两种轻量级RFID认证方案的密码分析

Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07) Pub Date : 2007-03-19 DOI:10.1109/PERCOMW.2007.34

Benessa Defend, Kevin Fu, A. Juels

{"title":"两种轻量级RFID认证方案的密码分析","authors":"Benessa Defend, Kevin Fu, A. Juels","doi":"10.1109/PERCOMW.2007.34","DOIUrl":null,"url":null,"abstract":"Vajda and Buttyan proposed several lightweight authentication protocols for authenticating RFID tags to readers, and left open the quantifiable cryptographic strength. Our cryptanalysis answers this open question by implementing and measuring attacks against their XOR and SUBSET protocols. A passive eavesdropper can impersonate a tag in the XOR protocol after observing only 70 challenge-response transactions between the tag and reader. In contrast, the theoretical maximum strength of the XOR protocol could have required 16! * 2 observed transactions to break the key. Our experiments also show that a passive eavesdropper can recover the shared secret used in the XOR protocol by observing an expected 1,092 transactions. Additionally, a nearly optimal active attack against the SUBSET protocol extracts almost one bit of information for each bit emitted by the tag","PeriodicalId":352348,"journal":{"name":"Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-03-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"47","resultStr":"{\"title\":\"Cryptanalysis of Two Lightweight RFID Authentication Schemes\",\"authors\":\"Benessa Defend, Kevin Fu, A. Juels\",\"doi\":\"10.1109/PERCOMW.2007.34\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Vajda and Buttyan proposed several lightweight authentication protocols for authenticating RFID tags to readers, and left open the quantifiable cryptographic strength. Our cryptanalysis answers this open question by implementing and measuring attacks against their XOR and SUBSET protocols. A passive eavesdropper can impersonate a tag in the XOR protocol after observing only 70 challenge-response transactions between the tag and reader. In contrast, the theoretical maximum strength of the XOR protocol could have required 16! * 2 observed transactions to break the key. Our experiments also show that a passive eavesdropper can recover the shared secret used in the XOR protocol by observing an expected 1,092 transactions. Additionally, a nearly optimal active attack against the SUBSET protocol extracts almost one bit of information for each bit emitted by the tag\",\"PeriodicalId\":352348,\"journal\":{\"name\":\"Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-03-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"47\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PERCOMW.2007.34\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PERCOMW.2007.34","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 47

摘要

Vajda和Buttyan提出了几种轻量级的身份验证协议，用于向阅读器验证RFID标签，并开放了可量化的加密强度。我们的密码分析通过实现和测量针对其异或和子集协议的攻击来回答这个开放的问题。被动窃听者在观察标签和阅读器之间的70次质询-响应事务后，可以模拟XOR协议中的标签。相比之下，XOR协议的理论最大强度可能需要16!* 2观察事务破键。我们的实验还表明，被动窃听者可以通过观察1092个交易来恢复XOR协议中使用的共享秘密。此外，针对子集协议的一种近乎最优的主动攻击可以从标签发出的每一个比特中提取几乎一个比特的信息

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Cryptanalysis of Two Lightweight RFID Authentication Schemes

Vajda and Buttyan proposed several lightweight authentication protocols for authenticating RFID tags to readers, and left open the quantifiable cryptographic strength. Our cryptanalysis answers this open question by implementing and measuring attacks against their XOR and SUBSET protocols. A passive eavesdropper can impersonate a tag in the XOR protocol after observing only 70 challenge-response transactions between the tag and reader. In contrast, the theoretical maximum strength of the XOR protocol could have required 16! * 2 observed transactions to break the key. Our experiments also show that a passive eavesdropper can recover the shared secret used in the XOR protocol by observing an expected 1,092 transactions. Additionally, a nearly optimal active attack against the SUBSET protocol extracts almost one bit of information for each bit emitted by the tag

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07)

自引率

0.00%

发文量