On the Improper Use of CRC for Cryptographic Purposes in RFID Mutual Authentication Protocols

Mutual authentication is essential to guarantee the confidentiality, integrity, and availability of an RFID system. One area of interest is the design of lightweight mutual authentication protocols that meet the limited computational and energy resources of the tags. These protocols use simple operations such as permutation and cyclic redundancy code for cryptographic purposes. However, these functions are cryptographically weak and are easily broken. In this work, we present a case against the use of these functions for cryptographic purposes, due to their simplicity and linear properties, by analyzing the LPCP protocol. We evaluate the claims of the LPCP resistance to de-synchronization and full disclosure attacks and show that the protocol is weak and can be easily broken by eavesdropping on a few mutual authentication sessions. This  weakness stems from the functions themselves as well as the improper use of inputs to these functions. We further offer suggestions that would help in designing more secure protocols

Survey: An overview of lightweight RFID authentication protocols suitable for the maritime internet of things

The maritime sector employs the Internet of Things (IoT) to exploit many of its benefits to maintain a competitive advantage and keep up with the growing demands of the global economy. The maritime IoT (MIoT) not only inherits similar security threats as the general IoT, it also faces cyber threats that do not exist in the traditional IoT due to factors such as the support for long-distance communication and low-bandwidth connectivity. Therefore, the MIoT presents a significant concern for the sustainability and security of the maritime industry, as a successful cyber attack can be detrimental to national security and have a flow-on effect on the global economy. A common component of maritime IoT systems is Radio Frequency Identification (RFID) technology. It has been revealed in previous studies that current RFID authentication protocols are insecure against a number of attacks. This paper provides an overview of vulnerabilities relating to maritime RFID systems and systematically reviews lightweight RFID authentication protocols and their impacts if they were to be used in the maritime sector. Specifically, this paper investigates the capabilities of lightweight RFID authentication protocols that could be used in a maritime environment by evaluating those authentication protocols in terms of the encryption system, authentication method, and resistance to various wireless attacks

An ultralightweight RFID authentication protocol with CRC and permutation

Radio Frequency Identification (RFID) technology will become one of the most popular technologies to identify objects in the near future. However, the major barrier that the RFID system is facing presently is the security and privacy issue. Recently, an ultralightweight RFID authentication protocol with permutation has been proposed to provide security and prevent all possible attacks. However, it is discovered that a type of desynchronization attack can successfully break the proposed scheme. To overcome the vulnerability under the desynchronization attacks, we propose an approximate ultralightweight RFID authentication protocol which integrates the operation of the XOR operator, build-in CRC-16 function, the permutation and secret key backup technology to improve the security functions without increasing any security cost. We formally verify the security functionality of the proposed scheme by using Simple Promela Interpreter (SPIN). Analysis shows that our proposal has a strong ability to prevent existing possible attacks.Accepted versio