The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - January-March (2009 vol.6)
pp: 73-77
Tianjie Cao , China University of Mining and Technology, Xuzhou
Elisa Bertino , Purdue University, West Lafayette
Hong Lei , China University of Mining and Technology, Xuzhou
ABSTRACT
The ultralightweight RFID protocols only involve simple bit-wise operations (like XOR, AND, OR, etc.) on tags. In this paper, we show that the ultralightweight strong authentication and strong integrity (SASI) protocol has two security vulnerabilities, namely denial-of-service (DoS) and anonymity tracing based on a compromised tag. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. The latter links a compromised tag with past actions performed on this tag.
INDEX TERMS
Authentication, Security, Privacy, Location-dependent and sensitive
CITATION
Tianjie Cao, Elisa Bertino, Hong Lei, "Security Analysis of the SASI Protocol", IEEE Transactions on Dependable and Secure Computing, vol.6, no. 1, pp. 73-77, January-March 2009, doi:10.1109/TDSC.2008.32
REFERENCES
[1] A. Juels and S.A. Weis, “Authentication Pervasive Device with Human Protocols,” Proc. Ann. Int'l Cryptology Conf. (CRYPTO '05), pp. 293-308, 2005.
[2] S.A. Weis, “Security Parallels between People and Pervasive Devices,” Proc. Third IEEE Int'l Conf. Pervasive Computing and Comm. Workshop (PERCOMW '05), pp. 105-109, 2005, doi:10.1109/PERCOMW.2005.72.
[3] H. Briger, H. Chabanne, and E. Dottax, “HB++: A Lightweight Authentication Protocol Secure against Some Attacks,” Proc. IEEE Int'l Conf. Pervasive Service, Workshop Security, Privacy and Trust in Pervasive and Ubiquitous Computing (Percom '06), pp. 28-33, 2006, doi:10.1109/SECPERU.2006.10.
[4] D.N. Duc, J. Park, H. Lee, and K. Kim, “Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning,” Proc. Symp. Cryptography and Information Security (SCIS), 2006.
[5] A. Juels, “Strengthening EPC Tag against Cloning,” Proc. ACM Workshop Wireless Security (WiSe '05), pp. 67-76, 2005.
[6] H. Gibert, M. Robshaw, and H. Sibert, “An Active Attack Against HB+—A Provably Secure Lightweight Authentication Protocol,” IEE Electronics Letters, vol. 41, no. 21, pp. 1169-1170, Oct. 2005, doi:10.1049/el:20052622.
[7] H.-Y. Chien and C.-H. Chen, “Mutual Authentication Protocol for RFID Conforming to EPC Class 1 Generation 2 Standards,” Computers Standards & Interfaces, vol. 29, no. 2, pp. 254-259, 2007, doi:10.1016/j.csi.2006.04.004.
[8] S. Piramuthu, “Protocols for RFID Tag/Reader Authentication,” Decision Support Systems, vol. 43, no. 3, pp. 897-914, 2007, doi:10.1016/j.dss.2007.01.003.
[9] H.-Y. Chien and C.-W. Huang, “Security of Ultra-Lightweight RFID Authentication Protocols and Its Improvements,” ACM Operating System Rev., vol. 41, no. 2, pp. 83-86, July 2007, doi: http://doi.acm.org/10.1145/1278901.1278916.
[10] T. Li and R.H. Deng, “Vulnerability Analysis of EMAP—An Efficient RFID Mutual Authentication Protocol,” Proc. Second Int'l Conf. Availability, Reliability, and Security (AReS), 2007.
[11] T. Li and G. Wang, “Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols,” Proc. 22nd IFIP TC-11 Int'l Information Security Conf. (ISC '07), May 2007.
[12] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, “LMAP: A Real Lightweight Mutual Authentication Protocol for Low-Cost RFID Tags,” Proc. Second Workshop RFID Security, July 2006.
[13] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, “EMAP: An Efficient Mutual Authentication Protocol for Low-Cost RFID Tags,” Proc. OTM Federated Conf. and Workshop: IS Workshop, Nov. 2006.
[14] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, “${\rm M}^{2}{\rm AP}$ : A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags,” Proc. Int'l Conf. Ubiquitous Intelligence and Computing (UIC '06), pp. 912-923, 2006.
[15] H.-Y. Chien, “SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity,” IEEE Trans. Dependable and Secure Computing, vol. 4, no. 4, pp. 337-340, Oct.-Dec. 2007, doi:10.1109/TDSC.2007.70226.
6 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool