Cryptology ePrint Archive: Report 2015/365

On the (im)possibility of receiving security beyond 2^l using an l-bit PRNG: the case of Wang et. al. protocol

Masoumeh Safkhani, Mehdi Hosseinzadeh, Mojtaba Eslamnezhad Namin, Samad Rostampour, Nasour Bagheri

Abstract: Recently,Wang et al. analyzed the security of two EPC C1-G2 compliant RFID authentication protocols, called RAPLT and SRP^+, and proved that these protocols are vulnerable against de-synchronization and secret disclosure attacks. The time complexity of their attacks were O(2^{16}). In addition, they proposed an improved version of SRP^+ entitled SRP^{++}, for which they claim the security would be O(2^{32}). However, in this letter, we analyze the security of SRP^{++} and show that the complexity of retrieving all secret parameters of a given tag is $O(2^{16})$, similar to its predecessor protocol.

Category / Keywords: cryptographic protocols / RFID; EPC-C1-G2; Authentication; Security Vulnerabilities.

Date: received 22 Apr 2015, last revised 13 Sep 2015

Contact author: na bagheri at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20150913:171413 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]