{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T05:41:48Z","timestamp":1761716508459,"version":"build-2065373602"},"reference-count":30,"publisher":"MDPI AG","issue":"9","license":[{"start":{"date-parts":[[2018,8,21]],"date-time":"2018-08-21T00:00:00Z","timestamp":1534809600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>Passive Radio Frequency IDentification (RFID) tags are generally highly constrained and cannot support conventional encryption systems to meet the required security. Hence, designers of security protocols may try to achieve the desired security only using limited ultra-lightweight operations. In this paper, we show that the security of such protocols is not provided by using rotation functions. In the following, for an example, we investigate the security of an RFID authentication protocol that has been recently developed using rotation function named ULRAS, which stands for an Ultra-Lightweight RFID Authentication Scheme and show its security weaknesses. More precisely, we show that the ULRAS protocol is vulnerable against de-synchronization attack. The given attack has the success probability of almost \u20181\u2019, with the complexity of only one session of the protocol. In addition, we show that the given attack can be used as a traceability attack against the protocol if the parameters\u2019 lengths are an integer power of 2, e.g., 128. Moreover, we propose a new authentication protocol named UEAP, which stands for an Ultra-lightweight Encryption based Authentication Protocol, and then informally and formally, using Scyther tool, prove that the UEAP protocol is secure against all known active and passive attacks.<\/jats:p>","DOI":"10.3390\/fi10090082","type":"journal-article","created":{"date-parts":[[2018,8,21]],"date-time":"2018-08-21T11:12:42Z","timestamp":1534849962000},"page":"82","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["On the Security of Rotation Operation Based Ultra-Lightweight Authentication Protocols for RFID Systems"],"prefix":"10.3390","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1897-0828","authenticated-orcid":false,"given":"Masoumeh","family":"Safkhani","sequence":"first","affiliation":[{"name":"Computer Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6818-5342","authenticated-orcid":false,"given":"Nasour","family":"Bagheri","sequence":"additional","affiliation":[{"name":"Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran"},{"name":"School of Computer Science, Institute for Research in Fundamental Sciences (IPM), Tehran 19538-33511, Iran"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7932-7484","authenticated-orcid":false,"given":"Mahyar","family":"Shariat","sequence":"additional","affiliation":[{"name":"Computer Engineering Department, Shahid Rajaee Teacher Training University, Tehran 16788-15811, Iran"}]}],"member":"1968","published-online":{"date-parts":[[2018,8,21]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"33529","DOI":"10.1109\/ACCESS.2018.2849223","article-title":"Timing-Aware RFID Anti-Collision Protocol to Increase the Tag Identification Rate","volume":"6","author":"Arjona","year":"2018","journal-title":"IEEE Access"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"e3392","DOI":"10.1002\/dac.3392","article-title":"TDMA-SDMA-based RFID algorithm for fast detection and efficient collision avoidance","volume":"31","author":"Saadi","year":"2018","journal-title":"Int. J. Commun. Syst."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Liu, B., and Su, X. (2018). An Anti-Collision Algorithm for RFID Based on an Array and Encoding Scheme. Information, 9.","DOI":"10.3390\/info9030063"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Arjona, L., Landaluce, H., and Perallos, A. (2018). Energy-Aware RFID Anti-Collision Protocol. Sensors, 18.","DOI":"10.3390\/s18061904"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Memon, M.Q., He, J., Yasir, M.A., and Memon, A. (2018). Improving Efficiency of Passive RFID Tag Anti-Collision Protocol Using Dynamic Frame Adjustment and Optimal Splitting. Sensors, 18.","DOI":"10.3390\/s18041185"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"239","DOI":"10.1109\/TASE.2016.2614134","article-title":"Collision Detection and Signal Recovery for UHF RFID Systems","volume":"15","author":"Tan","year":"2018","journal-title":"IEEE Trans. Autom. Sci. Eng."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"2406","DOI":"10.1109\/TII.2017.2771772","article-title":"A Time- and Energy-Aware Collision Tree Protocol for Efficient Large-Scale RFID Tag Identification","volume":"14","author":"Zhang","year":"2018","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"1953","DOI":"10.1007\/s11276-017-1447-8","article-title":"A fair reader collision avoidance protocol for RFID dense reader environments","volume":"24","author":"Rezaie","year":"2018","journal-title":"Wirel. Netw."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1517","DOI":"10.1109\/LCOMM.2017.2685590","article-title":"A Collision-Tolerant-Based Anti-Collision Algorithm for Large Scale RFID System","volume":"21","author":"Su","year":"2017","journal-title":"IEEE Commun. Lett."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1342","DOI":"10.1109\/JSEN.2015.2498616","article-title":"A maximum-weight-independent-set-based algorithm for reader-coverage collision avoidance arrangement in rfid networks","volume":"16","author":"Liu","year":"2016","journal-title":"IEEE Sens. J."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Nguyen, N.T., Liu, B.H., and Pham, V.T. (2016, January 27\u201330). A dynamic-range-based algorithm for reader-tag collision avoidance deployment in rfid networks. Proceedings of the 2016 International Conference on Electronics, Information, and Communications (ICEIC), Danang, Vietnam.","DOI":"10.1109\/ELINFOCOM.2016.7563002"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"337","DOI":"10.1109\/TDSC.2007.70226","article-title":"Sasi: A new ultralightweight rfid authentication protocol providing strong authentication and strong integrity","volume":"4","author":"Chien","year":"2007","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Peris-Lopez, P., Hernandez-Castro, J.C., Tapiador, J.M.E., and Ribagorda, A. (2008). Advances in Ultralightweight Cryptography for Low-Cost RFID Tags: Gossamer Protoco. Information Security Applications, Springer.","DOI":"10.1201\/9781420068405.ch6"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"1085","DOI":"10.1007\/s11227-016-1849-x","article-title":"Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags","volume":"73","author":"Tewari","year":"2017","journal-title":"J. Supercomput."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"3095","DOI":"10.1002\/sec.1314","article-title":"Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for IoT in 5G","volume":"9","author":"Fan","year":"2016","journal-title":"Secur. Commun. Netw."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"316","DOI":"10.1109\/TDSC.2008.33","article-title":"Cryptanalysis of a new ultralightweight RFID authentication protocol\u2014SASI","volume":"6","author":"Phan","year":"2009","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1109\/TDSC.2008.32","article-title":"Security analysis of the SASI protocol","volume":"6","author":"Cao","year":"2009","journal-title":"IEEE Trans. Dependable secur. Comput."},{"key":"ref_18","unstructured":"Hernandez-Castro, J.C., Tapiador, J.M.E., Peris-Lopez, P., and Quisquater, J.J. (arXiv, 2008). Cryptanalysis of the SASI ultralightweight RFID authentication protocol with modular rotations, arXiv."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"315","DOI":"10.1109\/TDSC.2009.26","article-title":"On the security of Chien\u2019s ultralightweight RFID authentication protocol","volume":"8","author":"Sun","year":"2011","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Bilal, Z., Masood, A., and Kausar, F. (2009, January 19\u201321). Security analysis of ultra-lightweight cryptographic protocol for low-cost RFID tags: Gossamer protocol. Proceedings of the 2009 International Conference on Network-Based Information Systems, Indianapolis, IN, USA.","DOI":"10.1109\/NBiS.2009.9"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"3579","DOI":"10.1007\/s11227-017-1959-0","article-title":"Passive secret disclosure attack on an ultralightweight authentication protocol for Internet of Things","volume":"73","author":"Safkhani","year":"2017","journal-title":"J. Supercomput."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1007\/s11227-017-2105-8","article-title":"On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags","volume":"74","author":"Wang","year":"2018","journal-title":"J. Supercomput."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"509","DOI":"10.1007\/s11227-017-2139-y","article-title":"DoS, impersonation and de-synchronization attacks against an ultra-lightweight RFID mutual authentication protocol for IoT","volume":"74","author":"Aghili","year":"2018","journal-title":"J. Supercomput."},{"key":"ref_24","first-page":"1","article-title":"An ultra-lightweight RFID authentication scheme for mobile commerce","volume":"10","author":"Fan","year":"2016","journal-title":"Peer-to-Peer Netw. Appl."},{"key":"ref_25","first-page":"547","article-title":"Security Analysis of an Ultra-lightweight RFID Authentication Protocol for M-commerce","volume":"2017","author":"Aghili","year":"2017","journal-title":"IACR Cryptol. ePr. Archiv."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., and Wingers, L. (2015, January 7\u201311). The SIMON and SPECK lightweight block ciphers. Proceedings of the 52nd Annual Design Automation Conference, San Francisco, CA, USA.","DOI":"10.1145\/2744769.2747946"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Beierle, C., Jean, J., K\u00f6lbl, S., Leander, G., Moradi, A., Peyrin, T., Sasaki, Y., Sasdrich, P., and Sim, S.M. (2016). The SKINNY family of block ciphers and its low-latency variant MANTIS. Advances in Cryptology\u2014CRYPTO 2016, Springer.","DOI":"10.1007\/978-3-662-53008-5_5"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Beaulieu, R., Treatman-Clark, S., Shors, D., Weeks, B., Smith, J., and Wingers, L. (2015, January 8\u201312). The SIMON and SPECK lightweight block ciphers. Proceedings of the 2015 52nd ACM\/EDAC\/IEEE Design Automation Conference (DAC), San Francisco, CA, USA.","DOI":"10.1145\/2744769.2747946"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Cremers, C.J.F. (2008). The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols. Computer Aided Verification, Springer.","DOI":"10.1007\/978-3-540-70545-1_38"},{"key":"ref_30","unstructured":"Avoine, G., Carpent, X., and Martin, B. (2010). Strong authentication and strong. Radio Frequency Identification: Security and Privacy Issues, Springer."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/10\/9\/82\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:19:58Z","timestamp":1760195998000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/10\/9\/82"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,8,21]]},"references-count":30,"journal-issue":{"issue":"9","published-online":{"date-parts":[[2018,9]]}},"alternative-id":["fi10090082"],"URL":"https:\/\/doi.org\/10.3390\/fi10090082","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2018,8,21]]}}}