BIT manipulation attack to ultralightweight RFID protocols

Abstract

Radio frequency identification (RFID) enables identification of objects that are labeled with small tags in a wide variety of environments without needing a physical contact and a line-of-sight. A typical RFID system consists of mainly three components: tags, one or more readers, and a back-end server. Because of their low production cost and small size, RFID tags are becoming pervasive and foreseen as one of the main elements in ubiquitous wireless communication. However, computational constraints mostly driven by the cost concerns of RFID tags only permit to have security schemes that are simple combinations of elementary operations rather than the bullet proven yet computationally intensive cryptographic primitives. Ultralightweight RFID authentication protocols are considered as a class of these schemes because they only use the basic bitwise and arithmetic operations such as XOR, OR and AND. This thesis mainly includes two parts. First part includes the analysis of previous ultralightweight RFID protocols and their security weaknesses. At the second part, we analyze a modi ed version of the stable ultralightweight mutual authentication protocol denoted by SLMAP* and a new ultralightweight RFID authentication protocol based on random partition represented by PRAP. After bit manipulation attack, it is shown that some of the freshly produced variables can be assigned to di erent values at reader and tag side that presumably causes a desynchronization vulnerability both for SLMAP* and PRAP.