## Cryptology ePrint Archive: Report 2019/851

On Designing Lightweight RFID Security Protocols for Medical IoT

Masoumeh Safkhani and Ygal Bendavid and Samad Rostampour and Nasour Bagheri

Abstract: Recently, in IEEE Transactions on Industrial Informatics, Fan et al. proposed a lightweight RFID protocol which has been suggested to be employed for protecting the Medical Privacy in an IoT system. However, the protocol has trivial flaws, as it is shown recently by Aghili et al., in Future Generation Computer Systems. Aghili et al. also proposed an improved version of the protocol, based on the similar designing paradigm, called SecLAP. Although the protocol's designers claimed full security against all attacks, we show that the proposed protocol has serious security flaws, by presenting traceability and passive secret disclosure attacks against this protocol. More precisely, we present passive partial secret disclosure attack with the complexity of eavesdropping one session of the protocol and success probability of `1'. The disclosed parameters can be used to trace the tag/reader in any later session which compromises the tag/reader privacy. In addition, we present a passive full secret disclosure attack against SecLAP which can disclose $2n$-bit secret key, $n$-bit $TID$ and $n$-bit $RID$ with the computational complexity of $27n^7$. In addition, we show that, as it is expected, Fan et al.'s protocol has security flaws in random oracle model, where the adversary's advantage after $q$ queries to distinguish the protocol from a random oracle is $1- 2^{-q}$. We also evaluate the security of SecLAP in the random oracle model and show that it is as insecure as its predecessor.

Category / Keywords: cryptographic protocols / RFID, Authentication, Ultralightweight, SecLAP, Passive Attack, Random Oracle Model

Date: received 22 Jul 2019, last revised 22 Jul 2019

Contact author: Safkhani at srttu edu,bendavid ygal@uqam ca,samad rostampour@iauahvaz ac ir,na bagheri@gmail com

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2019/851

[ Cryptology ePrint archive ]