Paper 2011/193

Security Analysis of $LMAP^{++}$, an RFID Authentication Protocol

Nasour Bagheri, Masoumeh Safkhani, Majid Naderi, and Somitra Kumar Sanadhya

Abstract

Low cost RFID tags are increasingly being deployed in various practical applications these days. Security analysis of the way these tags are used in an application is a must for successful adoption of the RFID technology. Depending on the requirements of the particular application, security demands on these tags cover some or all of the aspects such as privacy, untraceability and authentication. As a result of increasing deployment of RFID tags, many works on RFID protocols and their security analysis have appeared in the literature in the past few years. Although most protocol proposals also provide some justification for the claimed security properties of these protocols, independent third party evaluation has often revealed weaknesses in these protocols. In this work, we present a third party security evaluation of a recently proposed mutual authentication protocol $LMAP^{++}$. Mutual authentication protocols are an important class of protocols for RFID applications. In these protocols, the reader and the tag of an RFID system run an interactive game to authenticate themselves to each other. In this work, we present traceability and desynchronization attacks against the protocol $LMAP^{++}$. First we show that $LMAP^{++}$ does not satisfy the security notion of traceability as defined in the model proposed by Jules and Weis. Using the ideas of this traceability attack, next we show that $LMAP^{++}$ also suffers from a desynchronization attack. The presented attacks have low complexities and high success probabilities. To the best of our knowledge, this the first attack on the $LMAP^{++}$ protocol.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
Desynchronization$LMAP^{++}$Mutual Authentication ProtocolPrivacyRFIDTraceability.
Contact author(s)
nbagheri @ srttu edu
na bagheri @ gmail com
History
2011-04-25: received
Short URL
https://ia.cr/2011/193
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2011/193,
      author = {Nasour Bagheri and Masoumeh Safkhani and Majid Naderi and Somitra Kumar Sanadhya},
      title = {Security Analysis of ${LMAP}^{++}$, an {RFID} Authentication Protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2011/193},
      year = {2011},
      url = {https://eprint.iacr.org/2011/193}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.