Abstract
Radio Frequency Identification (RFID) technology has emerged as a suitable technology for various applications of the Internet of Things (IoT). Two types of components, tiny labels called tags and small devices called readers, enable them to associate identifying information to objects (through the tags), which can be automatically read and identified (through the readers). Hence, RFID authentication protocols, needed by each entity to be sure of the identity of the other entity with whom it is interacting, play a crucial role in the deployment of secure IoT applications. Many efforts have been devoted in recent years to the design of efficient and secure protocols. However, these protocols usually need a server to maintain a database of sensitive information for all the tags used in the application, making such a server more vulnerable to security attacks. Several blockchain-based authentication protocols have been developed to take advantage of some blockchain capabilities, e.g. decentralization and immutability, to address this issue and design secure authentication protocols. In this paper, we focus on one of these: we analyze the security vulnerabilities of a recent ultra-lightweight mutual RFID authentication protocol for blockchain-enabled supply chains. Despite the detailed formal security analysis provided by the authors, carried out by using the Gong, Needham and Yahalom logic, and by using automatic validation security tools, we present two secret disclosure attacks against the protocol. The first one is an active attack, while the second is a fully passive attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ahmadian, Z., Salmasizadeh, M., Aref, M.R.: Desynchronization attack on RAPP ultralightweight authentication protocol. Inf. Process. Lett. 113(7), 205–209 (2013)
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P.H., Héam, P.C., Kouchnarenko, O., Mantovani, J., et al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: International Conference on Computer Aided Verification, pp. 281–285. Springer (2005)
Avoine, G., Carpent, X., Hernandez-Castro, J.: Pitfalls in ultralightweight authentication protocol designs. IEEE Trans. Mob. Comput. 15(9), 2317–2332 (2015)
Ayoade, J.: Roadmap to solving security and privacy concerns in RFID systems. Comput. Law Secur. Rev. 23(6), 555–561 (2007)
Bilal, Z., Martin, K.: Ultra-lightweight mutual authentication protocols: weaknesses and countermeasures. In: 2013 International Conference on Availability, Reliability and Security, pp. 304–309. IEEE (2013)
Bilal, Z., Masood, A., Kausar, F.: Security analysis of ultra-lightweight cryptographic protocol for low-cost RFID tags: Gossamer protocol. In: 2009 International Conference on Network-Based Information Systems, pp. 260–267. IEEE (2009)
Chien, H.Y.: SASI: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans. Dependable Secure Comput. 4(4), 337–340 (2007)
Chien, H.Y., Huang, C.W.: Security of ultra-lightweight RFID authentication protocols and its improvements. ACM SIGOPS Oper. Syst. Rev. 41(4), 83–86 (2007)
D’Arco, P.: Ultralightweight cryptography. In: International Conference on Security for Information Technology and Communications, pp. 1–16. Springer (2018)
D’Arco, P., De Prisco, R.: Design weaknesses in recent ultralightweight RFID authentication protocols. In: IFIP International Conference on ICT Systems Security and Privacy Protection, pp. 3–17. Springer (2018)
D’Arco, P., De Santis, A.: On ultralightweight RFID authentication protocols. IEEE Trans. Dependable Secure Comput. 8(4), 548–563 (2010)
Garfinkel, S.L., Juels, A., Pappu, R.: RFID privacy: an overview of problems and proposed solutions. IEEE Secur. Privacy 3(3), 34–43 (2005)
Gong, L., Needham, R.M., Yahalom, R.: Reasoning about belief in cryptographic protocols. In: IEEE Symposium on Security and Privacy, pp. 234–248. Citeseer (1990)
Hammi, M.T., Hammi, B., Bellot, P., Serhrouchni, A.: Bubbles of trust: a decentralized blockchain-based authentication system for IoT. Comput. Secur. 78, 126–142 (2018)
Jangirala, S., Das, A.K., Vasilakos, A.V.: Designing secure lightweight blockchain-enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment. IEEE Trans. Industr. Inf. 16(11), 7081–7093 (2019)
Lin, C., He, D., Huang, X., Choo, K.K.R., Vasilakos, A.V.: BSeIn: a blockchain-based secure mutual authentication with fine-grained access control system for industry 4.0. J. Netw. Comput. Appl. 116, 42–52 (2018)
Panarello, A., Tapas, N., Merlino, G., Longo, F., Puliafito, A.: Blockchain and IoT integration: a systematic survey. Sensors 18(8), 2575 (2018)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: an efficient mutual-authentication protocol for low-cost RFID tags. In: OTM Confederated International Conferences “On the Move to Meaningful Internet Systems”, pp. 352–361. Springer (2006)
Peris-Lopez, P., Hernandez-Castro, J.C., Estévez-Tapiador, J.M., Ribagorda, A.: LMAP: a real lightweight mutual authentication protocol for low-cost RFID tags. In: Proceedings of 2nd Workshop on RFID Security, vol. 6 (2006)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M\(^2\)AP: a minimalist mutual-authentication protocol for low-cost RFID tags. In: International Conference on Ubiquitous Intelligence and Computing, pp. 912–923. Springer (2006)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: RFID systems: a survey on security threats and proposed solutions. In: IFIP International Conference on Personal Wireless Communications, pp. 159–170. Springer (2006)
Peris-Lopez, P., Hernandez-Castro, J.C., Phan, R.C.W., Tapiador, J.M., Li, T.: Quasi-linear cryptanalysis of a secure RFID ultralightweight authentication protocol. In: International Conference on Information Security and Cryptology, pp. 427–442. Springer (2010)
Safkhani, M., Bagheri, N.: Cryptanalysis of two recently proposed ultralightweight authentication protocol for IoT. arXiv preprint arXiv:1907.11322 (2019)
Sidorov, M., Ong, M.T., Sridharan, R.V., Nakamura, J., Ohmura, R., Khor, J.H.: Ultralightweight mutual authentication RFID protocol for blockchain enabled supply chains. IEEE Access 7, 7273–7285 (2019)
Sun, H.M., Ting, W.C., Wang, K.H.: On the security of Chien’s ultralightweight RFID authentication protocol. IEEE Trans. Dependable Secure Comput. 8(2), 315–317 (2009)
Wang, K.H., Chen, C.M., Fang, W., Wu, T.Y.: On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J. Supercomput. 74(1), 65–70 (2018)
Wang, S., Zhu, S., Zhang, Y.: Blockchain-based mutual authentication security protocol for distributed RFID systems. In: 2018 IEEE Symposium on Computers and Communications (ISCC), pp. 00074–00077. IEEE (2018)
Yaga, D., Mell, P., Roby, N., Scarfone, K.: Blockchain technology overview. arXiv preprint arXiv:1906.11078 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
D’Arco, P., Ansaroudi, Z.E. (2021). Secret Disclosure Attacks on a Recent Ultralightweight Mutual RFID Authentication Protocol for Blockchain-Enabled Supply Chains. In: Abraham, A., et al. Proceedings of the 12th International Conference on Soft Computing and Pattern Recognition (SoCPaR 2020). SoCPaR 2020. Advances in Intelligent Systems and Computing, vol 1383. Springer, Cham. https://doi.org/10.1007/978-3-030-73689-7_83
Download citation
DOI: https://doi.org/10.1007/978-3-030-73689-7_83
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-73688-0
Online ISBN: 978-3-030-73689-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)