IDEAS home Printed from https://ideas.repec.org/a/gam/jmathe/v10y2022i23p4611-d994160.html
   My bibliography  Save this article

Cryptanalysis of Two Recent Ultra-Lightweight Authentication Protocols

Author

Listed:
  • Mohammad Reza Servati

    (Faculty of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran)

  • Masoumeh Safkhani

    (Faculty of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran
    School of Computer Science, Institute for Research in Fundamental Sciences (IPM), P.O. Box 19395-5746, Tehran 16788-15811, Iran)

  • Saqib Ali

    (Department of Information Systems, College of Economics and Political Science, Sultan Qaboos University, Al Khoudh, Muscat P.C. 123, Oman)

  • Mazhar Hussain Malik

    (School of Computing and Creative Technologies, College of Arts, Technology and Environment (CATE), University of the West of England, Frenchay Campus, Coldharbour Lane, Bristol BS16 1QY, UK)

  • Omed Hassan Ahmed

    (Department of Information Technology, University of Human Development, Sulaymaniyah 0778-6, Iraq)

  • Mehdi Hosseinzadeh

    (Pattern Recognition and Machine Learning Lab, Gachon University, 1342 Seongnamdaero, Sujeonggu, Seongnam 13120, Republic of Korea)

  • Amir H. Mosavi

    (Institute of Software Design and Development, Obuda University, 1034 Budapest, Hungary)

Abstract

Radio Frequency Identification (RFID) technology is a critical part of many Internet of Things (IoT) systems, including Medical IoT (MIoT) for instance. On the other hand, the IoT devices’ numerous limitations (such as memory space, computing capability, and battery capacity) make it difficult to implement cost- and energy-efficient security solutions. As a result, several researchers attempted to address this problem, and several RFID-based security mechanisms for the MIoT and other constrained environments were proposed. In this vein, Wang et al. and Shariq et al. recently proposed CRUSAP and ESRAS ultra-lightweight authentication schemes. They demonstrated, both formally and informally, that their schemes meet the required security properties for RFID systems. In their proposed protocols, they have used a very lightweight operation called C r o ( · ) and R a n k ( · ) , respectively. However, in this paper, we show that those functions are not secure enough to provide the desired security. We show that C r o ( · ) is linear and reversible, and it is easy to obtain the secret values used in its calculation. Then, by exploiting the vulnerability of the C r o ( · ) function, we demonstrated that CRUSAP is vulnerable to secret disclosure attacks. The proposed attack has a success probability of "1" and is as simple as a CRUSAP protocol run. Other security attacks are obviously possible by obtaining the secret values of the tag and reader. In addition, we present a de-synchronization attack on the CRUSAP protocol. Furthermore, we provide a thorough examination of ESRAS and its R a n k ( · ) function. We first present a de-synchronization attack that works for any desired R a n k ( · ) function, including Shariq et al.’s proposed R a n k ( · ) function. We also show that R a n k ( · ) does not provide the desired confusion and diffusion that is claimed by the designers. Finally, we conduct a secret disclosure attack against ESRAS.

Suggested Citation

  • Mohammad Reza Servati & Masoumeh Safkhani & Saqib Ali & Mazhar Hussain Malik & Omed Hassan Ahmed & Mehdi Hosseinzadeh & Amir H. Mosavi, 2022. "Cryptanalysis of Two Recent Ultra-Lightweight Authentication Protocols," Mathematics, MDPI, vol. 10(23), pages 1-16, December.
  • Handle: RePEc:gam:jmathe:v:10:y:2022:i:23:p:4611-:d:994160
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-7390/10/23/4611/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/2227-7390/10/23/4611/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Madiha Khalid & Umar Mujahid & Muhammad Najam-ul-Islam, 2018. "Cryptanalysis of ultralightweight mutual authentication protocol for radio frequency identification enabled Internet of Things networks," International Journal of Distributed Sensor Networks, , vol. 14(8), pages 15501477187, August.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.

      Corrections

      All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:10:y:2022:i:23:p:4611-:d:994160. See general information about how to correct material in RePEc.

      If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

      If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

      If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

      For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

      Please note that corrections may take a couple of weeks to filter through the various RePEc services.

      IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.