Abstract
This paper investigates a new family of RFID protocols called F f that grew out of a proposal made at ESORICS 2007. This family has the property of having highly efficient implementations and simultaneously providing some security arguments which shares some features with the HB protocol family. In this work, we exhibit links between the F f protocol and the LPN problem, and demonstrate two attacks against the F f family of protocols which run with a time complexity of about 252 and 238 respectively against the instance proposed by the designers that has a 512-bit secret key. Our two attacks have the nice property that they only require interactions with the tag alone and does not involve the reader.
This work has been supported in part by the French Government through the ANR project RFID-AP.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory 24(3), 384–386 (1978)
Blaß, E.-O., Kurmus, A., Molva, R., Noubir, G., Shikfa, A.: The F f -family of protocols for RFID-privacy and authentication. In: Conference on RFID Security, Leuven, Belgium (July 2009)
Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. J. ACM 50(4), 506–519 (2003)
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)
Bringer, J., Chabanne, H., Dottax, E.: HB\(^{\mbox{++}}\): a Lightweight Authentication Protocol Secure against Some Attacks. In: Security, Privacy and Trust in Pervasive and Ubiquitous Computing—SecPerU 2006, pp. 28–33. IEEE Computer Society, Los Alamitos (2006)
Cichon, J., Klonowski, M., Kutylowski, M.: Privacy Protection for RFID with Hidden Subset Identifiers. In: Indulska, J., Patterson, D.J., Rodden, T., Ott, M. (eds.) PERVASIVE 2008. LNCS, vol. 5013, pp. 298–314. Springer, Heidelberg (2008)
Gilbert, H., Robshaw, M., Sibert, H.: Active attack against HB + : a provably secure lightweight authentication protocol. Electronics Letters 41(21), 1169–1170 (2005)
Gilbert, H., Robshaw, M.J.B., Seurin, Y.: Good Variants of HB\(^{\mbox{+}}\) Are Hard to Find. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 156–170. Springer, Heidelberg (2008)
Gilbert, H., Robshaw, M.J.B., Seurin, Y.: HB\(^{\mbox{\#}}\): Increasing the Security and Efficiency of HB\(^{\mbox{+}}\). In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 361–378. Springer, Heidelberg (2008)
Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)
Juels, A., Weis, S.A.: Authenticating Pervasive Devices with Human Protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)
Krause, M., Stegemann, D.: More on the Security of Linear RFID Authentication Protocols. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 182–196. Springer, Heidelberg (2009)
Levieil, É., Fouque, P.-A.: An Improved LPN Algorithm. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 348–359. Springer, Heidelberg (2006)
Lyubashevsky, V.: The parity problem in the presence of noise, decoding random linear codes, and the subset sum problem. In: Chekuri, C., Jansen, K., Rolim, J.D.P., Trevisan, L. (eds.) APPROX 2005 and RANDOM 2005. LNCS, vol. 3624, pp. 378–389. Springer, Heidelberg (2005)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient hash-chain based RFID privacy protection scheme. In: Ubiquitous Computing – Privacy Workshop (2004)
Di Pietro, R., Molva, R.: Information Confinement, Privacy, and Security in RFID Systems. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 187–202. Springer, Heidelberg (2007)
Shamir, A.: SQUASH–A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 144–157. Springer, Heidelberg (2008)
Soos, M.: Analysing the Molva and Di Pietro Private RFID Authentication Scheme. In: Conference on RFID Security, Budapest, Hungary (July 2008)
van Deursen, T., Mauw, S., Radomirović, S.: Untraceability of RFID Protocols. In: Onieva, J.A., Sauveron, D., Chaumette, S., Gollmann, D., Markantonakis, K. (eds.) WISTP 2008. LNCS, vol. 5019, pp. 1–15. Springer, Heidelberg (2008)
Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–303. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Billet, O., Elkhiyaoui, K. (2009). Two Attacks against the F f RFID Protocol. In: Roy, B., Sendrier, N. (eds) Progress in Cryptology - INDOCRYPT 2009. INDOCRYPT 2009. Lecture Notes in Computer Science, vol 5922. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10628-6_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-10628-6_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10627-9
Online ISBN: 978-3-642-10628-6
eBook Packages: Computer ScienceComputer Science (R0)