Gossamer: weaknesses and performance | International Journal of Information Security Skip to main content
Springer Nature Link
Log in

Gossamer: weaknesses and performance

  • regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

In this paper, we focus on Gossamer, a well-known ultralightweight authentication protocol, introduced in 2008. Our contributions are the following:

  • we analyze the structure of the MixBits  function, a key component of the protocol, and show that it does not realize a pseudorandom function, not even in a weak form;

  • we show, by employing artificial intelligence techniques, that tags are distinguishable;

  • finally, we study the performance of Gossamer and show that it does not provide a substantial saving, compared to a standard three-round mutual authentication protocol, implemented with lightweight primitives.

We close the paper with further comments and remarks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Availability of data and materials

Not applicable.

Notes

  1. www.rapidminer.com.

  2. For readers interested in the details and with background in the area, each sub-network consists of a sequence of convolutional layers, each of which uses a single channel, with filters and kernels of varying size. The number of convolutional filters is specified as a multiple of 16, to get advantage of the GPU capabilities. The network applies a ReLU activation function to the output feature maps, optionally followed by a one-dimensional max-pooling layer. The units in the final convolutional layer are flattened into a single vector. This convolutional layer is followed by a fully-connected layer and, then, one more layer, computing the induced distance metric between each siamese sub-network, which is given to a single sigmoidal output unit.

  3. Such a standard modeling is, of course, highly demanding, and in some applications it might be more than strictly needed. But, as widely agreed within the community, achieving such a notion, enables a safe use of the protocol in any application.

  4. We point out that we tried also with standard classifiers obtaining results supersided by the Siamese network.

  5. Notice that even percentages close to 0.5 could yield some advantages to a distinguisher. However, the bigger the accuracy the stronger is the attack.

  6. Notice that, we are assuming implicitly that \({\mathcal {A}}\) can send an oracle query in each execution step. Perhaps, we could be successful also with a smaller number of oracle queries, but we did not care about possible optimizations, since our goal was only to show that the approach works.

  7. https://github.com/kokke/tiny-AES-c, https://github.com/michaelkitson/Present-8bit.

References

  1. https://docs.rapidminer.com/

  2. https://www.microchip.com/mplab/avr-support/atmel-studio-7

  3. Ahmed, E.G., Shaaban, E., Hashem, M.: Lightweight mutual authentication protocol for low cost RFID tags. arXiv:1005.4499 (2010)

  4. Alani, M.M.: Neuro-cryptanalysis of des and triple-des. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds.) Neural Information Processing, pp. 637–646. Springer, Berlin (2012)

    Chapter  Google Scholar 

  5. Avoine, G., Carpent, X., Hernandez-Castro, J.: Pitfalls in ultralightweight authentication protocol designs. IEEE Trans. Mob. Comput. 15(9), 2317–2332 (2015)

    Article  Google Scholar 

  6. Avoine, G., Carpent, X., Martin, B.: Strong authentication and strong integrity (sasi) is not that strong. In: International Workshop on Radio Frequency Identification: Security and Privacy Issues, pp. 50–64. Springer (2010)

  7. Azraoui, M., Bahram, M., Bozdemir, B., Canard, S., Ciceri, E., Ermis, O., Masalha, R., Mosconi, M., Önen, M., Paindavoine, M., Rozenberg, B., Vialla, B., Vicini, S.: SoK: Cryptography for Neural Networks, pp. 63–81. Springer, Cham (2020)

  8. Bilal, Z., Martin, K.: Ultra-lightweight mutual authentication protocols: weaknesses and countermeasures. In: 2013 International Conference on Availability, Reliability and Security, pp. 304–309. IEEE (2013)

  9. Bilal, Z., Masood, A., Kausar, F.: Security analysis of ultra-lightweight cryptographic protocol for low-cost rfid tags: Gossamer protocol. In: 2009 International Conference on Network-Based Information Systems, pp. 260–267. IEEE (2009)

  10. Bromley, J., Guyon, I., LeCun, Y., Säckinger, E., Shah, R.: Signature verification using a siamese time delay neural network. Adv. Neural Inf. Process. Syst. 6, 737–744 (1993)

    Google Scholar 

  11. Carpent, X., DArco, P., De Prisco, R.: Ultralightweight authentication protocols. Selected Topics in Security of Ubiquitous Computing Systems (2019). ISBN: 978-3-030-10591-4

  12. Chicco, D.: Siamese neural networks: an overview. Artif. Neural Netw., pp. 73–94 (2021)

  13. Chien, H.Y.: SASI: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans. Dependable Secure Comput. 4(4), 337–340 (2007)

    Article  Google Scholar 

  14. Cooperation, A.: 8-bit AVR microcontroller with 128k bytes in-system programmable flash (2007)

  15. DArco, P.: Ultralightweight cryptography. In: International Conference on Security for Information Technology and Communications, pp. 1–16. Springer (2018)

  16. DArco, P., De Prisco, R.: Design weaknesses in recent ultralightweight RFID authentication protocols. In: IFIP International Conference on ICT Systems Security and Privacy Protection, pp. 3–17. Springer (2018)

  17. DArco, P., De Santis, A.: Weaknesses in a recent ultra-lightweight RFID authentication protocol. In: International Conference on Cryptology in Africa, pp. 27–39. Springer (2008)

  18. DArco, P., De Santis, A.: On ultralightweight RFID authentication protocols. IEEE Trans. Dependable Secure Comput. 8(4), 548–563 (2010)

  19. Fan, F., Wang, G.: Learning from pseudo-randomness with an artificial neural network? Does god play pseudo-dice? IEEE Access 6, 22987–22992 (2018). https://doi.org/10.1109/ACCESS.2018.2826448

    Article  Google Scholar 

  20. Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda-Garnacho, A., Ramos-Alvarez, B.: Wheedham: an automatically designed block cipher by means of genetic programming. In: 2006 IEEE International Conference on Evolutionary Computation, pp. 192–199. IEEE (2006)

  21. Hernandez-Castro, J.C., Tapiador, J.M., Peris-Lopez, P., Quisquater, J.J.: Cryptanalysis of the SASI ultralightweight RFID authentication protocol with modular rotations. arXiv:0811.4257 (2008)

  22. Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Annual International Cryptology Conference, pp. 293–308. Springer (2005)

  23. Kanter, I., Kinzel, W., Kanter, E.: Secure exchange of information by synchronization of neural networks. Europhys. Lett. (EPL) 57(1), 141–147 (2002)

    Article  Google Scholar 

  24. Karras, D., Zorkadis, V.: Strong pseudorandom bit sequence generators using neural network techniques and their evaluation for secure communications. In: McKay, B., Slaney, J. (eds.) AI 2002: Advances in Artificial Intelligence, pp. 615–626. Springer, Berlin (2002)

    Chapter  Google Scholar 

  25. Katz, J., Lindell, Y.: Introduction to Modern Cryptography. CRC Press, Boca Raton (2021)

    MATH  Google Scholar 

  26. Klimov, A., Mityagin, A., Shamir, A.: Analysis of neural cryptography. In: Zheng, Y. (ed.) Advances in Cryptology—ASIACRYPT 2002, pp. 288–298. Springer, Berlin (2002)

    Chapter  Google Scholar 

  27. Koch, G., Zemel, R., Salakhutdinov, R.: Siamese neural networks for one-shot image recognition. In: ICML Deep Learning Workshop, vol. 2. Lille (2015)

  28. Kotu, V., Deshpande, B.: Predictive Analytics and Data Mining: Concepts and Practice with Rapidminer. Morgan Kaufmann, Burlington (2014)

    Google Scholar 

  29. Orlandi, C., Piva, A., Barni, M.: Oblivious neural network computing via homomorphic encryption. EURASIP J. Inf. Secur. (037343) (2007)

  30. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: Emap: an efficient mutual-authentication protocol for low-cost RFID tags. In: OTM Confederated International Conferences “On the Move to Meaningful Internet Systems”, pp. 352–361. Springer (2006)

  31. Peris-Lopez, P., Hernandez-Castro, J.C., Estévez-Tapiador, J.M., Ribagorda, A.: Lmap: a real lightweight mutual authentication protocol for low-cost RFID tags. In: Proc. of 2nd Workshop on RFID Security, vol. 6 (2006)

  32. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M 2 ap: a minimalist mutual-authentication protocol for low-cost RFID tags. In: International Conference on Ubiquitous Intelligence and Computing, pp. 912–923. Springer (2006)

  33. Peris-Lopez, P., Hernandez-Castro, J.C., Tapiador, J.M., Ribagorda, A.: Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol. In: International Workshop on Information Security Applications, pp. 56–68. Springer (2008)

  34. Phan, R.C.W.: Cryptanalysis of a new ultralightweight RFID authentication protocol-SASI. IEEE Trans. Dependable Secure Comput. 6(4), 316–320 (2008)

    Article  Google Scholar 

  35. Pinkas, B.: Cryptographic techniques for privacy-preserving data mining. ACM Sigkdd Explor. Newsl. 4(2), 12–19 (2002). https://doi.org/10.1145/772862.772865

    Article  MathSciNet  Google Scholar 

  36. Rama, N., Suganya, R.: Ssl-map: a more secure gossamer-based mutual authentication protocol for passive RFID tags. Int. J. Comput. Sci. Eng. 2, 363–367 (2010)

    Google Scholar 

  37. Rivest, R.L.: Cryptography and machine learning. In: H. Imai, R.L. Rivest, T. Matsumoto (eds.) Advances in Cryptography—ASIACRYPT ’91, Lecture Notes in Computer Science, vol. 739, pp. 427–439. Springer

  38. Sun, H.M., Ting, W.C., Wang, K.H.: On the security of Chiens ultralightweight RFID authentication protocol. IEEE Trans. Dependable Secure Comput. 8(2), 315–317 (2009)

    Article  Google Scholar 

  39. Tagra, D., Rahman, M., Sampalli, S.: Technique for preventing dos attacks on RFID systems. In: SoftCOM 2010, 18th International Conference on Software, Telecommunications and Computer Networks, pp. 6–10. IEEE (2010)

  40. Van Deursen, T., Radomirovic, S.: Attacks on RFID protocols. IACR Cryptol. ePrint Arch. 2008(310), 1–56 (2008)

    Google Scholar 

  41. Vaudenay, S.: On privacy models for RFID. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 68–87. Springer (2007)

  42. Yeh, K.H., Lo, N.: Improvement of two lightweight RFID authentication protocols. Inf. Assur. Secur. Lett. 1(1), 6–11 (2010)

    Google Scholar 

Download references

Acknowledgements

We would like to thank Dr. Laura Zollo for helping us, in a preliminary version of this work, during her final-degree project for the Master Program in Computer Science (Laurea Magistrale in Informatica). Moreover, we are grateful to two anonymous referees for comments and suggestions, which helped us to significantly improve the quality of the paper.

Funding

Not applicable. This research has been carried out by the authors as part of their normal duties as professors/students.

Author information

Authors and Affiliations

  1. Dipartimento di Informatica, University of Salerno, 84080, Fisciano, SA, Italy

    P. D’Arco, R. De Prisco, Z. Ebadi Ansaroudi & R. Zaccagnino

Authors
  1. P. D’Arco
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. R. De Prisco
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Z. Ebadi Ansaroudi
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. R. Zaccagnino
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to R. De Prisco.

Ethics declarations

Conflict of interest/Competing interests.

The authors declare that there are no conflict of interest nor competing interests.

Research involving human participants and/or animals

This article does not contain any studies with human participants or animals performed by any of the authors.

Informed consent

Not applicable.

Code availability

Not applicable.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

D’Arco, P., De Prisco, R., Ansaroudi, Z.E. et al. Gossamer: weaknesses and performance. Int. J. Inf. Secur. 21, 669–687 (2022). https://doi.org/10.1007/s10207-021-00575-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-021-00575-2

Keywords