Skip to main content

Cryptanalysis of the RNTS system

Picazo Sanchez, Pablo, Martin, Lara, Peris-Lopez, Pedro, Hernandez-Castro, Julio C. (2013) Cryptanalysis of the RNTS system. The Journal of Supercomputing, 65 (2). pp. 949-960. ISSN 0920-8542. (doi:10.1007/s11227-013-0873-3) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:45300)

PDF (Restricted due to publisher policy)
Language: English

Restricted to Repository staff only
Contact us about this Publication
[img]
Official URL
http://dx.doi.org/10.1007/s11227-013-0873-3

Abstract

Internet of Things is a paradigm that enables communication between different devices connected to a local network or to Internet. Identification and communication between sensors used in Internet of Things and devices like smart-phones or tablets are established using radio frequency identification technology. However, this technology still has several security and privacy issues because of its severe computational constraints. In 2011, Jeong and Anh proposed the combined use of an authentication radio frequency identification protocol together with a ticket issuing system for bank services (in J. Supercomput. 55:307, 2011). In this paper we show that their message generation is weak, because it abuses the XOR operation and the use of a counter, which leaks too much secret protocol information. Our analysis shows important security faults that ruin most of the security properties claimed in the original paper. More precisely, information privacy (via a disclosure and leakage attack) and location privacy (traceability attack) are both compromised. Moreover, an attacker can disrupt the proper working of the system by exploiting the fact that message integrity is not properly checked.

Item Type: Article
DOI/Identification number: 10.1007/s11227-013-0873-3
Uncontrolled keywords: RFID Authentication Banking services Cryptanalysis
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: Julio Hernandez Castro
Date Deposited: 22 Nov 2014 00:40 UTC
Last Modified: 03 Mar 2020 04:06 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/45300 (The current URI for this page, for reference purposes)
Hernandez-Castro, Julio C.: https://orcid.org/0000-0002-6432-5328
  • Depositors only (login required):

Downloads

Downloads per month over past year