authors
- PICAZO SANCHEZ, PABLO
- ORTIZ MARTIN, LARA
- PERIS LOPEZ, PEDRO
- HERNANDEZ CASTRO, JULIO CESAR
Cryptanalysis of the RNTS system
Articles
Overview
published in
- JOURNAL OF SUPERCOMPUTING Journal
publication date
- August 2013
start page
- 949
end page
- 960
issue
- 2
volume
- 65
Digital Object Identifier (DOI)
International Standard Serial Number (ISSN)
- 0920-8542
Electronic International Standard Serial Number (EISSN)
- 1573-0484
abstract
- Internet of Things is a paradigm that enables communication between different devices connected to a local network or to Internet. Identification and communication between sensors used in Internet of Things and devices like smart-phones or tablets are established using radio frequency identification technology. However, this technology still has several security and privacy issues because of its severe computational constraints. In 2011, Jeong and Anh proposed the combined use of an authentication radio frequency identification protocol together with a ticket issuing system for bank services (in J. Supercomput. 55:307, 2011). In this paper we show that their message generation is weak, because it abuses the XOR operation and the use of a counter, which leaks too much secret protocol information. Our analysis shows important security faults that ruin most of the security properties claimed in the original paper. More precisely, information privacy (via a disclosure and leakage attack) and location privacy (traceability attack) are both compromised. Moreover, an attacker can disrupt the proper working of the system by exploiting the fact that message integrity is not properly checked.