دانشگاه تربیت دبیر شهید رجائی
انتشارات دانشگاه تربیت دبیر شهید رجائی

  اخبار و اعلانات

 آمار

تعداد نشریات11
تعداد شماره‌ها207
تعداد مقالات2,075
تعداد مشاهده مقاله2,812,349
تعداد دریافت فایل اصل مقاله2,030,289
Safkhani, M.. (1396). Cryptanalysis of R2AP an Ultralightweight Authentication Protocol for RFID. فناوری آموزش, 6(1), 111-118. doi: 10.22061/jecei.2018.1103
M. Safkhani. "Cryptanalysis of R2AP an Ultralightweight Authentication Protocol for RFID". فناوری آموزش, 6, 1, 1396, 111-118. doi: 10.22061/jecei.2018.1103
Safkhani, M.. (1396). 'Cryptanalysis of R2AP an Ultralightweight Authentication Protocol for RFID', فناوری آموزش, 6(1), pp. 111-118. doi: 10.22061/jecei.2018.1103
Safkhani, M.. Cryptanalysis of R2AP an Ultralightweight Authentication Protocol for RFID. فناوری آموزش, 1396; 6(1): 111-118. doi: 10.22061/jecei.2018.1103

Cryptanalysis of R2AP an Ultralightweight Authentication Protocol for RFID

Journal of Electrical and Computer Engineering Innovations (JECEI)
مقاله 13، دوره 6، شماره 1، فروردین 2018، صفحه 111-118    اصل مقاله (1.12 M)
نوع مقاله: Original Research Paper
شناسه دیجیتال (DOI): 10.22061/jecei.2018.1103
نویسنده
M. Safkhani*
Computer Engineering Department, Shahid Rajaee Teacher Training University, Tehran, Iran.
تاریخ دریافت: 18 فروردین 1396،  تاریخ بازنگری: 19 مرداد 1396،  تاریخ پذیرش: 19 آبان 1396 
چکیده
Background and Objectives: To overcome the security flaw of RAPP authentication protocol, Zhuang et al. proposed a novel ultralightweight RFID mutual authentication protocol, called R2AP. In this paper, we first propose a new desynchronization attack against this protocol.
Methods: To extract the secret ID, linear cryptanalysis is used, which is a tool mostly for attack block ciphers.
Results: Our proposed desynchronization attack succeeds with the probability almost 1 and requires an adversary to initiate 1829 sessions of the protocol with the tag. On the other hand, the protocol updates the tag and the reader secretes to provide the tag holder privacy. However, it is shown that a passive adversary who eavesdrops only two sessions of the protocol can trace the tag with the probability of 0.921. In addition, passive attack for which the adversary can extract the secret ID of the tag is presented assuming that the adversary eavesdropped 128 sessions of the protocol, its success probability would be 0.387.
Conclusion: It was shown that R2AP suffers from desynchronization, traceability, and disclosure attacks, where the two later attacks work in passive adversary model.


======================================================================================================
Copyrights
©2018 The author(s). This is an open access article distributed under the terms of the Creative Commons Attribution (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, as long as the original authors and source are cited. No permission is required from the authors or the publishers.
======================================================================================================
کلیدواژه‌ها
R2AP؛ Linear Attack؛ Traceability Attack؛ Secret Disclosure Attack؛ Desynchronization Attack
مراجع

[1] H.-Y. Chien, “SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity,” IEEE Trans. Dependable Sec. Comput., 4(4): 337–340, 2007.

[2] P. Peris-Lopez, J. C. H. Castro, J. M. Est´evez-Tapiador, A. Ribagorda, “Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol,” in Proc. International Workshop on Information Security Applications (WISA): 56–68, 2008.

[3] A. Tewari, B. B. Gupta, “Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags,” The Journal of Supercomputing, 73(3): 1085–1102, 2017.

[4] G. Avoine, X. Carpent, B. Martin, “Privacy-friendly synchronized ultralightweight authentication protocols in the storm,” J. Network and Computer Applications, 35(2): 826–843, 2012.

[5] P. D’Arco, A. D. Santis, “On ultralightweight RFID authentication protocols,” IEEE Trans. Dependable Sec. Comput., 8(4): 548–563, 2011.

[6] M. Safkhani, N. Bagheri, “Passive secret disclosure attack on an ultralightweight authentication protocol for internet of things,” The Journal of Supercomputing, 73(8): 3579– 3585, 2017.

[7] R. C. W. Phan, “Cryptanalysis of a new ultralightweight RFID authentication protocol SASI,” IEEE Transactions on Dependable and Secure Computing, 6(4): 316–320, 2009.

[8] X. Zhuang, Y. Zhu, C. Chang, “A new ultralightweight RFID protocol for low-cost tags: R2AP,” Wireless Personal Communications, 79(3): 1787–1802, 2014.

[9] Y. Tian, G. Chen, J. Li, “A new ultralightweight RFID authentication protocol with permutation,” IEEE Communications Letters, 16(5): 702–705, 2012.

[10] S. H. Wang, Z. Han, S. Liu, D. W. Chen, “Security analysis of RAPP an RFID authentication protocol based on permutation,” Cryptology ePrint Archive, Report 2012/327, 2012.

[11] L. R.  A. Last accessed 20 June, 2015.

[12] M. Matsui, “Linear cryptoanalysis method for DES cipher,” in Proc. EUROCRYPT: Workshop on the Theory and Application of Cryptographic Techniques: 386–397, 1994.

[13] K. Nyberg, Linear Cryptanalysis, Icebreak, 2013.

[14] Z. Ahmadian, M. Salmasizadeh, M. R. Aref, “Desynchronization attack on RAPP ultralightweight authentication protocol,” Inf. Process. Lett., 113(7): 205–209, 2013.

[15] Z. Ahmadian, M. Salmasizadeh, M. R. Aref, “Recursive linear and differential cryptanalysis of ultralightweight authentication protocols,” IEEE Transactions on Information Forensics and Security, 8(7): 1140–1151, 2013.

[16] G. Avoine, X. Carpent, “Yet another ultralightweight authentication protocol that is broken,” presented at the Workshop on s Security – RFIDSec’12, Nijmegen, Netherlands, 2012.

[17] N. Bagheri, M. Safkhani, P. Peris-Lopez, J. E. Tapiador, “Weaknesses in a new ultralightweight RFID authentication protocol with permutation – RAPP,” Security and Communication Networks, 7(6): 945–949, 2014.

[18] P. D’Arco, A. D. Santis, “Weaknesses in a recent ultra-lightweight RFID authentication protocol,” in Proc. AFRICACRYPT: International Conference on Cryptology in Africa: 27–39. Springer, 2008.

[19] R. Beaulieu, D. Shors, J. Smith, S. Treatman-Clark, B. Weeks, L. Wingers, “The SIMON and SPECK lightweight block ciphers,” presented at the 52nd Annual Design Automation Conference, San Francisco, CA, USA, 2015.

[20] G. Yang, B. Zhu, V. Suder, M. D. Aagaard, G. Gong, “The Simeck
family of lightweight block ciphers,” presented at the CHES 2015: 17th International Workshop, Saint-Malo, France, 2015.

[21] A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. B. Robshaw, Y. Seurin, C. Vikkelsoe, “PRESENT: an ultra-lightweight block cipher,” in Proc. International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2007): 450–466, 2007.

[22] M. Safkhani, N. Bagheri, P. Peris-Lopez, J. M. E. Tapiador, “Employing a secure cipher does not guarantee the security of RFID protocols,” in Proc. ISCTURKEY 2014: 1–6, 2014.

[23] M. Safkhani, N. Bagheri, “Generalized desynchronization attack on UMAP: application to RCIA, KMAP, SLAP and SASI+ protocols,” IACR Cryptology, 2016.

[24] E. Taqieddin, H. Al-Dahoud, K. Mhaidat, “Security analysis and improvement of reconstruction based radio frequency identification authentication protocol,” International Journal on Communications Antenna and Propagation, 8(3): 206, 2018.

آمار
تعداد مشاهده مقاله: 502
تعداد دریافت فایل اصل مقاله: 423


سامانه مدیریت نشریات علمی. قدرت گرفته از سیناوب