Research Article
Breaking EMAP
@INPROCEEDINGS{10.1109/SECCOM.2007.4550374, author={Mih\^{a}ly B\^{a}r\^{a}sz and Bal\^{a}zs Boros and P\^{e}ter Ligeti and Krisztina L\^{o}ja and D\^{a}niel A. Nagy}, title={Breaking EMAP}, proceedings={3rd International ICST Conference on Security and Privacy in Communication Networks}, publisher={IEEE}, proceedings_a={SECURECOMM}, year={2008}, month={6}, keywords={EMAP Mutual Authentication Passive Attack RFID Reader Tag}, doi={10.1109/SECCOM.2007.4550374} }- Mihály Bárász
Balázs Boros
Péter Ligeti
Krisztina Lója
Dániel A. Nagy
Year: 2008
Breaking EMAP
SECURECOMM
IEEE
DOI: 10.1109/SECCOM.2007.4550374
Abstract
We have broken EMAP (Efficient Mutual Authentication Protocol), which is a mutual authentication protocol between RFID tags and RFID readers. We give an algorithm, which breaks the protocol after eavesdropping only a few rounds. Assuming that one can eavesdrop a few consecutive rounds of authentications for the same RFID tag (the expected number for the presented algorithm is about 9, but it is possible to reduce this number to about 3.5), the attacker learns the identity number of the tag and every common secret shared by the tag and the reader. This means that in future authentication rounds, the attacker can successfully impersonate the targeted tag. Our breaking procedure is fully passive as opposed to the active attack described in [2].
