Issue No. 01 - January-March (2009 vol. 6)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2008.32
Tianjie Cao , China University of Mining and Technology, Xuzhou
Elisa Bertino , Purdue University, West Lafayette
Hong Lei , China University of Mining and Technology, Xuzhou
The ultralightweight RFID protocols only involve simple bit-wise operations (like XOR, AND, OR, etc.) on tags. In this paper, we show that the ultralightweight strong authentication and strong integrity (SASI) protocol has two security vulnerabilities, namely denial-of-service (DoS) and anonymity tracing based on a compromised tag. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. The latter links a compromised tag with past actions performed on this tag.
Authentication, Security, Privacy, Location-dependent and sensitive
H. Lei, E. Bertino and T. Cao, "Security Analysis of the SASI Protocol," in IEEE Transactions on Dependable and Secure Computing, vol. 6, no. , pp. 73-77, 2008.