Abstract
The term ultralightweight refers to a special approach to cryptographic design, which uses just basic operations as and, or, xor, \(+_{\bmod \,\, n}\) and cyclic shift. It has been developed in the last years, in the context of authentication protocols, to provide very efficient and secure solutions. In this short note, we discuss the motivations behind its introduction, and outline its key ideas and features. By overviewing some previous works, and picking up from them some examples, we describe typical weaknesses which have been found in almost all the proposed protocols. We point out that, at the state of current knowledge, serious doubts about the soundness of the approach and, in general, about what can be obtained with it, are present. Neverthless, since many questions are on the ground without answers, we argue that further investigations in the field are needed. To this aim, we throw a quick look at the close area of lightweight cryptography, briefly describing some successful design strategies and modeling techniques. We suggest that, instead of keeping pursuing ad-hoc solutions employing heuristic trials, working along these research directions could be beneficial also to the ultralightweight field.
Based on the joint works of the last years with A. De Santis, R. De Prisco and X. Carpenter.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Actually, the entities are three: Tag, Reader, and a Backend Server. The channel between the Reader and the Backend Server is assumed to be secure. To simplify the description usually the Backend Server is not explicitely introduced and the Reader is assumed to perform directly the computations.
References
Armknecht, F., Hamann, M., Mikhalev, V.: Lightweight authentication protocols on ultra-constrained RFIDs - myths and facts. In: Saxena, N., Sadeghi, A.-R. (eds.) RFIDSec 2014. LNCS, vol. 8651, pp. 1–18. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13066-8_1
Avoine, G., Carpent, X., Martin, B.: Strong authentication and strong integrity (SASI) is not that strong. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 50–64. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16822-2_5
Avoine, G., Carpent, X., Hernandez-Castro, J.: Pitfalls in ultra-lightweight authentication protocol designs. IEEE Trans. Mob. Comput. 15(9), 2317–2332 (2016)
Carpenter, X., D’Arco, P., De Prisco, R.: Ultralightweight authentication protocols. In: Hernandez-Castro, J., Avoine, G. (eds.) Selected Topics in Security of Ubiquitous Computing Systems (2019). ISBN 978-3-030-10591-4
Chien, H.: SASI: a new ultra-lightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans. Dependable Secure Comput. 4(4), 337–340 (2007)
D’Arco, P., De Santis, A.: Weaknesses in a recent ultra-lightweight RFID authentication protocol. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 27–39. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68164-9_3
D’Arco, P., De Santis, A.: On ultra-lightweight RFID authentication protocols. IEEE Trans. Dependable Secure Comput. 8(4), 548–563 (2011)
D’Arco, P., De Prisco, R.: Design weaknesses in recent ultra-lightweight RFID authentication protocols. In: Proceedings of the 33rd International Conference on Information Security and Privacy Protection (IFIP TC-11 SEC 2018), Pozna, Poland, pp. 18–20 (2018)
Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_4
Gilbert, H., Robshaw, M.J.B., Seurin, Y.: HB\(^{\#}\): increasing the security and efficiency of HB\(^{+}\). In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 361–378. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_21
Gilbert, H., Robshaw, M.J.B., Seurin, Y.: Good variants of HB\(^{+}\) are hard to find. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 156–170. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85230-8_12
Gilbert, H., Robshaw, M.J.B., Sibert, H.: An active attack against HB\(^{+}\) a provably secure lightweight authentication protocol. Electron. Lett. 41(21), 1169–1170 (2005)
Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Peris-Lopez, P., Quisquater, J.-J.: Cryptanalysis of the SASI ultra-lightweight RFID authentication protocol with modular rotations. In: International Workshop on Coding and Cryptography - WCC 2009, Ullensvang, Norway, May 2009
Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_18
Katz, J., Shin, J.S., Smith, A.: Parallel and concurrent security of the HB and HB\(^{+}\) protocols. J. Cryptology 23(3), 402–421 (2010)
Kiltz, E., Pietrzak, K., Venturi, D., Cash, D., Jain, A.: Efficient authentication from hard learning problems. J. Cryptology 30(4), 1238–1275 (2017)
Ouafi, K., Overbeck, R., Vaudenay, S.: On the security of HB\(^{\#}\) against a man-in-the-middle attack. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 108–124. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89255-7_8
Ouafi, K., Vaudenay, S.: Smashing SQUASH-0. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 300–312. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_17
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M\(^{2}\)AP: a minimalist mutual-authentication protocol for low-cost RFID tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 912–923. Springer, Heidelberg (2006). https://doi.org/10.1007/11833529_93
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: LMAP: a real lightweight mutual authentication protocol for low-cost RFID tags. In: Proceedings of the RFID Security Workshop, pp. 12–24 (2006)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: an efficient mutual-authentication protocol for low-cost RFID tags. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006. LNCS, vol. 4277, pp. 352–361. Springer, Heidelberg (2006). https://doi.org/10.1007/11915034_59
Phan, R.C.W.: Cryptanalysis of a new ultra-lightweight RFID authentication protocol - SASI. IEEE Trans. Dependable Secure Comput. 6(4), 316–320 (2009)
Sun, H.-M., Ting, W.-C., Wang, K.-H.: On the Security of Chien’s Ultralightweight RFID Authentication Protocol, eprint archive, no. 83, February 2008
Shamir, A.: SQUASH – a new MAC with provable security properties for highly constrained devices such as RFID tags. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 144–157. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-71039-4_9
Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76900-2_5
Acknowledgement
I would like to thank Xavier Carpenter, Roberto De Prisco and Alfredo De Santis for helpful comments and suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
D’Arco, P. (2019). Ultralightweight Cryptography. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-12942-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12941-5
Online ISBN: 978-3-030-12942-2
eBook Packages: Computer ScienceComputer Science (R0)