This Article 
 Bibliographic References 
 Add to: 
On the Security of Chien's Ultralightweight RFID Authentication Protocol
March/April 2011 (vol. 8 no. 2)
pp. 315-317
Hung-Min Sun, National Tsing Hua University, Hsinchu
Wei-Chih Ting, Industrial Technology Research Institute, Hsinchu
King-Hang Wang, Hong Kong Institute of Technology, Hong Kong
Security issues become more and more significant in RFID development. Recently, Chien proposed an ultralightweight RFID authentication protocol in order to achieve privacy and authenticity with limited computation and transmission resources. However, we find two desynchronization attacks to break the protocol. In order to repair the protocol, two patches that slightly modify the protocol are presented in the paper.

[1] H.-Y. Chien, "SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity," IEEE Trans. Dependable and Secure Computing, vol. 4, no. 4, pp. 337-340, Oct.-Dec. 2007.
[2] H. Gilbert, M. Robshaw, and H. Sibert, "An Active Attack Against ${\rm HB}^+$ —a Provably Secure Lightweight Authentication Protocol," Electronics Letters, vol. 41, pp. 1169-1170, Oct. 2005.
[3] G. Hancke, "Practical Attacks on Proximity Identification Systems," Proc. 2006 IEEE Symp. Security and Privacy, pp. 328-333, May 2006.
[4] H.-Y. Chien, "Private Communication".
[5] P. D'Arco and A.D. Santis, "Weaknesses in a Recent Ultra-Lightweight RFID Authentication Protocol," Progress in Cryptology AFRICACRYPT 2008, pp. 27-39, Springer-Verlag, 2008.
[6] T. Cao, E. Bertino, and H. Lei, "Security Analysis of the SASI Protocol," IEEE Trans. Dependable and Secure Computing, vol. 6, no. 2, pp. 73-77, Jan.-Mar. 2009.
[7] R.C.-W. Phan, "Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI," IEEE Trans. Dependable and Secure Computing, vol. 99, no. 1, p. 5555, Oct.-Dec. 2009.

Index Terms:
Security, privacy, authentication, RFID, synchronization.
Hung-Min Sun, Wei-Chih Ting, King-Hang Wang, "On the Security of Chien's Ultralightweight RFID Authentication Protocol," IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 2, pp. 315-317, March-April 2011, doi:10.1109/TDSC.2009.26
Usage of this product signifies your acceptance of the Terms of Use.