Passive Secret Disclosure Attack on an Ultralightweight Authentication Protocol for Internet of Things

Recently, Tewari and Gupta have proposed an ultralightweight RFID authentication protocol. In this paper, we consider the security of the proposed protocol and present a passive secret disclosure attack against it. The success probability of the attack is `1\u27 while the complexity of the attack is only eavesdropping one session of the protocol. The presented attack has negligible complexity. We simulated our attack and verified its correctness

MUMAP: Modified Ultralightweight Mutual Authentication protocol for RFID enabled IoT networks

Flawed authentication protocols led to the need for a secured protocol for radio frequency identification (RFID) techniques. In this paper, an authentication protocol named Modified ultralightweight mutual authentication protocol (MUMAP) has been proposed and cryptanalysed by Juel-Weis challenge. The proposed protocol aimed to reduce memory requirements in the authentication process for low-cost RFID tags with limited resources. Lightweight operations like XOR and Left Rotation, are used to circumvent the flaws made in the other protocols. The proposed protocol has three-phase of authentication. Security analysis of the proposed protocol proves its resistivity against attacks like desynchronization, disclosure, tracking, and replay attack. On the other hand, performance analysis indicates that it is an effective protocol to use in low-cost RFID tags. Juel-Weis challenge verifies the proposed protocol where it shows insusceptibility against modular operations

On the security of another CRC based ultralightweight RFID authentication protocol

Design of ultra-lightweight authentication protocols for RFID systems conformed with the EPC Class-1 Generation-2 standard is still a challenging issue in RFID security. Recently, Maurya et al. have proposed a CRC based authentication protocol and claimed that their protocol can resist against all known attacks in RFID systems. However, in this paper we show that their protocol is vulnerable to tag impersonation attack. Moreover, we show that how an attacker can easily trace a target RFID tag. Our analyses show that the success probability of our attacks is “1” while the complexity is only one session eavesdropping, two XORs and one CRC computation

Generalized Desynchronization Attack on UMAP: Application to RCIA, KMAP, SLAP and SASI+^+ protocols

Tian et al. proposed a permutation based authentication protocol entitled RAPP. However, it came out very soon that it suffers from several security treats such as desynchronization attack. Following RAPP, several protocols have been proposed in literature to defeat such attacks. Among them, some protocols suggested to keep a record of old parameters by both the reader and the tag. In this paper we present a genrilized version of all such protocols, named GUMAP, and present an efficent desynchronization attack against it. The complexity of our attack is 5 consequences sessions of protocol and the success probability is almost 1. Our attack is applicable as it is to recently proposed protocols entitled RCIA, KMAP, SASI$^{+}$ and SLAP. To the best of our knowledge, it is the first report on the vulnerability of these protocols