Question: Consider the following simple protocol intended to allow an RFID reader to authenticate an RFIID tag. The protocol assumes that the tag can store a
Consider the following simple protocol intended to allow an RFID reader to authenticate an RFIID tag. The protocol assumes that the tag can store a 32-bit secret key 's', shared with the reader, perform XOR operations, and receive and transmit 32-bit values. The reader generates a random 32-bit challenge X and transmits y = x s to the tag. The tag computes z-y s and sends it to the reader. The reader authenticates the tag if z-x. Q3.1 Show that a passive eavesdropper that observes a single execution of the protocol can recover key s and impersonate the tag. Demonstrate this by recovering the key s from y - 0x3344ffac, and z = 0x1 100dd0d. Now consider the following variation of the protocol. The reader and the tag share two different secret keys: si and s2. The reader sends to the tag a challenge y-xs, and the tag responds with z s2 after recovering x-ySj 03.2 Can a passive eavesdropper learn the secret keys from observing a single execution of the protocol? 03.3 Does the answer change if the attacker can observe multiple executions of the protocol? Briefly justify all your answers. Note: "@"denotes a bitwise XOR of two binary numbers. For two bits biand b2, we have XOR (bi,b2)-0ifbi- b2and XOR(bi,b2)-1ifbi* b2. Consider the following simple protocol intended to allow an RFID reader to authenticate an RFIID tag. The protocol assumes that the tag can store a 32-bit secret key 's', shared with the reader, perform XOR operations, and receive and transmit 32-bit values. The reader generates a random 32-bit challenge X and transmits y = x s to the tag. The tag computes z-y s and sends it to the reader. The reader authenticates the tag if z-x. Q3.1 Show that a passive eavesdropper that observes a single execution of the protocol can recover key s and impersonate the tag. Demonstrate this by recovering the key s from y - 0x3344ffac, and z = 0x1 100dd0d. Now consider the following variation of the protocol. The reader and the tag share two different secret keys: si and s2. The reader sends to the tag a challenge y-xs, and the tag responds with z s2 after recovering x-ySj 03.2 Can a passive eavesdropper learn the secret keys from observing a single execution of the protocol? 03.3 Does the answer change if the attacker can observe multiple executions of the protocol? Briefly justify all your answers. Note: "@"denotes a bitwise XOR of two binary numbers. For two bits biand b2, we have XOR (bi,b2)-0ifbi- b2and XOR(bi,b2)-1ifbi* b2
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts