Practical security analysis and attack strategies on permutation functions used in IoT supply chain systems
Abstract The widespread adoption of IoT devices has made the production of low-cost systems a priority. Since construction costs are generally directly related to the complexity of security methods, researchers are exploring methods that provide acceptable security with minimal hardware complexity....
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Nature Portfolio
2025-05-01
|
| Series: | Scientific Reports |
| Subjects: | |
| Online Access: | https://doi.org/10.1038/s41598-025-01041-y |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Abstract The widespread adoption of IoT devices has made the production of low-cost systems a priority. Since construction costs are generally directly related to the complexity of security methods, researchers are exploring methods that provide acceptable security with minimal hardware complexity. One such method is the use of permutation functions in ultra-lightweight authentication protocols that employ simple operators such as XOR and Shift. This paper demonstrates the critical importance of the internal structure of a permutation function in ensuring system security. This implies that even if a protocol is designed securely and efficiently, structural weaknesses in the function can render the protocol vulnerable. To illustrate this, we examine a recently published protocol named ULBRAP for supply chain management systems and reveal its security flaws, including secret disclosure and traceability attacks. We also demonstrate the attack step-by-step on Raspberry Pi devices, publishing the details on GitHub and presenting them in a video. The attack method requires 1,710,947 hash calculations, which takes approximately 5 min in our experiments. Finally, we propose a solution to address the issues associated with these functions. |
|---|---|
| ISSN: | 2045-2322 |