M. Safkhani; N. Bagheri
Abstract
Recently, Baghery et al. [1, 2] presented some attacks on two RFID protocols, namely Yoon and Jung et al. protocols, and proposed the improved version of them. However, in this note, we show that the improved version of the Jung et al. protocol suffers from desynchronization attack and the improved version ...
Read More
Recently, Baghery et al. [1, 2] presented some attacks on two RFID protocols, namely Yoon and Jung et al. protocols, and proposed the improved version of them. However, in this note, we show that the improved version of the Jung et al. protocol suffers from desynchronization attack and the improved version of the Yoon's protocol suffers from secret disclosure attack. The success probability of the desynchronization attack against the improved version of the Jung et al. protocol is (1-2-2n)2, where n is length of the protocol parameters. The attack can be accomplished with just three runs of the protocol. The success probability of the secret disclosure attack against the improved version of the Yoon's protocol is almost 1, while the complexity is just two runs of the protocol and doing 216 off-line evaluations of PRNG function.
J. Alizadeh; M. R. Aref; N. Bagheri; H. Sadeghi
Abstract
ΑΕS _ CMCCv₁, ΑVΑLΑNCHEv₁, CLΟCv₁, and SILCv₁ are four candidates of the first round of CAESAR. CLΟCv₁ is presented in FSE 2014 and SILCv₁ is designed upon it with the aim of optimizing the hardware implementation cost. In this paper, structural ...
Read More
ΑΕS _ CMCCv₁, ΑVΑLΑNCHEv₁, CLΟCv₁, and SILCv₁ are four candidates of the first round of CAESAR. CLΟCv₁ is presented in FSE 2014 and SILCv₁ is designed upon it with the aim of optimizing the hardware implementation cost. In this paper, structural weaknesses of these candidates are studied. We present distinguishing attacks against ΑES _ CMCCv₁ with the complexity of two queries and the success probability of almost 1, and distinguishing attacks on CLΟCv₁ and SILCv₁ with the complexity of Ο (2n/2) queries and the success probability of 0.63, in which n is bit length of message blocks. In addition, a forgery attack is presented against ΑVΑLΑNCHEv₁ which requires only one query and has the success probability of 1. The attacks reveal weaknesses in the structure of these first round candidates and inaccuracy of their security claims.