Full Secret Disclosure Attack against an EPC- C1 G2 Compliant Authentication Protocol

Document Type : Research Article


Shahid Rajaee Teacher Training University


Security analysis of a protocol is an important step toward the public trust on its security. Recently, in 2018, Moradi et al. considered the security of the Wei and Zhang RFID EPC-C1 G2 compliant authentication protocol and presented desynchronization attack and also server/reader impersonation attack against it. Then they proposed an improved version of the protocol. However, in this paper as the first third-party analysis of this protocol to the best of our knowledge, we present an efficient secret disclosure attack with the complexity of only two runs of protocol and doing O(2^{16}) PRNG offline evaluations. We also recommend that designing a secure protocol by using 16-bit CRCs and 16-bit PRNGs in the framework of EPC-C1 G2 may not be possible and changing this standard to allow the use of lightweight cryptographic functions should be inevitable. In this line, we present an improved version of the Moradi et al.protocol and also prove its security both informally and formally, through GNY logic.


[1] S. F. Aghili, M. Ashouri-Talouki, and H. Mala. DoS, impersonation and de-synchronization attacks against an ultra-lightweight RFID mutual authentication protocol for IoT. The Journal of Supercomputing, 74(1):509--525, 2018. [ bib | DOI ]
[2] S. F. Aghilia, H. Mala, P. Kaliyar, and M. Conti. SecLAP: Secure and lightweight RFID authentication protocol for Medical IoT. Future Generation Computer Systems, 101:621 -- 634, 2019. [ bib | DOI ]
[3] Z. Ahmadian, M. Salmasizadeh, and M. R. Aref. Recursive Linear and Differential Cryptanalysis of Ultralightweight Authentication Protocols. IEEE Transactions on Information Forensics and Security, 8(7):1140 -- 1151, 2013. [ bib | DOI ]
[4] A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuellar, P. Hankes Drielsma, P. C. Heám, O. Kouchnarenko, J. Mantovani, S. Mödersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Viganò, and L. Vigneron. The AVISPA tool for the automated validation of internet security protocols and applications. In International conference on computer aided verification, pages 281--285. Springer, Berlin, Heidelberg, 2005. [ bib | DOI ]
[5] P. Arulmozhi, J. B. B. Rayappan, and Pethuru Raj. A Lightweight Memory-Based Protocol Authentication Using Radio Frequency Identification (RFID). In Advances in Big Data and Cloud Computing, pages 163--172. Springer, Singapore, 2019. [ bib | DOI ]
[6] G. Avoine and X. Carpent. Yet Another Ultralightweight Authentication Protocol that is Broken. In International Workshop on Radio Frequency Identification: Security and Privacy Issues, pages 20--30. Springer, Berlin, Heidelberg, 2012. [ bib | DOI ]
[7] G. Avoine, X. Carpent, and B. Martin. Privacy-friendly synchronized ultralightweight authentication protocols in the storm. Journal of Network and Computer Applications, 35(2):826--843, 2012. [ bib | DOI ]
[8] N. Bagheri, M. Safkhani, P. Perisā€Lopez, and Juan E. Tapiador. Weaknesses in a new ultralightweight RFID authentication protocol with permutation—RAPP. Security and Communication Networks, 7(6):945--949, 2014. [ bib | DOI ]
[9] R. Beaulieu, S. Treatman-Clark, D. Shors, B. Weeks, J. Smith, and L. Wingers. The SIMON and SPECK lightweight block ciphers. In 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pages 1--6. IEEE, 2015. [ bib | DOI ]
[10] C. Beierle, J. Jean, S. Kölbl, G. Leander, A. Moradi, T. Peyrin, Y. Sasaki, P. Sasdrich, and S. M. Sim. The SKINNY family of block ciphers and its low-latency variant MANTIS. In Annual Cryptology Conference, pages 123--153. Springer, Berlin, Heidelberg, 2016. [ bib | DOI ]
[11] Y. Bendavid, N. Bagheri, M. Safkhani, and S. Rostampour. IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”. Sensors, 18(12):4444, 2018. [ bib | DOI ]
[12] B. Blanchet and A. Chaudhuri. Automated formal analysis of a protocol for secure file sharing on untrusted storage. In 2008 IEEE Symposium on Security and Privacy (sp 2008), pages 417--431. IEEE, 2008. [ bib | DOI ]
[13] M. Burrows, M. Abadi, and R. Needham. BAN a logic of authentication. Technical report 39, Digital Equipment Systems Research center, Palo Alto, California, 1989. [ bib ]
[14] Cas J. F. Cremers. The Scyther Tool: Verification, falsification, and analysis of security protocols. In International Conference on Computer Aided Verification, pages 414--418. Springer, Berlin, Heidelberg, 2008. [ bib | DOI ]
[15] P. D'Arco and A. D. Santis. On ultralightweight RFID authentication protocols. IEEE Transactions on Dependable and Secure Computing, 8(4):548 -- 563, 2011. [ bib | DOI ]
[16] A. Falahati, H. Azizi, and R. M. Edwards. RFID light weight server-less search protocol based on NLFSRs. In 2016 8th International Symposium on Telecommunications (IST), pages 741--745. IEEE, 2016. [ bib | DOI ]
[17] A. Falahati and H. Jannati. All-or-nothing approach to protect a distance bounding protocol against terrorist fraud attack for low-cost devices. Electronic Commerce Research, 15(1):75–95, 2015. [ bib | DOI ]
[18] K. Fan, W. Jiang, H. Li, and Y. Yang. Lightweight RFID protocol for medical privacy protection in IoT. IEEE Transactions on Industrial Informatics, 14(4):1656--1665, 2018. [ bib | DOI ]
[19] L. Gong, R. Needham, and R. Yahalom. Reasoning about belief in cryptographic protocols. In Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy, pages 234--248. IEEE, 1990. [ bib | DOI ]
[20] P. Huang, H. Mu, and C. Zhang. A New Lightweight RFID Grouping Proof Protocol. In Advanced Technologies, Embedded and Multimedia for Human-centric Computing, pages 869--876. Springer, Dordrecht, 2014. [ bib | DOI ]
[21] P. Huang, H. Mu, and C. Zhang. Cryptanalysis and enhancement of a secure group ownership transfer protocol for RFID tags. In Global Security, Safety and Sustainability & e-Democracy, pages 186--193. Springer, Berlin, Heidelberg, 2011. [ bib | DOI ]
[22] Hoda Jannati. Cryptanalysis and enhancement of two low cost RFID authentication protocols. arXiv preprint arXiv:1202.1971, 2012. [ bib | DOI ]
[23] J. Jean, A. Moradi, T. Peyrin, and P. Sasdrich. Bit-sliding: a generic technique for bit-serial implementations of SPN-based primitives. In International Conference on Cryptographic Hardware and Embedded Systems, pages 687--707. Springer, Cham, 2017. [ bib | DOI ]
[24] I. Jeon and E. Yoon. A New Ultra-lightweight RFID Authentication Protocol using Merge and Separation Operations. International Journal of Mathematical Analysis, 7(49):2583--2593, 2013. [ bib | DOI ]
[25] C. Liu, I. Liu, C. Lin, and J. Li. A novel tag searching protocol with time efficiency and searching accuracy in RFID systems. Computer Networks, 150:201--216, 2019. [ bib | DOI ]
[26] Y. Liu, M. F. Ezerman, and H. Wang. Double verification protocol via secret sharing for low-cost RFID tags. Future Generation Computer Systems, 90:118--128, 2019. [ bib | DOI ]
[27] Y. Liu, X. Yin, Y. Dong, and K. Huang. Lightweight authentication scheme with inverse operation on passive RFID tags. Journal of the Chinese Institute of Engineers, 42(1):74--79, 2019. [ bib | DOI ]
[28] F. Moradi, H. Mala, and B. Tork Ladani. Security analysis and strengthening of an RFID lightweight authentication protocol suitable for VANETs. Wireless Personal Communications, 83(4):2607–2621, 2015. [ bib | DOI ]
[29] F. Moradi, H. Mala, B. Tork Ladani, and F. Moradi. Security analysis of an epc class-1 generation-2 compliant rfid authentication protocol. Journal of Computing and Security, 3(3):163--174, 2016. [ bib ]
[30] L. Pang, L. He, Q. Pei, and Y. Wang. Secure and Efficient Mutual Authentication Protocol for RFID Conforming to the EPC C-1 G-2 Standard. In Wireless Communications and Networking Conference (WCNC), 2013 IEEE, pages 1870--1875. IEEE, 2013. [ bib | DOI ]
[31] S. Rostampour, N. Bagheri, M. Hosseinzadeh, and A. Khademzadeh. On the Security of Permutation Based Authentication Protocols for Internet of Things Applications: The Case of Huang et al.'s Protocol. Journal of Computing and Security, 3(4):201--209, 2016. [ bib ]
[32] M. Safkhani. Cryptanalysis of R2AP an Ultralightweight Authentication Protocol for RFID. Journal of Electrical and Computer Engineering Innovations, 6(1):107--114, 2018. [ bib ]
[33] M. Safkhani, Y. Bendavid, S. Rostampour, and N. Bagheri. On Designing Lightweight RFID Security Protocols for Medical IoT. IACR Cryptology ePrint Archive, page 851, 2019. [ bib ]
[34] M. Safkhani, M. Hosseinzadeh, M. E. Namin, S. Rostampour, and N. Bagheri. On the (Im) Possibility of Receiving Security Beyond 2 l Using an l-Bit PRNG. Wireless Personal Communications, 92(4):1591--1597, 2017. [ bib | DOI ]
[35] E. Taqieddin, H. Al-Dahoud, and K. Mhaidat. Security Analysis and Improvement of Reconstruction Based Radio Frequency Identification Authentication Protocol. International Journal on Communications Antenna and Propagation (IRECAP), 8(3), 2018. [ bib | DOI ]
[36] Y. Tian, G. Chen, and J. Li. A New Ultralightweight RFID Authentication Protocol with Permutation. IEEE Communications Letters, 16(5):702 -- 705, 2012. [ bib | DOI ]
[37] S. Wang, S. Liu, and D. Chen. Security Analysis and Improvement on Two RFID Authentication Protocols. Wireless Personal Communications, 82(1):21–33, 2015. [ bib | DOI ]
[38] S. h. Wang, Z. Han, S. Liu, and D. w. Chen. Security Analysis of RAPP An RFID Authentication Protocol based on Permutation. IACR Cryptology ePrint Archive, page 327, 2012. [ bib ]
[39] C. Wei, C.Yang, M. Hwang, and A. Chin. Cryptanalysis of Li--Wang Authentication Protocol for Secure and Efficient RFID Communication. In Recent Developments in Intelligent Computing, Communication and Devices, pages 699--705. Springer, Singapore, 2019. [ bib | DOI ]
[40] G. Wei and H. Zhang. A lightweight authentication protocol scheme for RFID security. Wuhan University Journal of Natural Sciences, 18(6):504–510, 2013. [ bib | DOI ]
[41] L. Zhou, X. Li, K. Yeh, C. Su, and W. Chiu. Lightweight IoT-based authentication scheme in cloud computing circumstance. Future Generation Computer Systems, 91:244--251, 2019. [ bib | DOI ]
[42] X. Zhuang, Y. Zhu, and C. Chang. A New Ultralightweight RFID Protocol for Low-Cost Tags: R ^2 AP. Wireless Personal Communications, 79(3):1787–1802, 2014. [ bib | DOI ]