Question: Consider the following simple protocol intended to allow an RFID reader to authenticate an RFID tag. The protocol assumes that the tag can store a

Consider the following simple protocol intended to allow an RFID reader

Consider the following simple protocol intended to allow an RFID reader to authenticate an RFID tag. The protocol assumes that the tag can store a 32-bit secret key 's', shared with the reader, perform XOR operations, and receive and transmit 32-bit values. The reader generates a random 32-bit challenge 'x' and transmits y-xs to the tag. The tag com putes z-ys and sends it to the reader. The reader authenticates the tag ifzx. Q3.1 Show that a passive eavesdropper that observes a single execution of the protocol can recover key s and impersonate the tag. Demonstrate this by recovering the key s from y 0x3344ffac and z 0x11 00ddod. Now consider the following variation of the protocol. The reader and the tag share two different secret keys: sand $2. The reader sends to the tag a challenge y-xs, and the tag responds with z = xs2 after recovering x-ysi. 3.2 Can a passive eavesdropper learn the secret keys from observing a single execution of the protocol? Q3.3 Does the answer change if the attacker can observe multiple executions of the protocol? Briefly justify all your answers. Note:"B" denotes a bitwise XOR of two binary numbers. For two bits bi and ba we have XOR(b -0 if b,-b, and XOR(bab.) = 1 ifb, # b2. Consider the following simple protocol intended to allow an RFID reader to authenticate an RFID tag. The protocol assumes that the tag can store a 32-bit secret key 's', shared with the reader, perform XOR operations, and receive and transmit 32-bit values. The reader generates a random 32-bit challenge 'x' and transmits y-xs to the tag. The tag com putes z-ys and sends it to the reader. The reader authenticates the tag ifzx. Q3.1 Show that a passive eavesdropper that observes a single execution of the protocol can recover key s and impersonate the tag. Demonstrate this by recovering the key s from y 0x3344ffac and z 0x11 00ddod. Now consider the following variation of the protocol. The reader and the tag share two different secret keys: sand $2. The reader sends to the tag a challenge y-xs, and the tag responds with z = xs2 after recovering x-ysi. 3.2 Can a passive eavesdropper learn the secret keys from observing a single execution of the protocol? Q3.3 Does the answer change if the attacker can observe multiple executions of the protocol? Briefly justify all your answers. Note:"B" denotes a bitwise XOR of two binary numbers. For two bits bi and ba we have XOR(b -0 if b,-b, and XOR(bab.) = 1 ifb, # b2

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Consider the following simple protocol intended to allow an RFID reader to authenticate an RFIID tag. The protocol assumes that the tag can store a 32-bit secret key 's', shared with the reader,...

Part 3: RFID with exclusive or Consider the following simple protocol intended to allow an RFID reader to authenticate an RFID tag. The protocol assumes that the tag can store a 32-bit secret key...

Consider the following simple protocol intended to allow an RFID reader to authenticate an RFIID tag. The protocol assumes that the tag can store a 32-bit secret key 's', shared with the reader,...

Radio Frequency Identification (RFID) bas been widely adopted for object identification. An RFID system comprises three esential oponents, namcly RFID tags, readers and a backend server. An RFID tag...

Let A, B be sets. Define: (a) the Cartesian product (A B) (b) the set of relations R between A and B (c) the identity relation A on the set A [3 marks] Suppose S, T are relations between A and B, and...

I have to create a program in C and I can't figure it out. The program has to read a source file. Please help. /******************************************************************** PROJECT: Glossary...

Explain informally the difference between Godel's completeness theorem and his first incompleteness theorem. [8 marks] (b) State the meaning of Hoare triples {P} C {Q} in separation logic. [3 marks]...

1. Introduction to Computer Architecture concepts; The MIPS R2000 architecture allows for up to four external coprocessors. Our local systems arIPS external coprocessors are used by describing, in...

can someone solve this Modern workstations typically have memory systems that incorporate two or three levels of caching. Explain why they are designed like this. [4 marks] In order to investigate...

Consider Hoare triples of the form {T} V := E {V = E} where T is the atomic formula 'true' and V and E range over variables and expressions, respectively. (i) Write down an instance of such a triple...

The Branch of the Company is billed for merchandise by the home office at 20% above cost. The branch in turn, prices merchandise for sales purposes at 25% above billed price. On February 28, all of...

Travis Company has just completed a physical inventory count at year-end, December 31, 2014. Only the items on the shelves, in storage, and in the receiving area were counted and costed on a FIFO...

A typical investment with negative initial cash flow and positive future cash flows is acceptable if its IRR: is exactly equal to its NPV . is exactly equal to zero. is less than the cost of capital....

1.If a company breaks down the Skill factor for job evaluation into experience and education, this is an example of: a)weighting b)using sub-factors C)a Factor Evaluation System D)classification...

Describe the seven standard parts of a letter.

Explain how to develop effective Internet-based messages.

Identify the advantages and disadvantages of written messages.