Home > Published Issues > 2008 > Volume 3, No. 7, December 2008 >

Cryptanalysis of Some RFID Authentication Protocols

Tianjie Cao1, Peng Shen1, and Elisa Bertino2
1. School of Computer, China University of Mining and Technology Sanhuannanlu, Xuzhou, Jiangsu, 221116, China National Mobile Communications Research Laboratory, Southeast University Sipailou No.2, Nanjing, Jiangsu, 210096, China
2. Purdue University, West Lafayette, IN 47907

Abstract—Two effective attacks, namely de-synchronizationattack and impersonation attack, against Ha et al. ’s LCSSRFID authentication protocol, Song and Mitchell’s protocolare identified. The former attack can break thesynchronization between the RFID reader and the tag in asingle protocol run so that they can not authenticate eachother in any following protocol run. The latter canimpersonate a legal tag to spoof the RFID reader byextracting the ID of a specific tag during the authenticationprocess. An impersonation attack against Chen et al.’s RFIDauthentication scheme is also identified. By sendingmalicious queries to the tag and collecting the responsemessages emitted by the tag, the attack allows an adversaryto extract the secret information from the tag and further toimpersonate the legal tag.

Index Terms—RFID, de-synchronization attack,Impersonation

Cite: Tianjie Cao, Peng Shen, and Elisa Bertino, "Cryptanalysis of Some RFID Authentication Protocols," Journal of Communications, vol. 3, no. 7, pp. 20-27, 2008.