Gröbner Basis Attacks on Lightweight RFID Authentication Protocols

Title & Authors
Gröbner Basis Attacks on Lightweight RFID Authentication Protocols
Han, Dae-Wan;

Abstract
Since security and privacy problems in RFID systems have attracted much attention, numerous RFID authentication protocols have been suggested. One of the various design approaches is to use light-weight logics such as bitwise Boolean operations and addition modulo $\small{2^m}$ between m-bits words. Because these operations can be implemented in a small chip area, that is the major requirement in RFID protocols, a series of protocols have been suggested conforming to this approach. In this paper, we present new attacks on these lightweight RFID authentication protocols by using the Gr$\small{\ddot{o}}$bner basis. Our attacks are superior to previous ones for the following reasons: since we do not use the specific characteristics of target protocols, they are generally applicable to various ones. Furthermore, they are so powerful that we can recover almost all secret information of the protocols. For concrete examples, we show that almost all secret variables of six RFID protocols, LMAP, $\small{M^2AP}$, EMAP, SASI, Lo et al.`s protocol, and Lee et al.`s protocol, can be recovered within a few seconds on a single PC.
Keywords
RFID;Authentication Protocol;Algebraic Attack;Gr$\small{\ddot{o}}$bner Basis;
Language
English
Cited by
1.
RCIA: A New Ultralightweight RFID Authentication Protocol Using Recursive Hash, International Journal of Distributed Sensor Networks, 2015, 11, 1, 642180
2.
A New Ultralightweight RFID Authentication Protocol for Passive Low Cost Tags: KMAP, Wireless Personal Communications, 2016
3.
Pitfalls in Ultralightweight Authentication Protocol Designs, IEEE Transactions on Mobile Computing, 2016, 15, 9, 2317
4.
Recursive Linear and Differential Cryptanalysis of Ultralightweight Authentication Protocols, IEEE Transactions on Information Forensics and Security, 2013, 8, 7, 1140
5.
A New Ultralightweight RFID Mutual Authentication Protocol: SASI Using Recursive Hash, International Journal of Distributed Sensor Networks, 2016, 12, 2, 9648971
References
1.
W.W. Adams and P. Loustaunau, "An Introduction to Grobner Bases," Graduate Studies in Mathematics, Vol.3, AMS, 1994.

2.
B. Alomair, L. Lazos, and R. Poovendran, "Passive Attacks on a Class of Authentication Protocols for RFID," Proceedings of ICISC 2007, LNCS 4817, Springer-Verlag, 2007, pp.102-115.

3.
G. Avoine, Cryptography in Radio Frequency Identification and Fair Exchange Protocols [dissertation]. Lausanne, Switzerland: EPFL; 2005.

4.
M. Brickenstein, A. Dreyer, PolyBoRi: "A Framework for Grobner Basis Computations with Boolean Polynomials," Electronic Proceedings of the MEGA 2007 - Efficient Methods in Algebraic Geometry, Strobl, Austria, 2007.

5.
J. Buchmann, A. Pyshkin, and R-P Weinmann, "Block Ciphers Sensitive to Grobner Basis Attacks," Proceedings of CT-RSA 2006, LNCS 3860, Springer-Verlag, 2006, pp.313-331.

6.
T. Cao, L. Bertino, and H. Lei, "Security Analysis of the SASI Protocol," IEEE Transactions on Dependable and Secure Computing, Vol.6, No.1, 2009, pp.73-77.

7.
H.-Y. Chien, "SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication ans Strong Integrity," IEEE Transactions on Dependable and Secure Computing, Vol.4, No.4, 2007, pp.337-340.

8.
C. Cid, S. Murphy, and M. Robshaw, Algebraic Aspects of the Advanced Encrpytion Standard, Springer-Verlag, 2006.

9.
N. Courtois, and J. Pieprzyk, "Cryptanalysis of Block Ciphers with Over-defined System of Equations," Proceedings of Asiacrypt 2002, LNCS 2501, Springer-Verlag, 2002, pp.267-287.

10.
N. Courtois, "Fast Algebraic Attacks on Stream Ciphers with Linear Feedback," Proceedings of Crypto 2003, LNCS 2729, Springer-Verlag, 2003, pp.176-194.

11.
N. Courtois and W. Meier, "Algebraic Attacks on Stream Ciphers with Linear Feedback," Proceedings of Eurocrypt 2003, LNCS 2656, Springer-Verlag, 2003, pp.345-359.

12.
J.-C. Faugere, "A New Efficient Algorithm for computing Grobner bases (F4)," Journal of Pure and Applied Algebra, Vol.139, 1999, pp.61-88.

13.
J.-C. Faugere, "A New Efficient Algorithm for computing Grobner bases without Reduction to Zero (F5)," Proceedings of ISSAC 2002, pp.75-83.

14.
J.-C. Faugere, and A. Joux, "Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems using Grobner bases," Proceedings of Crypto 2003, LNCS 2729, Springer-Verlag, 2003, pp.44-60.

15.
M. Feldhofer, S. Dominikus, and J. Wolkerstorfer, "Strong Authentication for RFID Systems Using AES Algorithm," Proceedings of CHES 2004, LNCS 3156, Springer-Verlag, 2004, pp.357-370.

16.
M. Feldhofer and C. Rechberger, "A Case against Currently Used Hash Functions in RFID Protocols," Proceedings of RFIDSec 2006.

17.
C. Hung-Yu and H. Chen-Wei, "Security of ultra-lightweight RFID authentication protocols and its improvements," ACM SIGOPS Operating Systems Review, Vol.41, No.4, 2007, pp.83-86.

18.
A. Juels, "RFID Security and Privacy: A Research Survey," IEEE Journal on Selected Areas in Communications, Vol.24, No.2, 2006, pp.381-394.

19.
A. Juels, R. Rivest and M. Szydlo, "The Blocker tag: Selective Blocking of RFID Tags for Consumer Privacy," Proceedings of CCS 2003, ACM Press, 2003, pp.103-111.

20.
A. Juels and S. A. Weis, "Authenticating Pervasive Devices with Human Protocols," Proceedings of Crypto'05, LNCS 3621, Springer-Verlag, 2005, pp.293-308.

21.
Y.-C. Lee, Y.-C. Hsieh, P.-S. You, T.-C. Chen, "A New Ultralightweight RFID Protocol with Mutual Authentication," Proceedings of WASE 2009, Vol.2 of ICIE, 2009, pp.58-61.

22.
N.-W. Lo, H.-S. Shie, K.-H. Yeh, "A Design of RFID Mutual Authentication Protocol Using Lightweight Bitwise Operations," Proceedings of JWIS 2008.

23.
P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, "LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags" Proceedings of UIC 2006, LNCS 4159, Springer-Verlag, 2006, pp.912-923.

24.
P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, "\$M^2AP\$: A Minimalist Mutual-Authentication Protocol for Low-cost RFID tags" Proceedings of UIC 2006, LNCS 4159, Springer-Verlag, 2006, pp.912-923.

25.
P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, "EMAP: An Efficient Mutual Authentication Protocol for Low-cost RFID tags," Proceedings of IS 2006, LNCS 4277, Springer-Verlag, 2006, pp.352-361.

26.
R. C.-W. Phan, "Cryptanalysis of a New Ultralightweight RFID Authentication Protocol-SASI," IEEE Transactions on Dependable and Secure Computing, Vol.6, No.4, 2009, pp.316-320.

27.
Sage distribution of mathematical software, http://www.sagemath.org

28.
S. A. Weis, Security and Privacy in Radio-Frequency Identification Devices [dissertation]. Massachusetts: Massachusetts Institute of Technology (MIT); 2003.