P. D'Arco and R. De Prisco
Dipartimento di Informatica Universita di Salerno Fisciano (SA), Italy
Abstract. In this paper we focus our attention on the design of several recently proposed ultralightweight authentication protocols and show that the underlying methodology is not sound. Indeed, the common fea- ture of these protocols lies in the use of transforms, which are the main building blocks. We analyze these transforms and show that all of them present some weaknesses, which can be essentially reduced to poor con- fusion and diffusion in the input-output mappings. Then, exploiting the weaknesses of the transforms, we describe impersonation attacks against the ultralightweight authentication protocols in which they are used: pre- cisely, RCIA, KMAP, SLAP, and SASI+. On average, an attack requires a constant number of interactions with the targeted tag, compared to the allegedly needed exponential number in the informal security analysis. Moreover, since the weaknesses are in the transforms, the attack strate- gies we describe can be used to subvert any other protocol that uses the same transforms or closely-related ones.
The paper published in the IFIP SEC 2018 confeence proceedings by Springer Verlag