Paper 2019/851

On Designing Lightweight RFID Security Protocols for Medical IoT

Masoumeh Safkhani, Ygal Bendavid, Samad Rostampour, and Nasour Bagheri

Abstract

Recently, in IEEE Transactions on Industrial Informatics, Fan et al. proposed a lightweight RFID protocol which has been suggested to be employed for protecting the Medical Privacy in an IoT system. However, the protocol has trivial flaws, as it is shown recently by Aghili et al., in Future Generation Computer Systems. Aghili et al. also proposed an improved version of the protocol, based on the similar designing paradigm, called SecLAP. Although the protocol's designers claimed full security against all attacks, we show that the proposed protocol has serious security flaws, by presenting traceability and passive secret disclosure attacks against this protocol. More precisely, we present passive partial secret disclosure attack with the complexity of eavesdropping one session of the protocol and success probability of `1'. The disclosed parameters can be used to trace the tag/reader in any later session which compromises the tag/reader privacy. In addition, we present a passive full secret disclosure attack against SecLAP which can disclose $2n$-bit secret key, $n$-bit $TID$ and $n$-bit $RID$ with the computational complexity of $27n^7$. In addition, we show that, as it is expected, Fan et al.'s protocol has security flaws in random oracle model, where the adversary's advantage after $q$ queries to distinguish the protocol from a random oracle is $1- 2^{-q} $. We also evaluate the security of SecLAP in the random oracle model and show that it is as insecure as its predecessor.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
RFIDAuthenticationUltralightweightSecLAPPassive AttackRandom Oracle Model
Contact author(s)
Safkhani @ srttu edu
bendavid ygal @ uqam ca
samad rostampour @ iauahvaz ac ir
na bagheri @ gmail com
History
2019-07-23: revised
2019-07-22: received
See all versions
Short URL
https://ia.cr/2019/851
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/851,
      author = {Masoumeh Safkhani and Ygal Bendavid and Samad Rostampour and Nasour Bagheri},
      title = {On Designing Lightweight {RFID} Security Protocols for Medical {IoT}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/851},
      year = {2019},
      url = {https://eprint.iacr.org/2019/851}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.