime}} \oplus \varvec{R^{\prime}} \) | 31.42 | • |
\( \varvec{Q^{\prime}} \oplus \varvec{R^{\prime}} \oplus \varvec{S^{\prime}} \) | 31.97 | • |
\( P^{\prime} \oplus S^{\prime} \oplus R^{\prime} \) | 32.2 | â–² |
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Khalid, M., Mujahid, U., Najam-ul-Islam, M., Tran, B. (2020). Probabilistic Full Disclosure Attack on IoT Network Authentication Protocol. In: Arai, K., Bhatia, R. (eds) Advances in Information and Communication. FICC 2019. Lecture Notes in Networks and Systems, vol 70. Springer, Cham. https://doi.org/10.1007/978-3-030-12385-7_52
Download citation
DOI: https://doi.org/10.1007/978-3-030-12385-7_52
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12384-0
Online ISBN: 978-3-030-12385-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)