Paper 2019/851
On Designing Lightweight RFID Security Protocols for Medical IoT
Masoumeh Safkhani, Ygal Bendavid, Samad Rostampour, and Nasour Bagheri
Abstract
Recently, in IEEE Transactions on Industrial Informatics, Fan et al. proposed a lightweight RFID protocol which has been suggested to be employed for protecting the Medical Privacy in an IoT system. However, the protocol has trivial flaws, as it is shown recently by Aghili et al., in Future Generation Computer Systems. Aghili et al. also proposed an improved version of the protocol, based on the similar designing paradigm, called SecLAP. Although the protocol's designers claimed full security against all attacks, we show that the proposed protocol has serious security flaws, by presenting traceability and passive secret disclosure attacks against this protocol. More precisely, we present passive partial secret disclosure attack with the complexity of eavesdropping one session of the protocol and success probability of `1'. The disclosed parameters can be used to trace the tag/reader in any later session which compromises the tag/reader privacy. In addition, we present a passive full secret disclosure attack against SecLAP which can disclose $2n$-bit secret key, $n$-bit $TID$ and $n$-bit $RID$ with the computational complexity of $27n^7$. In addition, we show that, as it is expected, Fan et al.'s protocol has security flaws in random oracle model, where the adversary's advantage after $q$ queries to distinguish the protocol from a random oracle is $1- 2^{-q} $. We also evaluate the security of SecLAP in the random oracle model and show that it is as insecure as its predecessor.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- RFIDAuthenticationUltralightweightSecLAPPassive AttackRandom Oracle Model
- Contact author(s)
-
Safkhani @ srttu edu
bendavid ygal @ uqam ca
samad rostampour @ iauahvaz ac ir
na bagheri @ gmail com - History
- 2019-07-23: revised
- 2019-07-22: received
- See all versions
- Short URL
- https://ia.cr/2019/851
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/851, author = {Masoumeh Safkhani and Ygal Bendavid and Samad Rostampour and Nasour Bagheri}, title = {On Designing Lightweight {RFID} Security Protocols for Medical {IoT}}, howpublished = {Cryptology {ePrint} Archive, Paper 2019/851}, year = {2019}, url = {https://eprint.iacr.org/2019/851} }