| Summary: | 碩士 === 國立東華大學 === 資訊管理碩士學位學程 === 103 === In order to the manage requirement of large numbers of objects, RFID-based system and Internet of Things (IoT) network have promptly become popular in recent years. Therefore, the research of the lightweight RFID authentication is considered of great importance. Recently, Morshed et al. proposed an authentication scheme, called SUAP3, to achieve the security and efficiency under ubiquitous RFID-based systems. Later, Safkhani et al. and Wang et al. had demonstrated that SUAP3 is insecure against full-disclosure attack and tag traceability attack. However, these attacks are based on powerful assumptions, and the feasibilities of the two attacks are thus a little doubtful. In this paper, we present a real passive tag-tracking attack without any specific assumptions. An adversary can exploit a series of challenge-response procedures to derive the secrets maintained at the tag. With the cryptanalysis proposed by us, the insecurity of SUAP3 is truly proved. For better robustness, we introduce a security enhanced scheme SUAP+ with the same order of the computation complexity as SUAP3.
|
|---|
