TY - JOUR
T1 - Cryptanalysis of Two Recent Ultra-Lightweight Authentication Protocols
AU - Servati, Mohammad Reza
AU - Safkhani, Masoumeh
AU - Ali, Saqib
AU - Malik, Mazhar Hussain
AU - Ahmed, Omed Hassan
AU - Hosseinzadeh, Mehdi
AU - Mosavi, Amir H.
N1 - Publisher Copyright:
© 2022 by the authors.
PY - 2022/12
Y1 - 2022/12
N2 - Radio Frequency Identification (RFID) technology is a critical part of many Internet of Things (IoT) systems, including Medical IoT (MIoT) for instance. On the other hand, the IoT devices’ numerous limitations (such as memory space, computing capability, and battery capacity) make it difficult to implement cost- and energy-efficient security solutions. As a result, several researchers attempted to address this problem, and several RFID-based security mechanisms for the MIoT and other constrained environments were proposed. In this vein, Wang et al. and Shariq et al. recently proposed CRUSAP and ESRAS ultra-lightweight authentication schemes. They demonstrated, both formally and informally, that their schemes meet the required security properties for RFID systems. In their proposed protocols, they have used a very lightweight operation called (Formula presented.) and (Formula presented.), respectively. However, in this paper, we show that those functions are not secure enough to provide the desired security. We show that (Formula presented.) is linear and reversible, and it is easy to obtain the secret values used in its calculation. Then, by exploiting the vulnerability of the (Formula presented.) function, we demonstrated that CRUSAP is vulnerable to secret disclosure attacks. The proposed attack has a success probability of "1" and is as simple as a CRUSAP protocol run. Other security attacks are obviously possible by obtaining the secret values of the tag and reader. In addition, we present a de-synchronization attack on the CRUSAP protocol. Furthermore, we provide a thorough examination of ESRAS and its (Formula presented.) function. We first present a de-synchronization attack that works for any desired (Formula presented.) function, including Shariq et al.’s proposed (Formula presented.) function. We also show that (Formula presented.) does not provide the desired confusion and diffusion that is claimed by the designers. Finally, we conduct a secret disclosure attack against ESRAS.
AB - Radio Frequency Identification (RFID) technology is a critical part of many Internet of Things (IoT) systems, including Medical IoT (MIoT) for instance. On the other hand, the IoT devices’ numerous limitations (such as memory space, computing capability, and battery capacity) make it difficult to implement cost- and energy-efficient security solutions. As a result, several researchers attempted to address this problem, and several RFID-based security mechanisms for the MIoT and other constrained environments were proposed. In this vein, Wang et al. and Shariq et al. recently proposed CRUSAP and ESRAS ultra-lightweight authentication schemes. They demonstrated, both formally and informally, that their schemes meet the required security properties for RFID systems. In their proposed protocols, they have used a very lightweight operation called (Formula presented.) and (Formula presented.), respectively. However, in this paper, we show that those functions are not secure enough to provide the desired security. We show that (Formula presented.) is linear and reversible, and it is easy to obtain the secret values used in its calculation. Then, by exploiting the vulnerability of the (Formula presented.) function, we demonstrated that CRUSAP is vulnerable to secret disclosure attacks. The proposed attack has a success probability of "1" and is as simple as a CRUSAP protocol run. Other security attacks are obviously possible by obtaining the secret values of the tag and reader. In addition, we present a de-synchronization attack on the CRUSAP protocol. Furthermore, we provide a thorough examination of ESRAS and its (Formula presented.) function. We first present a de-synchronization attack that works for any desired (Formula presented.) function, including Shariq et al.’s proposed (Formula presented.) function. We also show that (Formula presented.) does not provide the desired confusion and diffusion that is claimed by the designers. Finally, we conduct a secret disclosure attack against ESRAS.
KW - Cro(·) function
KW - medical wireless sensor network
KW - Rank(·) function
KW - secret disclosure attack
KW - ultra-lightweight
UR - http://www.scopus.com/inward/record.url?scp=85143609460&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85143609460&partnerID=8YFLogxK
U2 - 10.3390/math10234611
DO - 10.3390/math10234611
M3 - Article
AN - SCOPUS:85143609460
SN - 2227-7390
VL - 10
JO - Mathematics
JF - Mathematics
IS - 23
M1 - 4611
ER -