{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,1,29]],"date-time":"2025-01-29T05:57:31Z","timestamp":1738130251624,"version":"3.33.0"},"reference-count":30,"publisher":"Wiley","issue":"2","license":[{"start":{"date-parts":[[2008,2,29]],"date-time":"2008-02-29T00:00:00Z","timestamp":1204243200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security Comm Networks"],"published-print":{"date-parts":[[2008,3]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>It is very challenging on designing cryptographically strong security functions that can be incorporated into low\u2010cost radio frequency identification (RFID) tags. Some RFID authentication protocols were proposed using only ultra\u2010lightweight primitives, while the security of them must be scrutinized before being put forth into any real application. In this paper, we present two effective attacks, namely<jats:italic>de\u2010synchronization attack<\/jats:italic>and<jats:italic>full\u2010disclosure attack<\/jats:italic>, against an efficient ultra\u2010lightweight RFID mutual authentication protocol: LMAP<jats:ext-link xmlns:xlink=\"http:\/\/www.w3.org\/1999\/xlink\" xlink:href=\"#bib2\">2<\/jats:ext-link>, which is recently proposed by Peris\u2010Lopez<jats:italic>et al<\/jats:italic>. These active attacks are so serious as they cannot only disable the authentication capability of an RFID tag by destroying synchronization between the tag and the RFID reader, but also disclose all secret values stored in the tag. We point out the design flaws of the protocol and based on that, we improve the protocol with a stateful variant (SLMAP). The improved protocol is more secure in sense of tag anonymity, man\u2010in\u2010the\u2010middle (MITM) resistance, and forgery prevention as shown in our analysis, and is more compact due to reduced operations and memory usage on implementing such a tag. Copyright \u00a9 2008 John Wiley &amp; Sons, Ltd.<\/jats:p>","DOI":"10.1002\/sec.8","type":"journal-article","created":{"date-parts":[[2008,2,29]],"date-time":"2008-02-29T14:16:30Z","timestamp":1204294590000},"page":"135-146","source":"Crossref","is-referenced-by-count":8,"title":["The security and improvement of an ultra\u2010lightweight RFID authentication protocol"],"prefix":"10.1002","volume":"1","author":[{"given":"Tieyan","family":"Li","sequence":"first","affiliation":[]},{"given":"Robert H.","family":"Deng","sequence":"additional","affiliation":[]},{"given":"Guilin","family":"Wang","sequence":"additional","affiliation":[]}],"member":"311","published-online":{"date-parts":[[2008,2,29]]},"reference":[{"key":"e_1_2_1_2_2","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2005.861395"},{"key":"e_1_2_1_3_2","doi-asserted-by":"crossref","unstructured":"Peris\u2010LopezP Hernandez\u2010CastroJC Estevez\u2010TapiadorJM RibagordaA.LMAP: a real lightweight mutual authentication protocol for low\u2010cost RFID tags. InProceedings of 2nd Workshop on RFID Security July2006.","DOI":"10.1007\/11833529_93"},{"key":"e_1_2_1_4_2","doi-asserted-by":"crossref","unstructured":"FeldhoferM DominikusS WolkerstorferJ.Strong authentication for RFID systems using the AES algorithm. InProceedings of CHES'04 LNCS Vol. 3156 2004;357\u2013370.","DOI":"10.1007\/978-3-540-28632-5_26"},{"key":"e_1_2_1_5_2","doi-asserted-by":"crossref","unstructured":"MolnarD WagnerD.Privacy and security in library RFID: issues practices and architectures. InProceedings of CCS'04 ACM Press 2004;210\u2013219.","DOI":"10.1145\/1030083.1030112"},{"key":"e_1_2_1_6_2","doi-asserted-by":"crossref","unstructured":"SarmaS WeisS EngelsD.RFID systems and security and privacy implications. InProceedings of CHES'02 LNCS 2523 Springer\u2010Verlag 2002;454\u2013469.","DOI":"10.1007\/3-540-36400-5_33"},{"key":"e_1_2_1_7_2","doi-asserted-by":"crossref","unstructured":"WeisS.Security parallels between people and pervasive devices. InProceedings of PERSEC'05 IEEE Computer Society Press 2005;105\u2013109.","DOI":"10.1109\/PERCOMW.2005.72"},{"key":"e_1_2_1_8_2","doi-asserted-by":"crossref","unstructured":"JuelsA WeisS.Authenticating pervasive devices with human protocols. InProceedings of CRYPTO'05 LNCS 3126 Springer\u2010Verlag 2005;293\u2013308.","DOI":"10.1007\/11535218_18"},{"key":"e_1_2_1_9_2","doi-asserted-by":"crossref","unstructured":"GilbertH BobshawM SilbertH.An Active Attack against HB+\u2010A Probable Secure Lightweight Authentication Protocol.Cryptology ePrint Archive Report 2005\/237 2007.","DOI":"10.1049\/el:20052622"},{"key":"e_1_2_1_10_2","doi-asserted-by":"crossref","unstructured":"BringerJ ChabanneH DottaxE.HB++: a lightweight authentication protocol secure against some attacks. InProceedings of SecPerU'06 IEEE Computer Society Press 2006;28\u201333.","DOI":"10.1109\/SECPERU.2006.10"},{"key":"e_1_2_1_11_2","unstructured":"VajdaI ButtyanL.Lightweight authentication protocols for low\u2010cost RFID tags. InProceedings of UBICOMP'03 2003."},{"key":"e_1_2_1_12_2","doi-asserted-by":"crossref","unstructured":"DefendB FuK JuelsA.Cryptanalysis of two lightweight RFID authentication schemes. InFourth IEEE International Workshop on Pervasive Computing and Communication Security (PerSec) Workshop March2007.","DOI":"10.1109\/PERCOMW.2007.34"},{"key":"e_1_2_1_13_2","doi-asserted-by":"crossref","unstructured":"JuelsA.Minimalist cryptography for low\u2010cost RFID tags. InProceedings of SCN'04 LNCS 3352 Springer\u2010Verlag 2004;149\u2013164.","DOI":"10.1007\/978-3-540-30598-9_11"},{"key":"e_1_2_1_14_2","doi-asserted-by":"crossref","unstructured":"Peris\u2010LopezP Hernandez\u2010CastroJC Estevez\u2010TapiadorJM RibagordaA.M2AP: a minimalist mutual\u2010authentication protocol for low\u2010cost RFID tags. InProceedings of International Conference on Ubiquitous Intelligence and Computing UIC'06 LNCS 4159 Springer\u2010Verlag 2006;912\u2013923.","DOI":"10.1007\/11833529_93"},{"key":"e_1_2_1_15_2","doi-asserted-by":"crossref","unstructured":"Peris\u2010LopezP Hernandez\u2010CastroJC Estevez\u2010TapiadorJM RibagordaA.EMAP: an efficient mutual authentication protocol for low\u2010cost RFID tags. InOTM Federated Conferences and Workshop: IS Workshop November2006.","DOI":"10.1007\/11915034_59"},{"key":"e_1_2_1_16_2","doi-asserted-by":"crossref","unstructured":"LiT DengRH.Vulnerability analysis of EMAP\u2014an efficient RFID mutual authentication protocol. InProceedings of the Second International Conference on Availability Reliability and Security (AReS 2007) Vienna 10\u201313 April 2007.","DOI":"10.1109\/ARES.2007.159"},{"key":"e_1_2_1_17_2","doi-asserted-by":"crossref","unstructured":"LiT WangG.Security analysis of two ultra\u2010lightweight RFID authentication protocols. InProceedings of IFIP SEC 2007 Sandton Gauteng South Africa 14\u201316 May2007.","DOI":"10.1007\/978-0-387-72367-9_10"},{"key":"e_1_2_1_18_2","unstructured":"BaraszM BorosB LigetiP LojaK NagyDA.Breaking LMAP. InProceedings of 3rd Workshop on RFID Security RFIDsec'07 July2007."},{"key":"e_1_2_1_19_2","unstructured":"EPCglobal.EPC Radio\u2010Frequency Identity Protocols Class\u20101 Generation\u20102 UHF RFID Protocol for Communications at 860 MHz\u2013960 MHz Version 1.0.9."},{"key":"e_1_2_1_20_2","unstructured":"BogdanovA KnudsenLR LeanderG et al.PRESENT: an ultra\u2010lightweight block cipher. InProceedings of CHES 2007 LNCS Springer."},{"key":"e_1_2_1_21_2","doi-asserted-by":"crossref","unstructured":"LimC KorkishkoT.mCrypton\u2013\u2010a lightweight block cipher for security of low\u2010cost RFID tags and sensors. InWorkshop on Information Security Applications\u2014WISA'05 LNCS3786 2005;243\u2013258.","DOI":"10.1007\/11604938_19"},{"key":"e_1_2_1_22_2","doi-asserted-by":"crossref","unstructured":"HongD SungJ HongS et al.HIGHT: a new block cipher suitable for low\u2010resource device. InProceedings of CHES 2006 LNCS4249 2006;46\u201359.","DOI":"10.1007\/11894063_4"},{"key":"e_1_2_1_23_2","unstructured":"GoodT CheltonW BenaissaM.Hardware results for selected stream cipher candidates. Presented atSASC 2007 February2007."},{"key":"e_1_2_1_24_2","doi-asserted-by":"crossref","unstructured":"FeldhoferM RechbergerC.A case against currently used hash functions in RFID protocols. In:Proceeding of First International Workshop of Information Security (IS'06) LNCS4277 2006;372\u2013381.","DOI":"10.1007\/11915034_61"},{"key":"e_1_2_1_25_2","doi-asserted-by":"crossref","unstructured":"JuelsA PappuR.Squealing euros: privacy protection in RFID\u2010enabled banknotes. InProceedings of FC'03 LNCS 2742 Springer\u2010Verlag 2003;103\u2013121.","DOI":"10.1007\/978-3-540-45126-6_8"},{"key":"e_1_2_1_26_2","doi-asserted-by":"crossref","unstructured":"FeldhoferM WolkerstorferJ.Strong crypto for RFID TagsCa comparison of low\u2010power hardware implementations. InIEEE International Symposium on Circuits and Systems (ISCAS 2007) New Orleans USA May 27\u201330 2007;1839\u20131842.","DOI":"10.1109\/ISCAS.2007.378272"},{"key":"e_1_2_1_27_2","doi-asserted-by":"crossref","unstructured":"KarthikeyanS NesterenkoM.RFID security without extensive cryptography. InProceedings of the 3rd ACM Workshop on Security of Ad Hoc and Sensor Networks 2005;63\u201367.","DOI":"10.1145\/1102219.1102229"},{"key":"e_1_2_1_28_2","unstructured":"DucDN ParkJ LeeH KimK.Enhancing security of EPCglobal GEN\u20102 RFID tag against traceability and cloning. InThe 2006 Symposium on Cryptography and Information Security 2006."},{"key":"e_1_2_1_29_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2006.04.004"},{"key":"e_1_2_1_30_2","unstructured":"Peris\u2010LopezP Hernandez\u2010CastroJC Estevez\u2010TapiadorJM RibagordaA.Cryptanalysis of a Novel Authentication Protocol Conforming to EPC\u2010C1G2 standard. InConference on RFID Security RFIDsec'07 Malaga Spain July 2007."},{"key":"e_1_2_1_31_2","unstructured":"ShamirA.How to Squash Your Data. InCrypto'07rump session.http:\/\/rump2007.cr.yp.to\/"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fsec.8","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/sec.8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,28]],"date-time":"2025-01-28T21:06:47Z","timestamp":1738098407000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/sec.8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,2,29]]},"references-count":30,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2008,3]]}},"alternative-id":["10.1002\/sec.8"],"URL":"https:\/\/doi.org\/10.1002\/sec.8","archive":["Portico"],"relation":{},"ISSN":["1939-0114","1939-0122"],"issn-type":[{"type":"print","value":"1939-0114"},{"type":"electronic","value":"1939-0122"}],"subject":[],"published":{"date-parts":[[2008,2,29]]}}}