EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Cryptanalysis of Two Recent Ultra-Lightweight Authentication Protocols

Mohammad Reza Servati, Masoumeh Safkhani, Saqib Ali, Mazhar Hussain Malik, Omed Hassan Ahmed, Mehdi Hosseinzadeh () and Amir H. Mosavi ()
Additional contact information
Mohammad Reza Servati: Faculty of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran
Masoumeh Safkhani: Faculty of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran
Saqib Ali: Department of Information Systems, College of Economics and Political Science, Sultan Qaboos University, Al Khoudh, Muscat P.C. 123, Oman
Mazhar Hussain Malik: School of Computing and Creative Technologies, College of Arts, Technology and Environment (CATE), University of the West of England, Frenchay Campus, Coldharbour Lane, Bristol BS16 1QY, UK
Omed Hassan Ahmed: Department of Information Technology, University of Human Development, Sulaymaniyah 0778-6, Iraq
Mehdi Hosseinzadeh: Pattern Recognition and Machine Learning Lab, Gachon University, 1342 Seongnamdaero, Sujeonggu, Seongnam 13120, Republic of Korea
Amir H. Mosavi: Institute of Software Design and Development, Obuda University, 1034 Budapest, Hungary

Mathematics, 2022, vol. 10, issue 23, 1-16

Abstract: Radio Frequency Identification (RFID) technology is a critical part of many Internet of Things (IoT) systems, including Medical IoT (MIoT) for instance. On the other hand, the IoT devices’ numerous limitations (such as memory space, computing capability, and battery capacity) make it difficult to implement cost- and energy-efficient security solutions. As a result, several researchers attempted to address this problem, and several RFID-based security mechanisms for the MIoT and other constrained environments were proposed. In this vein, Wang et al. and Shariq et al. recently proposed CRUSAP and ESRAS ultra-lightweight authentication schemes. They demonstrated, both formally and informally, that their schemes meet the required security properties for RFID systems. In their proposed protocols, they have used a very lightweight operation called C r o ( · ) and R a n k ( · ) , respectively. However, in this paper, we show that those functions are not secure enough to provide the desired security. We show that C r o ( · ) is linear and reversible, and it is easy to obtain the secret values used in its calculation. Then, by exploiting the vulnerability of the C r o ( · ) function, we demonstrated that CRUSAP is vulnerable to secret disclosure attacks. The proposed attack has a success probability of "1" and is as simple as a CRUSAP protocol run. Other security attacks are obviously possible by obtaining the secret values of the tag and reader. In addition, we present a de-synchronization attack on the CRUSAP protocol. Furthermore, we provide a thorough examination of ESRAS and its R a n k ( · ) function. We first present a de-synchronization attack that works for any desired R a n k ( · ) function, including Shariq et al.’s proposed R a n k ( · ) function. We also show that R a n k ( · ) does not provide the desired confusion and diffusion that is claimed by the designers. Finally, we conduct a secret disclosure attack against ESRAS.

Keywords: medical wireless sensor network; ultra-lightweight; secret disclosure attack; Cro (·) function; Rank (·) function (search for similar items in EconPapers)
JEL-codes: C (search for similar items in EconPapers)
Date: 2022
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/2227-7390/10/23/4611/pdf (application/pdf)
https://www.mdpi.com/2227-7390/10/23/4611/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jmathe:v:10:y:2022:i:23:p:4611-:d:994160

Access Statistics for this article

Mathematics is currently edited by Ms. Emma He

More articles in Mathematics from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jmathe:v:10:y:2022:i:23:p:4611-:d:994160