Cryptology ePrint Archive: Report 2010/463

Passive Cryptanalysis of the UnConditionally Secure Authentication Protocol for RFID Systems

Mohammad Reza Sohizadeh Abyaneh

Abstract: Recently, Alomair et al. proposed the rst UnConditionally Secure mutual authentication protocol for low-cost RFID systems(UCS- RFID). The security of the UCS-RFID relies on ve dynamic secret keys which are updated at every protocol run using a fresh random number (nonce) secretly transmitted from a reader to tags. Our results show that, at the highest security level of the protocol (security parameter= 256), inferring a nonce is feasible with the probability of 0.99 by eavesdropping(observing) about 90 runs of the protocol. Finding a nonce enables a passive attacker to recover all ve secret keys of the protocol. To do so, we propose a three-phase probabilistic approach in this paper. Our attack recovers the secret keys with a probability that increases by accessing more protocol runs. We also show that tracing a tag using this protocol is also possible even with less runs of the protocol.

Category / Keywords: cryptographic protocols / RFID, Authentication Protocol, Passive Attack

Date: received 31 Aug 2010, last revised 4 Jan 2011

Contact author: reza sohizadeh at ii uib no

Available format(s): PDF | BibTeX Citation

Version: 20110104:152531 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]