This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Security Analysis of the SASI Protocol
January-March 2009 (vol. 6 no. 1)
pp. 73-77
Tianjie Cao, China University of Mining and Technology, Xuzhou
Elisa Bertino, Purdue University, West Lafayette
Hong Lei, China University of Mining and Technology, Xuzhou
The ultralightweight RFID protocols only involve simple bit-wise operations (like XOR, AND, OR, etc.) on tags. In this paper, we show that the ultralightweight strong authentication and strong integrity (SASI) protocol has two security vulnerabilities, namely denial-of-service (DoS) and anonymity tracing based on a compromised tag. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. The latter links a compromised tag with past actions performed on this tag.

[1] A. Juels and S.A. Weis, “Authentication Pervasive Device with Human Protocols,” Proc. Ann. Int'l Cryptology Conf. (CRYPTO '05), pp. 293-308, 2005.
[2] S.A. Weis, “Security Parallels between People and Pervasive Devices,” Proc. Third IEEE Int'l Conf. Pervasive Computing and Comm. Workshop (PERCOMW '05), pp. 105-109, 2005, doi:10.1109/PERCOMW.2005.72.
[3] H. Briger, H. Chabanne, and E. Dottax, “HB++: A Lightweight Authentication Protocol Secure against Some Attacks,” Proc. IEEE Int'l Conf. Pervasive Service, Workshop Security, Privacy and Trust in Pervasive and Ubiquitous Computing (Percom '06), pp. 28-33, 2006, doi:10.1109/SECPERU.2006.10.
[4] D.N. Duc, J. Park, H. Lee, and K. Kim, “Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning,” Proc. Symp. Cryptography and Information Security (SCIS), 2006.
[5] A. Juels, “Strengthening EPC Tag against Cloning,” Proc. ACM Workshop Wireless Security (WiSe '05), pp. 67-76, 2005.
[6] H. Gibert, M. Robshaw, and H. Sibert, “An Active Attack Against HB+—A Provably Secure Lightweight Authentication Protocol,” IEE Electronics Letters, vol. 41, no. 21, pp. 1169-1170, Oct. 2005, doi:10.1049/el:20052622.
[7] H.-Y. Chien and C.-H. Chen, “Mutual Authentication Protocol for RFID Conforming to EPC Class 1 Generation 2 Standards,” Computers Standards & Interfaces, vol. 29, no. 2, pp. 254-259, 2007, doi:10.1016/j.csi.2006.04.004.
[8] S. Piramuthu, “Protocols for RFID Tag/Reader Authentication,” Decision Support Systems, vol. 43, no. 3, pp. 897-914, 2007, doi:10.1016/j.dss.2007.01.003.
[9] H.-Y. Chien and C.-W. Huang, “Security of Ultra-Lightweight RFID Authentication Protocols and Its Improvements,” ACM Operating System Rev., vol. 41, no. 2, pp. 83-86, July 2007, doi: http://doi.acm.org/10.1145/1278901.1278916.
[10] T. Li and R.H. Deng, “Vulnerability Analysis of EMAP—An Efficient RFID Mutual Authentication Protocol,” Proc. Second Int'l Conf. Availability, Reliability, and Security (AReS), 2007.
[11] T. Li and G. Wang, “Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols,” Proc. 22nd IFIP TC-11 Int'l Information Security Conf. (ISC '07), May 2007.
[12] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, “LMAP: A Real Lightweight Mutual Authentication Protocol for Low-Cost RFID Tags,” Proc. Second Workshop RFID Security, July 2006.
[13] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, “EMAP: An Efficient Mutual Authentication Protocol for Low-Cost RFID Tags,” Proc. OTM Federated Conf. and Workshop: IS Workshop, Nov. 2006.
[14] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, “${\rm M}^{2}{\rm AP}$ : A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags,” Proc. Int'l Conf. Ubiquitous Intelligence and Computing (UIC '06), pp. 912-923, 2006.
[15] H.-Y. Chien, “SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity,” IEEE Trans. Dependable and Secure Computing, vol. 4, no. 4, pp. 337-340, Oct.-Dec. 2007, doi:10.1109/TDSC.2007.70226.

Index Terms:
Authentication, Security, Privacy, Location-dependent and sensitive
Citation:
Tianjie Cao, Elisa Bertino, Hong Lei, "Security Analysis of the SASI Protocol," IEEE Transactions on Dependable and Secure Computing, vol. 6, no. 1, pp. 73-77, Jan.-March 2009, doi:10.1109/TDSC.2008.32
Usage of this product signifies your acceptance of the Terms of Use.