Abstract—Two effective attacks, namely de-synchronizationattack and impersonation attack, against Ha et al. ’s LCSSRFID authentication protocol, Song and Mitchell’s protocolare identified. The former attack can break thesynchronization between the RFID reader and the tag in asingle protocol run so that they can not authenticate eachother in any following protocol run. The latter canimpersonate a legal tag to spoof the RFID reader byextracting the ID of a specific tag during the authenticationprocess. An impersonation attack against Chen et al.’s RFIDauthentication scheme is also identified. By sendingmalicious queries to the tag and collecting the responsemessages emitted by the tag, the attack allows an adversaryto extract the secret information from the tag and further toimpersonate the legal tag.
Index Terms—RFID, de-synchronization attack,Impersonation
Cite: Tianjie Cao, Peng Shen, and Elisa Bertino, "Cryptanalysis of Some RFID Authentication Protocols," Journal of Communications, vol. 3, no. 7, pp. 20-27, 2008.
Copyright © 2013-2020 Journal of Communications, All Rights Reserved