Security analysis on a family of ultra-lightweight RFID authentication protocols
In this paper, we analyze the security vulnerabilities of a family of ultra-lightweight RFID mutual authentication protocols: LMAP, M2AP and EMAP, which are recently proposed by Peris-Lopez et al. We identify two effective attacks, namely de-synchronization attack and full-disclosure attack, against their protocols. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. It can be carried out in just single round of interaction in the authentication protocols. The latter completely compromises a tag by extracting all the secret information stored in the tag. It is accomplished across several runs of the protocols. Moreover, we point out the potential countermeasures to improve the security of above protocols.
RFID authentication, security and privacy, ultra-lightweight primitives
Information Security and Trust
Journal of Software
LI, Tieyan; WANG, Guilin; and DENG, Robert H..
Security analysis on a family of ultra-lightweight RFID authentication protocols. (2008). Journal of Software. 3, (3), 1-10. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/795