Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 32451
A Review of Ultralightweight Mutual Authentication Protocols

Authors: Umar Mujahid, Greatzel Unabia, Hongsik Choi, Binh Tran


Radio Frequency Identification (RFID) is one of the most commonly used technologies in IoTs and Wireless Sensor Networks which makes the devices identification and tracking extremely easy to manage. Since RFID uses wireless channel for communication, which is open for all types of adversaries, researchers have proposed many Ultralightweight Mutual Authentication Protocols (UMAPs) to ensure security and privacy in a cost-effective manner. These UMAPs involve simple bitwise logical operators such as XOR, AND, OR & Rot, etc., to design the protocol messages. However, most of these UMAPs were later reported to be vulnerable against many malicious attacks. In this paper, we have presented a detailed overview of some eminent UMAPs and also discussed the many security attacks on them. Finally, some recommendations and suggestions have been discussed, which can improve the design of the UMAPs.

Keywords: RFID, UMAP, SASI, IoTs.

Digital Object Identifier (DOI):

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 854


[1] Hung-Yu Chien, “SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity”, IEEE Transaction on Dependable and Secure Computing, Vol. 4, No. 4, pp. 337 – 340, 2007.
[2] Tian Yun, Gongliang Chen, and Jianhua Li, “A new ultralightweight RFID authentication protocol with permutation”, IEEE Communications Letters, Vol.16, No. 5, pp.702-705, 2012.
[3] Pedro Peris-Lopez, Julio Hernandez-Castro et al., “LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags”, 2nd Workshop on RFID Security, Austria, pp.100-112, 2006.
[4] Pedro Peris-Lopez, Julio Cesar Hernandez et al., “EMAP: An efficient mutual-authentication protocol for low-cost RFID tags”, 1st International Workshop on Information security (OTM-2006), France, pp. 352-361, 2006.
[5] P. Peris-Lopez, J.C. Hernandez-Castro, J.M.E. Tapiador, A. Ribagorda, “M2AP: a minimalist mutual-authentication protocol for low cost RFID tags”, International Conference on Ubiquitous Intelligence and Computing, Wuhan China, pp. 912–923, 2006.
[6] Pedro Peris-Lopez et al., “Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol”, 9th International Workshop on Information Security Applications, Korea, pp. 56-68, 2009.
[7] Pedro Peris-Lopez et al., “Quasi-linear cryptanalysis of a secure RFID ultralightweight authentication protocol”, 6th International Conference on Information Security and Cryptology, China, pp. 427-442, 2011.
[8] Tieyan Li, and Guilin Wang, “Security analysis of two ultra-lightweight RFID authentication protocols”, International Information Security Conference, South Africa, pp.109-120, 2007.
[9] Tieyan Li et al., “Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol”, 2nd International Conference on Availability, Reliability and Security (ARES 2007), Vienna, pp. 224 – 231, 2007.
[10] Umar Mujahid, M. Najam-ul-Islam, and M. Ali Shami, “RCIA: A New Ultralightweight RFID Authentication Protocol Using Recursive Hash”, International Journal of Distributed Sensor Networks, Vol. 2015, No. 642180, 8 pages, 2015.
[11] Umar Mujahid and M.Najam-ul-islam,” Ultralightweight Cryptography for Passive RFID Systems”, International Journal of Communication Networks and Information Security”, Vol.6, No.3, pp.173-181, December 2014.
[12] Umar Mujahid and M. Najam-ul-Islam, “KMAP: A New Ultralightweight RFID Authentication Protocol for passive low cost tags,” Wireless Personal Communications (Springer), Vol. 94, Issue 3, pp 725–744, June 2017.
[13] Cai Qingling, Zhan Yiju and Wang, “A minimalist Mutual Authentication Protocol for RFID systems &BAN logic analysis”, International Colloquium on Computing, Communication, Control and Management, Guangzhou, pp 449 – 453, 2008.
[14] Hanuage Luo, G. Wen et al., “SLAP: Succinct and Lightweight Authentication Protocol for low-cost RFID system”, Wireless Networks (Springer), pp.1-10, 2016.
[15] Raphael C.-W.Phan, “Cryptanalysis of a New Ultralightweight RFID Authentication Protocol-SASI”, IEEE Transactions on Dependable and Secure Computing, Vol. 6, No.4, 2009.
[16] Pieter and Michiel, “Analysis of the OpenPGP and OTR protocols”, using GNY logic (Online Tutorial), Available from: finishedprojects/2007/PieterMichiel/gny.html
[17] Zahra Ahmadian, Mahmoud Salmasizadeh and Mohammad Reza Aref, “Desynchronization attack on RAPP ultralightweight authentication protocol”, Information processing letters, Vol.113, No.7, pp. 205-209, 2013.
[18] Zahra Ahmadian, Mahmoud et al., “Recursive Linear and Differential Cryptanalysis of ultralightweight authentication protocols”, IEEE Transactions on Information Forensics and Security, Vol.8. No.7, pp. 1140 – 1151, 2013.
[19] Mathieu David and Neeli R. Prasad. "Providing strong security and high privacy in low-cost RFID networks." International conference on Security and privacy in mobile information and communication systems, Italy, pp. 172-179, 2009.
[20] Hernandez-Castro, Julio Cesar et al. "Cryptanalysis of the David-Prasad RFID ultralightweight authentication protocol." Workshop on RFID Security and Privacy, Turkey, pp. 22-34, 2010.
[21] Raphael C.-W.Phan, “Cryptanalysis of a New Ultralightweight RFID Authentication Protocol-SASI”, IEEE Transactions on Dependable and Secure Computing, Vol. 6, No.4, 2009.
[22] EPC Global- RFID Identity protocols, Generation-2 UHF RFID Specification for Air Interface Version 2.0.0, 2013.
[23] Julio C. Hernandez et al, “Cryptanalysis of the SASI ultralightweight RFID authentication protocol with modular rotations”, ArXiv, Cryptography and Security, Report; Report No. 0811.4257,, 2008.
[24] Zeeshan Bilal, Ashraf Masood, and Firdous Kausar “Security analysis of ultra-lightweight cryptographic protocol for low-cost RFID tags: Gossamer protocol”, 12th International Conference on Network-Based Information Systems, Indianapolis, USA, pp. 260-267, 2009.
[25] Xu Zhuang • Yan Zhu • Chin-Chen Chang, “A New Ultralightweight RFID Protocol for Low-Cost Tags: R2AP”, Wireless Personal Communications, Vol 79, pp.1787-1802, 2014.
[26] Masoumeh Safkhani and Nasour Bagheri, “Generalized Desynchronization Attack on UMAP: Application to RCIA, KMAP, SLAP and SASI+ protocols”, eprint.IARC, Article 905, 2016.
[27] Hung Min Sun et al. “On the Security of Chien's Ultralightweight RFID Authentication Protocol” IEEE Transactions on Dependable and Secure Computing 8(2):315-317 • March 2011
[28] K.-H. Yeh, N. W. Lo, and E. Winata, “An efficient ultralightweight authentication protocol for RFID systems,” pp. 49– 60, Proceedings of the Workshop on RFID Security and Privacy, Istanbul, Turkey, 201