Abstract
Mutual authentication mechanisms can be used in RFID systems to preserve the confidentiality of the RFID tags. Hiding the unique IDs of the tags is critical to prevent unauthorized tag tracking. In this paper, we analyze two mutual authentication protocols called M2AP and EMAP, recently proposed by Peris-Lopez et. al. We show that a passive adversary eavesdropping on the open wireless medium, can extract the unique ID of the RFID tag by collecting an expected O(log2 L) challenge-response exchange messages between the tag and the reader, where L is the length of the tag’s unique ID. To date, previously known attacks on M2AP and EMAP require the active probing of each tag. Furthermore, attacks on M2AP require O(L) active queries to be sent to the tag by a rogue reader, as opposed to O(log2 L).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Peris-Lopez, P., Hernandez-Castro, J., Estevez-Tapiador, J.M., Ribagorda, A.: M2AP: A Minimalist Mutual-Authentication Protocol for Low-cost RFID Tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, Springer, Heidelberg (2006)
Peris-Lopez, P., Hernandez-Castro, J., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: An Efficient Mutual Authentication Protocol for Low-cost RFID Tags. In: OTM Federated Conferences and Workshop: IS Workshop. LNCS, Springer, Heidelberg (2006)
Li, T., Wang, G.: Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols. In: IFIP SEC (2007)
Li, T., Deng, R.H.: Vulnerability Analysis of EMAP - An Efficient RFID Mutual Authentication Protocol. In: AReS 2007: Second International Conference on Availability, Reliability and Security (2007)
Hopper, N.J., Blum, M.: Secure Human Identification Protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, Springer, Heidelberg (2001)
Juels, A., Weis, S.: Authenticating Pervasive Devices with Human Protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)
Gilbert, H., Robshaw, M., Sibert, H.: An Active Attack Against HB + – A provably Secure Lightweight Authentication Protocol Protocol (2005)
Juels, A.: Minimalist Cryptography for Low-Cost RFID Tags. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, Springer, Heidelberg (2005)
Juels, A., Pappu, R.: Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, Springer, Heidelberg (2003)
Feldhofer, M., Aigner, M., Dominikus, S.: An Application of RFID Tags using Secure Symmetric Authentication. In: SecPerU 2005. International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (2005)
Avoine, G.: Privacy Issues in RFID Banknote Protection Schemes. In: International Conference on Smart Card Research and Advanced Applications – CARDIS (2004)
Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: SPC 2003. International Conference on Security in Pervasive Computing (2003)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient Hash-Chain Based RFID Privacy Protection Scheme. In: Davies, N., Mynatt, E.D., Siio, I. (eds.) UbiComp 2004. LNCS, vol. 3205, Springer, Heidelberg (2004)
Vajda, I., Buttyán, L.: Lightweight Authentication Protocols for Low-Cost RFID Tags. In: Dey, A.K., Schmidt, A., McCarthy, J.F. (eds.) UbiComp 2003. LNCS, vol. 2864, Springer, Heidelberg (2003)
Defend, B., Fu, K., Juels, A.: Cryptanalysis of Two Lightweight RFID Authentication Schemes. In: International Workshop on Pervasive Computing and Communication Security – PerSec (2007)
Juels, A.: RFID Security and Privacy: A research Survey (2005)
Avoine, G.: Bibliography on Security and Privacy in RFID Systems http://lasecwww.epfl.ch/gavoine/rfid/
Buchmann, J.A.: Introduction to cryptography. Springer, Heidelberg (2004)
Garfinkel, S.L., Juels, A., Pappu, R.: RFID Privacy: An overview of Problems and Proposed Solutions. IEEE Security & Privacy (2005)
Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems using the AES Algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Alomair, B., Lazos, L., Poovendran, R. (2007). Passive Attacks on a Class of Authentication Protocols for RFID. In: Nam, KH., Rhee, G. (eds) Information Security and Cryptology - ICISC 2007. ICISC 2007. Lecture Notes in Computer Science, vol 4817. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76788-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-76788-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76787-9
Online ISBN: 978-3-540-76788-6
eBook Packages: Computer ScienceComputer Science (R0)