Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Secret Disclosure Attacks on a Recent Ultralightweight Mutual RFID Authentication Protocol for Blockchain-Enabled Supply Chains

  • Conference paper
  • First Online:
Proceedings of the 12th International Conference on Soft Computing and Pattern Recognition (SoCPaR 2020) (SoCPaR 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1383))

Included in the following conference series:

  • 995 Accesses

Abstract

Radio Frequency Identification (RFID) technology has emerged as a suitable technology for various applications of the Internet of Things (IoT). Two types of components, tiny labels called tags and small devices called readers, enable them to associate identifying information to objects (through the tags), which can be automatically read and identified (through the readers). Hence, RFID authentication protocols, needed by each entity to be sure of the identity of the other entity with whom it is interacting, play a crucial role in the deployment of secure IoT applications. Many efforts have been devoted in recent years to the design of efficient and secure protocols. However, these protocols usually need a server to maintain a database of sensitive information for all the tags used in the application, making such a server more vulnerable to security attacks. Several blockchain-based authentication protocols have been developed to take advantage of some blockchain capabilities, e.g. decentralization and immutability, to address this issue and design secure authentication protocols. In this paper, we focus on one of these: we analyze the security vulnerabilities of a recent ultra-lightweight mutual RFID authentication protocol for blockchain-enabled supply chains. Despite the detailed formal security analysis provided by the authors, carried out by using the Gong, Needham and Yahalom logic, and by using automatic validation security tools, we present two secret disclosure attacks against the protocol. The first one is an active attack, while the second is a fully passive attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Ahmadian, Z., Salmasizadeh, M., Aref, M.R.: Desynchronization attack on RAPP ultralightweight authentication protocol. Inf. Process. Lett. 113(7), 205–209 (2013)

    Article  MathSciNet  Google Scholar 

  2. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P.H., Héam, P.C., Kouchnarenko, O., Mantovani, J., et al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: International Conference on Computer Aided Verification, pp. 281–285. Springer (2005)

    Google Scholar 

  3. Avoine, G., Carpent, X., Hernandez-Castro, J.: Pitfalls in ultralightweight authentication protocol designs. IEEE Trans. Mob. Comput. 15(9), 2317–2332 (2015)

    Article  Google Scholar 

  4. Ayoade, J.: Roadmap to solving security and privacy concerns in RFID systems. Comput. Law Secur. Rev. 23(6), 555–561 (2007)

    Article  Google Scholar 

  5. Bilal, Z., Martin, K.: Ultra-lightweight mutual authentication protocols: weaknesses and countermeasures. In: 2013 International Conference on Availability, Reliability and Security, pp. 304–309. IEEE (2013)

    Google Scholar 

  6. Bilal, Z., Masood, A., Kausar, F.: Security analysis of ultra-lightweight cryptographic protocol for low-cost RFID tags: Gossamer protocol. In: 2009 International Conference on Network-Based Information Systems, pp. 260–267. IEEE (2009)

    Google Scholar 

  7. Chien, H.Y.: SASI: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans. Dependable Secure Comput. 4(4), 337–340 (2007)

    Article  Google Scholar 

  8. Chien, H.Y., Huang, C.W.: Security of ultra-lightweight RFID authentication protocols and its improvements. ACM SIGOPS Oper. Syst. Rev. 41(4), 83–86 (2007)

    Article  Google Scholar 

  9. D’Arco, P.: Ultralightweight cryptography. In: International Conference on Security for Information Technology and Communications, pp. 1–16. Springer (2018)

    Google Scholar 

  10. D’Arco, P., De Prisco, R.: Design weaknesses in recent ultralightweight RFID authentication protocols. In: IFIP International Conference on ICT Systems Security and Privacy Protection, pp. 3–17. Springer (2018)

    Google Scholar 

  11. D’Arco, P., De Santis, A.: On ultralightweight RFID authentication protocols. IEEE Trans. Dependable Secure Comput. 8(4), 548–563 (2010)

    Article  Google Scholar 

  12. Garfinkel, S.L., Juels, A., Pappu, R.: RFID privacy: an overview of problems and proposed solutions. IEEE Secur. Privacy 3(3), 34–43 (2005)

    Article  Google Scholar 

  13. Gong, L., Needham, R.M., Yahalom, R.: Reasoning about belief in cryptographic protocols. In: IEEE Symposium on Security and Privacy, pp. 234–248. Citeseer (1990)

    Google Scholar 

  14. Hammi, M.T., Hammi, B., Bellot, P., Serhrouchni, A.: Bubbles of trust: a decentralized blockchain-based authentication system for IoT. Comput. Secur. 78, 126–142 (2018)

    Article  Google Scholar 

  15. Jangirala, S., Das, A.K., Vasilakos, A.V.: Designing secure lightweight blockchain-enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment. IEEE Trans. Industr. Inf. 16(11), 7081–7093 (2019)

    Article  Google Scholar 

  16. Lin, C., He, D., Huang, X., Choo, K.K.R., Vasilakos, A.V.: BSeIn: a blockchain-based secure mutual authentication with fine-grained access control system for industry 4.0. J. Netw. Comput. Appl. 116, 42–52 (2018)

    Article  Google Scholar 

  17. Panarello, A., Tapas, N., Merlino, G., Longo, F., Puliafito, A.: Blockchain and IoT integration: a systematic survey. Sensors 18(8), 2575 (2018)

    Article  Google Scholar 

  18. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: an efficient mutual-authentication protocol for low-cost RFID tags. In: OTM Confederated International Conferences “On the Move to Meaningful Internet Systems”, pp. 352–361. Springer (2006)

    Google Scholar 

  19. Peris-Lopez, P., Hernandez-Castro, J.C., Estévez-Tapiador, J.M., Ribagorda, A.: LMAP: a real lightweight mutual authentication protocol for low-cost RFID tags. In: Proceedings of 2nd Workshop on RFID Security, vol. 6 (2006)

    Google Scholar 

  20. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M\(^2\)AP: a minimalist mutual-authentication protocol for low-cost RFID tags. In: International Conference on Ubiquitous Intelligence and Computing, pp. 912–923. Springer (2006)

    Google Scholar 

  21. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: RFID systems: a survey on security threats and proposed solutions. In: IFIP International Conference on Personal Wireless Communications, pp. 159–170. Springer (2006)

    Google Scholar 

  22. Peris-Lopez, P., Hernandez-Castro, J.C., Phan, R.C.W., Tapiador, J.M., Li, T.: Quasi-linear cryptanalysis of a secure RFID ultralightweight authentication protocol. In: International Conference on Information Security and Cryptology, pp. 427–442. Springer (2010)

    Google Scholar 

  23. Safkhani, M., Bagheri, N.: Cryptanalysis of two recently proposed ultralightweight authentication protocol for IoT. arXiv preprint arXiv:1907.11322 (2019)

  24. Sidorov, M., Ong, M.T., Sridharan, R.V., Nakamura, J., Ohmura, R., Khor, J.H.: Ultralightweight mutual authentication RFID protocol for blockchain enabled supply chains. IEEE Access 7, 7273–7285 (2019)

    Article  Google Scholar 

  25. Sun, H.M., Ting, W.C., Wang, K.H.: On the security of Chien’s ultralightweight RFID authentication protocol. IEEE Trans. Dependable Secure Comput. 8(2), 315–317 (2009)

    Article  Google Scholar 

  26. Wang, K.H., Chen, C.M., Fang, W., Wu, T.Y.: On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J. Supercomput. 74(1), 65–70 (2018)

    Article  Google Scholar 

  27. Wang, S., Zhu, S., Zhang, Y.: Blockchain-based mutual authentication security protocol for distributed RFID systems. In: 2018 IEEE Symposium on Computers and Communications (ISCC), pp. 00074–00077. IEEE (2018)

    Google Scholar 

  28. Yaga, D., Mell, P., Roby, N., Scarfone, K.: Blockchain technology overview. arXiv preprint arXiv:1906.11078 (2019)

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica, Università degli Studi di Salerno, Fisciano, Italy

    Paolo D’Arco & Zahra Ebadi Ansaroudi

Authors
  1. Paolo D’Arco
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zahra Ebadi Ansaroudi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zahra Ebadi Ansaroudi .

Editor information

Editors and Affiliations

  1. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR Labs), Auburn, WA, USA

    Ajith Abraham

  2. Systems Innovation, School of Engineering, The University of Tokyo, Bunkyo-ku, Tokyo, Japan

    Yukio Ohsawa

  3. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR Labs), Auburn, WA, USA

    Niketa Gandhi

  4. Vardhaman College of Engineering, Hyderabad, Telangana, India

    M.A. Jabbar

  5. Faculty of Sciences and Techniques, Hassan 1st University, Settat, Morocco

    Abdelkrim Haqiq

  6. Queen’s University, Belfast, UK

    Seán McLoone

  7. Northumbria University, Newcastle, UK

    Biju Issac

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

D’Arco, P., Ansaroudi, Z.E. (2021). Secret Disclosure Attacks on a Recent Ultralightweight Mutual RFID Authentication Protocol for Blockchain-Enabled Supply Chains. In: Abraham, A., et al. Proceedings of the 12th International Conference on Soft Computing and Pattern Recognition (SoCPaR 2020). SoCPaR 2020. Advances in Intelligent Systems and Computing, vol 1383. Springer, Cham. https://doi.org/10.1007/978-3-030-73689-7_83

Download citation

Publish with us

Policies and ethics

Search

Navigation