Alberto Peinado

HB-MP: A further step in the HB-family of lightweight authentication protocols

A family of lightweight authentication protocols has been developed since Hopper and Blum proposed the HB protocol in 2001. In 2005, the HB^+ protocol was proposed as an improvement of the original HB to overcome the weakness against active attacks. Later, several authors have successfully applied new attacks to both HB and HB^+, resulting in a new modification known as HB^+^+. Again, this protocol has been cryptanalyzed and a new protocol has been presented by Piramuthu in 2006. This kind of protocol is especially suitable for RFID systems in which every tag has to be authenticated by the reader. Taking into account security and performance aspects, we present in this paper a new protocol, named HB-MP, derived from HB^+, providing a more efficient performance and resistance to the active attacks applied to the HB-family.

Privacy and authentication protocol providing anonymous channels in GSM

A new efficient authentication protocol providing anonymous channels in the global system for mobile communications is presented, using algorithms A3, A5 and A8. The protocol is the result of a combination between the recent GSM authentication scheme proposed by Lee, Hwang and Yang (LHY) and the anonymous channel protocol presented by Lin and Jan (LJ). The result is a protocol with all the features of LHY scheme and the anonymity provided by LJ protocol.

Secure EPC Gen2 Compliant Radio Frequency Identification

The increased functionality of EPC Class1 Gen2 (EPCGen2) is making this standard a de facto specification for inexpensive tags in the RFID industry. Recently three EPCGen2 compliant protocols that address security issues were proposed in the literature. In this paper we analyze these protocols and show that they are not secure and subject to replay/impersonation and statistical analysis attacks. We then propose an EPCGen2 compliant RFID protocol that uses the numbers drawn from synchronized pseudorandom number generators (RNG) to provide secure tag identification and session unlinkability. This protocol is optimistic and its security reduces to the (cryptographic) pseudorandomness of the RNGs supported by EPCGen2.

Off-line password-guessing attack to Peyravian-Jeffries's remote user authentication protocol

Recently, Peyravian and Jeffries [M. Peyravian, C. Jeffries, Secure remote user access over insecure networks, Computer Communications 29 (2006) 660-667] have proposed two set of protocols to perform remote user authentication and password change in a secure manner. The first set of protocols is based on hash functions, where no symmetric or asymmetric encryption scheme is applied. As Peyravian and Jeffries claim, these protocols suffer from an off-line password-guessing attack. They propose a second set of protocols based on Diffie-Hellman key agreement scheme to overcome the mentioned weakness. However, we show in this paper that this second set of protocols suffers also from the off-line password-guessing attack when a server impersonation attack is performed.

Attacks on a distance bounding protocol

Singelee and Preneel have recently proposed a enhancement of Hancke and Kuhns distance bounding protocol for RFID. The authors claim that their protocol offers substantial reductions in the number of rounds, though preserving its advantages: suitable to be employed in noisy wireless environments, and requiring so few resources to run that it can be implemented on a low-cost device. Subsequently, the same authors have also proposed it as an efficient key establishment protocol in wireless personal area networks. Nevertheless, in this paper we show effective relay attacks on this protocol, which dramatically increase the success probability of an adversary. As a result, the effectiveness of Singelee and Preneels protocol is seriously questioned.

EPCGen2 Pseudorandom Number Generators: Analysis of J3Gen

This paper analyzes the cryptographic security of J3Gen, a promising pseudo random number generator for low-cost passive Radio Frequency Identification (RFID) tags. Although J3Gen has been shown to fulfill the randomness criteria set by the EPCglobal Gen2 standard and is intended for security applications, we describe here two cryptanalytic attacks that question its security claims: (i) a probabilistic attack based on solving linear equation systems; and (ii) a deterministic attack based on the decimation of the output sequence. Numerical results, supported by simulations, show that for the specific recommended values of the configurable parameters, a low number of intercepted output bits are enough to break J3Gen. We then make some recommendations that address these issues.

Cryptanalysis of LHL-key authentication scheme

It is proved that the LHL-key authentication scheme, proposed by Lee, Hwang and Li [Appl. Math. Comput. 139 (2003) 343], is insecure. The users private key can be obtained easily from the users public key certificate, hence compromising all the enciphered communications. In addition, the certificate validation process proposed in the same work is not a suitable one, as any certificate (valid or not) satisfies the verification equation. A slight modification is pointed out to overcome this severe weakness.

Security Analysis of Tu and Piramuthu's Protocol

RFID (radio frequency identification) devices are usually vulnerable to attacks related to proximity verification: distance fraud attacks, relay attacks and terrorist attacks. These attacks require simpler technical resources than tampering or cryptanalysis and, they cannot be prevented by ordinary security protocols that operate in the high layers of the protocol stack. Distance bounding protocols, which are tightly integrated into the physical layer, are the main countermeasure against them. Hancke and Kuhns protocol was the first distance bounding protocol for RFID. Tu and Piramuthu have recently proposed another protocol which outperform it. More precisely, the authors claim that their protocol reduces the false acceptance ratio and is resistant to terrorist attack. In this paper, however, we analyse this protocol and, discuss some aspects that could question its effectiveness.

Cryptanalysis of multicast protocols with key refreshment based on the extended euclidean algorithm

Recently, Naranjo, Lopez-Ramos and Casado have proposed a key refreshment for multicast schemes based on the extended Euclidean algorithm. We show in this paper that the key refreshment is not secure, describing several weaknesses and the algorithm to obtain the private key of any user. Hence, every system in which the key refreshment is applied will be compromised.

Attacks on ownership transfer scheme for multi-tag multi-owner passive RFID environments

Sundaresan etźal. proposed recently a novel ownership transfer protocol for multi-tag multi-owner RFID environments that complies with the EPC Class1 Generation2 standard. The authors claim that this provides individual-owner privacy and prevents tracking attacks. We show that this protocol falls short of its security objectives, and describe attacks that allow: (a) an eavesdropper to trace a tag, (b) the previous owner to obtain the private information that the tag shares with the new owner, and (c) an adversary that has access to the data stored on a tag to link this tag to previous interrogations (violating forward-secrecy). We analyze the security proof and show that while the first two cases can be addressed with a more careful design, strong privacy remains an open problem for lightweight RFID applications.