research-article

SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity

Author:

Hung-Yu ChienAuthors Info & Claims

IEEE Transactions on Dependable and Secure Computing, Volume 4, Issue 4

Pages 337 - 340

https://doi.org/10.1109/TDSC.2007.70226

Published: 01 October 2007 Publication History

Abstract

As low-cost RFIDs become more and more popular, it is imperative to design ultra-lightweight RFID authentication protocols to resist all possible attacks and threats. However, all the previous ultra-lightweight authentication schemes are vulnerable to various attacks. In this paper, we propose a new ultra-lightweight RFID authentication protocol that provides strong authentication and strong integrity protection of its transmission and of updated data. The protocol requires only simple bit-wise operations on the tag and can resist all the possible attacks. These features make it very attractive to low-cost RFIDs and very low-cost RFIDs.

References

[1]

G. Avoine, E. Dysli, and P. Oechslin, “Reducing Time Complexity in RFID Systems,” Proc. 12th Ann. Workshop Selected Areas in Cryptography (SAC), 2005.

Digital Library

[2]

S.C. Bono, M. Green, A. Stubblefield, A. Juels, A.D. Rubin, M. Szydlo, “Security Analysis of a Cryptographically-Enabled RFID Device,” Proc. 14th USENIX Security Symp., pp. 1-16, 2005.

Digital Library

[3]

J. Bringer, H. Chabanne, and E. Dottax, “HB++: A Lightweight Authentication Protocol Secure against Some Attacks,” Proc. IEEE Int'l Conf. Pervasive Service, Workshop Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2006.

Digital Library

[4]

H.-Y. Chien, “Secure Access Control Schemes for RFID Systems with Anonymity,” Proc. 2006 Int'l Workshop Future Mobile and Ubiquitous Information Technologies (FMUIT '06), 2006.

Digital Library

[5]

H.-Y. Chien and C.-H. Chen, “Mutual Authentication Protocol for RFID Conforming to EPC Class 1 Generation 2 Standards,” Computers Standards & Interfaces, vol. 29, no. 2, pp 254-259, 2007.

Digital Library

[6]

H.-Y. Chien and C.-W. Huang, “Security of Ultra-Lightweight RFID Authentication Protocols and Its Improvements,” ACM Operating System Rev., vol. 41, no. 2, pp. 83-86, July 2007.

Digital Library

[7]

D.N. Duc, J. Park, H. Lee, and K. Kim, “Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning,” Proc. 2006 Symp. Cryptography and Information Security, 2006.

[8]

EPCglobal, http://www.epcglobalinc.org/, 2007.

[9]

H. Gilbert, M. Robshaw, and H. Sibert, “An Active Attack against HB+-A Provably Secure Lightweight Authentication Protocol,” Cryptology ePrint Archive, Report 2005/237, 2005.

[10]

A.D. Henrici and P. Mäuller, “Hash-Based Enhancement of Location Privacy for Radio-Frequency Identification Devices Using Varying Identifiers,” Proc. Second IEEE Ann. Conf. Pervasive Computing and Comm. Workshops, pp. 149-153 2004.

Digital Library

[11]

N.J. Hopper and M. Blum, “Secure Human Identification Protocols,” Proc. Seventh Int'l Conf. Theory and Application of Cryptology and Information Security, pp. 52-66, 2001.

Digital Library

[12]

A. Juels, “Strengthening EPC Tag against Cloning,” Proc. ACM Workshop Wireless Security (WiSe '05), pp. 67-76, 2005.

Digital Library

[13]

A. Juels, D. Molner, and D. Wagner, “Security and Privacy Issues in E-Passports,” Proc. First Int'l Conf. Security and Privacy for Emerging Areas in Comm. Networks (SecureComm '05), 2005.

Digital Library

[14]

A. Juels and S.A. Weis, “Authenticating Pervasive Devices with Human Protocols,” Proc. 25th Ann. Int'l Cryptology Conf. (CRYPTO '05), pp. 293-308, 2005.

Digital Library

[15]

S. Karthikeyan and M. Nesterenko, “RFID Security without Extensive Cryptography,” Proc. Third ACM Workshop Security of Ad Hoc and Sensor Networks, pp. 63-67, 2005.

Digital Library

[16]

S. Kinoshita, M. Ohkubo, F. Hoshino, G. Morohashi, O. Shionoiri, and A. Kanai, “Privacy Enhanced Active RFID Tag,” Proc. Int'l Workshop Exploiting Context Histories in Smart Environments, May 2005.

[17]

S.S. Kumar and C. Paar, “Are Standards Compliant Elliptic Curve Cryptosystems Feasible on RFID?” Proc. Workshop RFID Security, July 2006.

[18]

T. Li and R.H. Deng, “Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol,” Proc. Second Int'l Conf. Availability, Reliability, and Security (AReS '07), 2007.

Digital Library

[19]

T. Li and G. Wang, “Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols,” Proc. 22nd IFIP TC-11 Int'l Information Security Conf., May 2007.

[20]

D. Molnar and D. Wagner, “Privacy and Security in Library RFID: Issues, Practices, and Architectures,” Proc. Conf. Computer and Comm. Security (CCS '04), pp. 210-219, 2004.

Digital Library

[21]

J. Munilla and A. Peinado, “HB-MP: A Further Step in the HB-Family of Lightweight Authentication Protocols,” Computer Networks. 2007.

[22]

M. Ohkubo, K. Suzki, and S. Kinoshita, “Cryptographic Approach to 'Privacy-Friendly' Tags,” Proc. RFID Privacy Workshop, 2003.

[23]

P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, “LMAP: A Real Lightweight Mutual Authentication Protocol for Low-Cost RFID Tags,” Proc. Second Workshop RFID Security, July 2006.

[24]

P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, “EMAP: An Efficient Mutual Authentication Protocol for Low-Cost RFID Tags,” Proc. OTM Federated Conf. and Workshop: IS Workshop, Nov. 2006.

Digital Library

[25]

P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, “M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags,” Proc. Int'l Conf. Ubiquitous Intelligence and Computing (UIC '06), pp. 912-923 2006.

Digital Library

[26]

S. Piramuthu, “HB and Related Lightweight Authentication Protocols for Secure RFID Tag/Reader Authentication,” Proc. CollECTeR Europe Conf., June 2006.

[27]

K. Rhee, J. Kwak, S. Kim, and D. Won, “Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment,” Proc. Int'l Conf. Security in Pervasive Computing (SPC '05), pp. 70-84, 2005.

Digital Library

[28]

S.A. Weis, “Security and Privacy in Radio-Frequency Identification Devices,” master's thesis, MIT, 2003.

[29]

S.A. Weis, S.E. Sarma, R.L. Rivest, and D.W. Engels, “Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems,” Security in Pervasive Computing, pp. 201-212, Springer, 2004.

[30]

J. Yang, J. Park, H. Lee, K. Ren, and K. Kim, “Mutual Authentication Protocol for Low-Cost RFID,” Proc. Ecrypt Workshop RFID and Lightweight Crypto, 2005.

[31]

J. Yang, K. Ren, and K. Kim, “Security and Privacy on Authentication Protocol for Low-Cost Radio,” Proc. 2005 Symp. Cryptography and Information Security, 2005.

Cited By

Barbareschi MCasola VEmmanuele ALombardi D(2024)On the adoption of PUF for key agreement scheme in Internet of ThingsProceedings of the 21st ACM International Conference on Computing Frontiers: Workshops and Special Sessions10.1145/3637543.3654656(17-24)Online publication date: 7-May-2024
https://dl.acm.org/doi/10.1145/3637543.3654656
Pan QAn ZZhao XYang L(2024)The Power of Precision: High-Resolution Backscatter Frequency Drift in RFID IdentificationIEEE Transactions on Mobile Computing10.1109/TMC.2023.334768123:8(8370-8385)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1109/TMC.2023.3347681
Kumar RSingh SLobiyal D(2024)UPSRVNet: Ultralightweight, Privacy preserved, and Secure RFID-based authentication protocol for VIoT NetworksThe Journal of Supercomputing10.1007/s11227-023-05463-180:1(942-969)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1007/s11227-023-05463-1
Show More Cited By

Index Terms

SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity

Recommendations

Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI

Since RFID tags are ubiquitous and at times even oblivious to the human user, all modern RFID protocols are designed to resist tracking so that the location privacy of the human RFID user is not violated. Another design criterion for RFIDs is the low ...
Matchbox: Secure Data Sharing

Homeland security requires that organizations share sensitive data, but both suppliers and users must typically restrict data access for security, legal, or business reasons. Matchbox database servers provide highly secure, fine-grained access control ...
Strong authentication and strong integrity (SASI) is not that strong
RFIDSec'10: Proceedings of the 6th international conference on Radio frequency identification: security and privacy issues

In this work, we present a practical passive attack on SASI, an ultra-lightweight mutual authentication protocol for RFID. This attack can be used to reveal with overwhelming probability the secret ID of the prover by eavesdropping about 2¹⁷ ...

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing Volume 4, Issue 4

October 2007

96 pages

ISSN:1545-5971

Issue’s Table of Contents

Copyright © 2007.

Publisher

IEEE Computer Society Press

Washington, DC, United States

Publication History

Published: 01 October 2007

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

100
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Barbareschi MCasola VEmmanuele ALombardi D(2024)On the adoption of PUF for key agreement scheme in Internet of ThingsProceedings of the 21st ACM International Conference on Computing Frontiers: Workshops and Special Sessions10.1145/3637543.3654656(17-24)Online publication date: 7-May-2024
https://dl.acm.org/doi/10.1145/3637543.3654656
Pan QAn ZZhao XYang L(2024)The Power of Precision: High-Resolution Backscatter Frequency Drift in RFID IdentificationIEEE Transactions on Mobile Computing10.1109/TMC.2023.334768123:8(8370-8385)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1109/TMC.2023.3347681
Kumar RSingh SLobiyal D(2024)UPSRVNet: Ultralightweight, Privacy preserved, and Secure RFID-based authentication protocol for VIoT NetworksThe Journal of Supercomputing10.1007/s11227-023-05463-180:1(942-969)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1007/s11227-023-05463-1
Ghosh HMaurya PBagchi S(2023)Linear complementary pair of codes based lightweight RFID protocolComputer Communications10.1016/j.comcom.2023.05.022208:C(79-88)Online publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1016/j.comcom.2023.05.022
Duan LLi YLiao L(2023)Efficient Forward Secrecy for TLS-PSK from Pure Symmetric CryptographyInformation Security10.1007/978-3-031-49187-0_21(415-434)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1007/978-3-031-49187-0_21
Lounis KZulkernine M(2022)Lessons Learned: Analysis of PUF-based Authentication Protocols for IoTDigital Threats: Research and Practice10.1145/34870604:2(1-33)Online publication date: 18-Feb-2022
https://dl.acm.org/doi/10.1145/3487060
Wang PYan ZZeng K(2022)BCAuth: Physical Layer Enhanced Authentication and Attack Tracing for Backscatter CommunicationsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2022.319540717(2818-2834)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1109/TIFS.2022.3195407
Alzahrani BIrshad A(2022)An Improved IoT/RFID-Enabled Object Tracking and Authentication Scheme for Smart LogisticsWireless Personal Communications: An International Journal10.1007/s11277-022-10103-7129:1(399-422)Online publication date: 12-Nov-2022
https://dl.acm.org/doi/10.1007/s11277-022-10103-7
Gao MLu Y(2022)URAP: a new ultra-lightweight RFID authentication protocol in passive RFID systemThe Journal of Supercomputing10.1007/s11227-021-04252-y78:8(10893-10905)Online publication date: 1-May-2022
https://dl.acm.org/doi/10.1007/s11227-021-04252-y
Shariq MSingh KMaurya PAhmadian ATaniar D(2022)AnonSURP: an anonymous and secure ultralightweight RFID protocol for deployment in internet of vehicles systemsThe Journal of Supercomputing10.1007/s11227-021-04232-278:6(8577-8602)Online publication date: 1-Apr-2022
https://dl.acm.org/doi/10.1007/s11227-021-04232-2
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents