[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.3745/JIPS.2011.7.4.691

Gröbner Basis Attacks on Lightweight RFID Authentication Protocols

Han, Dae-Wan (The Attached Institute of ETRI)

Publication Information

Journal of Information Processing Systems / v.7, no.4, 2011 , pp. 691-706 More about this Journal

Abstract

Since security and privacy problems in RFID systems have attracted much attention, numerous RFID authentication protocols have been suggested. One of the various design approaches is to use light-weight logics such as bitwise Boolean operations and addition modulo $2^m$ between m-bits words. Because these operations can be implemented in a small chip area, that is the major requirement in RFID protocols, a series of protocols have been suggested conforming to this approach. In this paper, we present new attacks on these lightweight RFID authentication protocols by using the Gr $\ddot{o}$ bner basis. Our attacks are superior to previous ones for the following reasons: since we do not use the specific characteristics of target protocols, they are generally applicable to various ones. Furthermore, they are so powerful that we can recover almost all secret information of the protocols. For concrete examples, we show that almost all secret variables of six RFID protocols, LMAP, $M^2AP$ , EMAP, SASI, Lo et al.'s protocol, and Lee et al.'s protocol, can be recovered within a few seconds on a single PC.

Keywords

RFID; Authentication Protocol; Algebraic Attack; Gr $\ddot{o}$ bner Basis;

Citations & Related Records

Reference

1	T. Cao, L. Bertino, and H. Lei, "Security Analysis of the SASI Protocol," IEEE Transactions on Dependable and Secure Computing, Vol.6, No.1, 2009, pp.73-77. DOI ScienceOn
2	H.-Y. Chien, "SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication ans Strong Integrity," IEEE Transactions on Dependable and Secure Computing, Vol.4, No.4, 2007, pp.337-340. DOI ScienceOn
3	C. Cid, S. Murphy, and M. Robshaw, Algebraic Aspects of the Advanced Encrpytion Standard, Springer-Verlag, 2006.
4	N. Courtois, and J. Pieprzyk, "Cryptanalysis of Block Ciphers with Over-defined System of Equations," Proceedings of Asiacrypt 2002, LNCS 2501, Springer-Verlag, 2002, pp.267-287.
5	N. Courtois, "Fast Algebraic Attacks on Stream Ciphers with Linear Feedback," Proceedings of Crypto 2003, LNCS 2729, Springer-Verlag, 2003, pp.176-194.
6	N.-W. Lo, H.-S. Shie, K.-H. Yeh, "A Design of RFID Mutual Authentication Protocol Using Lightweight Bitwise Operations," Proceedings of JWIS 2008.
7	P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, "LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags" Proceedings of UIC 2006, LNCS 4159, Springer-Verlag, 2006, pp.912-923.
8	P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, " $M^2AP$ : A Minimalist Mutual-Authentication Protocol for Low-cost RFID tags" Proceedings of UIC 2006, LNCS 4159, Springer-Verlag, 2006, pp.912-923.
9	P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, "EMAP: An Efficient Mutual Authentication Protocol for Low-cost RFID tags," Proceedings of IS 2006, LNCS 4277, Springer-Verlag, 2006, pp.352-361.
10	R. C.-W. Phan, "Cryptanalysis of a New Ultralightweight RFID Authentication Protocol-SASI," IEEE Transactions on Dependable and Secure Computing, Vol.6, No.4, 2009, pp.316-320. DOI ScienceOn
11	Sage distribution of mathematical software, http://www.sagemath.org
12	S. A. Weis, Security and Privacy in Radio-Frequency Identification Devices [dissertation]. Massachusetts: Massachusetts Institute of Technology (MIT); 2003.
13	J.-C. Faugere, and A. Joux, "Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems using Grobner bases," Proceedings of Crypto 2003, LNCS 2729, Springer-Verlag, 2003, pp.44-60.
14	N. Courtois and W. Meier, "Algebraic Attacks on Stream Ciphers with Linear Feedback," Proceedings of Eurocrypt 2003, LNCS 2656, Springer-Verlag, 2003, pp.345-359.
15	J.-C. Faugere, "A New Efficient Algorithm for computing Grobner bases (F4)," Journal of Pure and Applied Algebra, Vol.139, 1999, pp.61-88. DOI ScienceOn
16	J.-C. Faugere, "A New Efficient Algorithm for computing Grobner bases without Reduction to Zero (F5)," Proceedings of ISSAC 2002, pp.75-83.
17	M. Feldhofer, S. Dominikus, and J. Wolkerstorfer, "Strong Authentication for RFID Systems Using AES Algorithm," Proceedings of CHES 2004, LNCS 3156, Springer-Verlag, 2004, pp.357-370.
18	M. Feldhofer and C. Rechberger, "A Case against Currently Used Hash Functions in RFID Protocols," Proceedings of RFIDSec 2006.
19	C. Hung-Yu and H. Chen-Wei, "Security of ultra-lightweight RFID authentication protocols and its improvements," ACM SIGOPS Operating Systems Review, Vol.41, No.4, 2007, pp.83-86. DOI
20	A. Juels, "RFID Security and Privacy: A Research Survey," IEEE Journal on Selected Areas in Communications, Vol.24, No.2, 2006, pp.381-394. DOI ScienceOn
21	A. Juels, R. Rivest and M. Szydlo, "The Blocker tag: Selective Blocking of RFID Tags for Consumer Privacy," Proceedings of CCS 2003, ACM Press, 2003, pp.103-111.
22	A. Juels and S. A. Weis, "Authenticating Pervasive Devices with Human Protocols," Proceedings of Crypto'05, LNCS 3621, Springer-Verlag, 2005, pp.293-308.
23	Y.-C. Lee, Y.-C. Hsieh, P.-S. You, T.-C. Chen, "A New Ultralightweight RFID Protocol with Mutual Authentication," Proceedings of WASE 2009, Vol.2 of ICIE, 2009, pp.58-61.
24	W.W. Adams and P. Loustaunau, "An Introduction to Grobner Bases," Graduate Studies in Mathematics, Vol.3, AMS, 1994.
25	B. Alomair, L. Lazos, and R. Poovendran, "Passive Attacks on a Class of Authentication Protocols for RFID," Proceedings of ICISC 2007, LNCS 4817, Springer-Verlag, 2007, pp.102-115.
26	G. Avoine, Cryptography in Radio Frequency Identification and Fair Exchange Protocols [dissertation]. Lausanne, Switzerland: EPFL; 2005.
27	M. Brickenstein, A. Dreyer, PolyBoRi: "A Framework for Grobner Basis Computations with Boolean Polynomials," Electronic Proceedings of the MEGA 2007 - Efficient Methods in Algebraic Geometry, Strobl, Austria, 2007.
28	J. Buchmann, A. Pyshkin, and R-P Weinmann, "Block Ciphers Sensitive to Grobner Basis Attacks," Proceedings of CT-RSA 2006, LNCS 3860, Springer-Verlag, 2006, pp.313-331.

Reference

02	Umar Mujahid. (2018) Journal of Circuits, Systems and Computers Efficient Hardware Implementation of KMAP+: An Ultralightweight Mutual Authentication Protocol / 27 (02) , 1850033
1	Umar Mujahid. (2015) International Journal of Distributed Sensor Networks RCIA: A New Ultralightweight RFID Authentication Protocol Using Recursive Hash / 11 (1) , 642180
3	Umar Mujahid. (2017) Wireless Personal Communications A New Ultralightweight RFID Authentication Protocol for Passive Low Cost Tags: KMAP / 94 (3) , 725
9	Gildas Avoine. (2016) IEEE Transactions on Mobile Computing Pitfalls in Ultralightweight Authentication Protocol Designs / 15 (9) , 2317
7	Z. Ahmadian. (2013) IEEE Transactions on Information Forensics and Security Recursive Linear and Differential Cryptanalysis of Ultralightweight Authentication Protocols / 8 (7) , 1140
2	Umar Mujahid. (2016) International Journal of Distributed Sensor Networks A New Ultralightweight RFID Mutual Authentication Protocol: SASI Using Recursive Hash / 12 (2) , 9648971