3rd International ICST Conference on Security and Privacy in Communication Networks

Research Article

Breaking EMAP

  • @INPROCEEDINGS{10.1109/SECCOM.2007.4550374,
        author={Mih\^{a}ly B\^{a}r\^{a}sz and Bal\^{a}zs Boros and P\^{e}ter Ligeti and Krisztina L\^{o}ja and D\^{a}niel A. Nagy},
        title={Breaking EMAP},
        proceedings={3rd International ICST Conference on Security and Privacy in Communication Networks},
        publisher={IEEE},
        proceedings_a={SECURECOMM},
        year={2008},
        month={6},
        keywords={EMAP  Mutual Authentication  Passive Attack  RFID  Reader  Tag},
        doi={10.1109/SECCOM.2007.4550374}
    }
    
  • Mihály Bárász
    Balázs Boros
    Péter Ligeti
    Krisztina Lója
    Dániel A. Nagy
    Year: 2008
    Breaking EMAP
    SECURECOMM
    IEEE
    DOI: 10.1109/SECCOM.2007.4550374
Mihály Bárász1,*, Balázs Boros1,*, Péter Ligeti1,*, Krisztina Lója1,2,*, Dániel A. Nagy1,*
  • 1: ELTECRYPT Research Group, Department of Computer Science, Eötvös University 1117 Budapest, Pázmány Péter sétány 1/c, Hungary
  • 2: Department of Telecommunications and Telematics, Budapest University of Technology and Economy 1117 Budapest, Magyar Tudósok krt. 2, Hungary
*Contact email: klao@cs.elte.hu, borbal@cs.elte.hu, ligeti@renyi.hu, loja@math.bme.hu, nagydani@cs.elte.hu

Abstract

We have broken EMAP (Efficient Mutual Authentication Protocol), which is a mutual authentication protocol between RFID tags and RFID readers. We give an algorithm, which breaks the protocol after eavesdropping only a few rounds. Assuming that one can eavesdrop a few consecutive rounds of authentications for the same RFID tag (the expected number for the presented algorithm is about 9, but it is possible to reduce this number to about 3.5), the attacker learns the identity number of the tag and every common secret shared by the tag and the reader. This means that in future authentication rounds, the attacker can successfully impersonate the targeted tag. Our breaking procedure is fully passive as opposed to the active attack described in [2].