Next Article in Journal
A HMM-R Approach to Detect L-DDoS Attack Adaptively on SDN Controller
Next Article in Special Issue
A Modified BA Anti-Collision Protocol for Coping with Capture Effect and Interference in RFID Systems
Previous Article in Journal
Interactive 3D Exploration of RDF Graphs through Semantic Planes
Article Menu
Issue 9 (September) cover image

Export Article

Open AccessArticle
Future Internet 2018, 10(9), 82; https://doi.org/10.3390/fi10090082

On the Security of Rotation Operation Based Ultra-Lightweight Authentication Protocols for RFID Systems

1,†,* , 2,3,†
and
1,†
1
Computer Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran
2
Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran
3
School of Computer Science, Institute for Research in Fundamental Sciences (IPM), Tehran 19538-33511, Iran
These authors contributed equally to this work.
*
Author to whom correspondence should be addressed.
Received: 7 July 2018 / Revised: 12 August 2018 / Accepted: 17 August 2018 / Published: 21 August 2018
Full-Text   |   PDF [412 KB, uploaded 21 August 2018]   |  

Abstract

Passive Radio Frequency IDentification (RFID) tags are generally highly constrained and cannot support conventional encryption systems to meet the required security. Hence, designers of security protocols may try to achieve the desired security only using limited ultra-lightweight operations. In this paper, we show that the security of such protocols is not provided by using rotation functions. In the following, for an example, we investigate the security of an RFID authentication protocol that has been recently developed using rotation function named ULRAS, which stands for an Ultra-Lightweight RFID Authentication Scheme and show its security weaknesses. More precisely, we show that the ULRAS protocol is vulnerable against de-synchronization attack. The given attack has the success probability of almost ‘1’, with the complexity of only one session of the protocol. In addition, we show that the given attack can be used as a traceability attack against the protocol if the parameters’ lengths are an integer power of 2, e.g., 128. Moreover, we propose a new authentication protocol named UEAP, which stands for an Ultra-lightweight Encryption based Authentication Protocol, and then informally and formally, using Scyther tool, prove that the UEAP protocol is secure against all known active and passive attacks. View Full-Text
Keywords: RFID; ULRAS; UEAP; mobile commerce; RR method; authentication; de-synchronization attack; traceability attack RFID; ULRAS; UEAP; mobile commerce; RR method; authentication; de-synchronization attack; traceability attack
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Safkhani, M.; Bagheri, N.; Shariat, M. On the Security of Rotation Operation Based Ultra-Lightweight Authentication Protocols for RFID Systems. Future Internet 2018, 10, 82.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top