Cryptology ePrint Archive: Report 2015/615

Security Analysis of Niu et al. Authentication and Ownership Management Protocol

Nasour Bagheri, Masoumeh Safkhani and Hoda Jannati

Abstract: Over the past decade, besides authentication, ownership management protocols have been suggested to transfer or delegate the ownership of RFID tagged items. Recently, Niu et al. have proposed an authentication and ownership management protocol based on 16-bit pseudo random number generators and exclusive-or operations which both can be easily implemented on low-cost RFID passive tags in EPC global Class-1 Generation-2 standard. They claim that their protocol offers location and data privacy and also resists against desynchronization attack. In this paper, we analyze the security of their proposed authentication and ownership management protocol and show that the protocol is vulnerable to secret disclosure and desynchronization attacks. The complexity of most of the attacks are only two runs of the protocol and the success probability of the attacks are almost 1.

Category / Keywords: cryptographic protocols / RFID, ownership transfer, ownership delegation, secret disclosure attack, desynchronization attack

Date: received 22 Jun 2015, last revised 22 Jun 2015

Contact author: na bagheri at gmail com, nbagheri@srttu edu

Available format(s): PDF | BibTeX Citation

Note: The work is on progress and the current may be revised.

Version: 20150630:182549 (All versions of this report)

Short URL: ia.cr/2015/615

Discussion forum: Show discussion | Start new discussion