1. Security Analysis of the Qian et al. Protocol: A Revised Tree-LSHB+ Protocol
- Author
-
Wenlong Liu, Hui Li, Miao Lei, and Dongxun Jin
- Subjects
Security analysis ,Authentication ,Computer science ,020206 networking & telecommunications ,Eavesdropping ,02 engineering and technology ,Adversary ,Computer security ,computer.software_genre ,Computer Science Applications ,Identification (information) ,Authentication protocol ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,Electrical and Electronic Engineering ,Challenge–response authentication ,Reflection attack ,computer - Abstract
Low-cost radio-frequency identification tags are confronted with various security and privacy issues due to their limits in computational and storage capabilities. Many lightweight authentication protocols have been proposed so far to resist all possible attacks and threats. A revised Tree-LSHB+ protocol was recently proposed by Qian et al. [Wirel Pers Commun 77(4):3125–3141. doi: 10.1007/s11277-014-1699-x , 2014] after a security analysis on the original Tree-LSHB+ protocol proposed by Deng et al. [Wirel Pers Commun 72(1):159–174. doi: 10.1007/s11277-013-1006-2 , 2013]. And it claimed to be secure against secret information disclosure attack. In this paper, we present an active attack against it in a general man-in-the-middle attack where an adversary is capable of eavesdropping, intercepting, manipulating, and blocking the messages transmitted between a legitimate reader and a legitimate tag. The attack is proved to be efficient to disclose all the authentication keys shared between a reader and a tag. Additionally, we introduce another possible active attack which can even retrieve all the secrets in the tree-traversal stage.
- Published
- 2017