Paper 2014/475

A Key Recovery Attack on Error Correcting Code Based a Lightweight Security Protocol

Imran Erguler

Abstract

One of the interesting types of RFID application is RFID searching which aims to hear a specific RFID tag from a large group of tags, i.e. ability of detecting whether a target RFID tag is nearby. Very recently, a lightweight protocol using error-correcting codes has been proposed by Chen et al. to provide a solution to needs in this field. The authors give a detailed analysis of their protocol in terms of security, privacy, communication overhead, hardware cost and they claim that it is a realizable scheme with fulfilling security and privacy requirements. In this study, however, we investigate security of this protocol and clearly demonstrate its security flaws that completely allow an adversary to exploit the system. In particular, by using linear properties of error correcting coding we firstly describe a tag tracing attack that undermines untraceability property which is one its design objectives. Then along with its implementation details we present a key recovery attack that reduces dramatically search space of a tag's secret key and show that an adversary can compromise it in practical time by only querying this tag for several times. As an illustrative example we retrieve the secret key of the protocol in two hours for the adopted linear block code C(47,24,11) which is one of the suggested codes.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
Authenticationerror correcting codinglightweightprivacyRFIDsecurity
Contact author(s)
imran erguler @ tubitak gov tr
History
2014-06-21: received
Short URL
https://ia.cr/2014/475
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/475,
      author = {Imran Erguler},
      title = {A Key Recovery Attack on Error Correcting Code Based a Lightweight Security Protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/475},
      year = {2014},
      url = {https://eprint.iacr.org/2014/475}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.